Microsoft Windows Vista NoDriveTypeAutoRun weak security

win-vista-nodrivetypeautorun-weak-security (41349) The risk level is classified as LowLow Risk

Description:

Microsoft Windows Vista could provide weaker than expected security. The NoDriveTypeAutoRun registry value fails to properly restrict AutoPlay functionality. By persuading a victim to insert malicious media or devices, a local attacker could exploit this vulnerability to execute arbitrary code on the system.

Platforms Affected:

  • Microsoft, Windows 2008 Itanium
  • Microsoft, Windows 2008 x64
  • Microsoft, Windows 2008 32-bit
  • Microsoft, Windows Vista SP1
  • Microsoft, Windows Vista x64
  • Microsoft, Windows Vista
  • Microsoft, Windows Vista SP1 x64

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-038. See References.

Consequences:

Other

References:

  • Microsoft Security Bulletin MS08-038, Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) at http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx.
  • NORTEL BULLETIN ID: 2008008958, Rev 1, Centrex IP Client Manager (CICM) response to Microsoft July security bulletin at http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=745165.
  • BID-28360: Microsoft Windows NoDriveTypeAutoRun Automatic File Execution Vulnerability
  • CVE-2008-0951: Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
  • FrSIRT/ADV-2008-0954: Microsoft Windows Vista AutoRun Security Bypass Weakness
  • SA29458: Windows Vista "NoDriveTypeAutoRun" Security Issue
  • SECTRACK ID: 1020446: Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code
  • US-CERT VU#889747: Windows Vista fails to properly handle the NoDriveTypeAutoRun registry value

Reported:

Mar 20, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page