Downadup / Conficker and Disabling Autorun

Just a quick heads up related to disabling Autorun to protect against Downadup / Conficker. While the worm continues to spread and receive more media coverage, IT personnel are working to make sure their systems are protected. One of several ways this worm spreads is by taking advantage of the Autorun feature in Windows systems. Disabling this feature via Group Policy is a logical decision, but it turns out it may not actually work like it should.

Disabling Autorun via GPO currently only disables Autoplay on media insert. However, if there is an Autorun.inf file present on a CD, USB, or network drive, the program will still run when double clicking that drive in Windows Explorer. This vulnerability was announced by the U.S. CERT team on January 20, and later updated to provide patch details from Microsoft. Follow the links below for full details on the problem and where to get the patch.

US-CERT Alert
Microsoft KB953252
UPDATE: Microsoft released KB967715 on March 10 to address this autorun problem in all versions of Windows.

Advertisements

One Response

  1. Not only can this virus disrupt your PC, since it can disable your ability to connect to software update sites it leaves you vulnerable to even more malware. You need to do more than simply disable Autorun if you already have this virus! Tools and links to help fix are available at http://www.downadup.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: