---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Windows Vista "NoDriveTypeAutoRun" Security Issue SECUNIA ADVISORY ID: SA29458 VERIFY ADVISORY: http://secunia.com/advisories/29458/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: Microsoft Windows Vista http://secunia.com/product/13223/ DESCRIPTION: CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings. AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted. According to Microsoft, this feature can be disabled for all drives by setting the value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun" registry key to "0xFF". However, as Windows Vista fails to properly handle the mentioned registry key, this may still result in programs being executed automatically when a media is inserted even with the registry key value set to "0xFF". Successful exploitation may result in execution of arbitrary code, but requires physical access to a vulnerable system or that a user is tricked into inserting a malicious media (e.g. USB device). SOLUTION: Restrict access to affected systems. Do not insert any untrusted media even with the registry key value set to disable AutoPlay for all drives. PROVIDED AND/OR DISCOVERED BY: Will Dormann and Jeff Gennari, CERT/CC. ORIGINAL ADVISORY: US-CERT VU#889747: http://www.kb.cert.org/vuls/id/889747 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------