So, this would indicate that some parts of autorun.inf are still indeed processed by Windows 7 upon insertion of any removable media.
There is a patch available, KB971029 for Windows XP and later, that will change AutoRun functionality to this behaviour. Thus only CD and DVD media types can specify an AutoRun task or affect double-click and right-click behaviour. Any other keys in this section will be ignored. And a bit scary.įor all drive types, except DRIVE_CDROM, the only keys available in the section are label and icon. To my knowledge, there is no currently published exploit which does so, but it would be implausible that all that code is bug-free.Īs a side note, what looks like a plain USB stick may, internally, behave quite differently, and (for instance) show itself as a keyboard to the OS - and begin "typing" immediately. Hence, while the current state of affairs on Windows is that the OS will not by design run malicious code automatically, it may still do it by mistake. Any phase of that process could have exploitable bugs, and indeed numerous examples of these have historically occurred (for instance, the PS3 Jailbreak from last year is a USB device which, internally, announces itself as a hub of four devices, one of which rambling incoherently on the USB bus in such a way that it triggers a buffer overflow in the OS USB driver). Depending on what files were found and their name, the OS will suggest a choice of actions to the user (that's the popup you see). Then, if the device says that it is a kind of disk, the OS will look for a filesystem on it, then mount it, and explore some of the files. The OS first talks to the USB device to know what kind of device it is and what it can do. When you plug a USB key in, a considerable amount of things happen.
0 kommentar(er)
