[19258] in bugtraq
Re: AUTORUN Vul still work.
daemon@ATHENA.MIT.EDU (Jesper M. Johansson)
Fri Feb 16 13:05:51 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001a01c09827$73bda9d0$a800a8c0@yggdrasil.bu.edu>
Date: Fri, 16 Feb 2001 09:47:56 -0500
Reply-To: "Jesper M. Johansson" <jjohanss@BU.EDU>
From: "Jesper M. Johansson" <jjohanss@BU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A8A549B.45AA3319@secunet.com.br>
>Step by Step:
>1 - find a admin's mount point(a.k.a. home directory);
>2 - place the autorun.inf and autorun2.exe on there;
Are you saying that I, as an unprivileged user, has write permissions to the
Administrator's home directory? If that is the case, there are a lot more
fun things I can do than this.
That's not to say that this is not an issue. It is, and it has been known
and discussed for at least two years. MS does not seem to consider it a real
serious problem because "administrators should not be mapping shares that
ordinary users have write privilege to anyway." If that, rather
unreasonable, assumption holds, then this is not a problem. In most cases,
this is simply expected behavior, and it is up to us, as responsible admins,
to work around it.
To do so, use Group Policy if you have a Win2K domain. It is under Computer
Configuration if you want to disable it for all users on a specific machine,
under User Configuration otherwise. Then go to Administrative
Templates:System:Disable Autoplay. Set it to disable autoplay for all drives
in a policy that is applied to all Administrators.
If you don't have a Win2K domain set this key:
Hive: HKLM if you want to apply it to all users on a system, HKCU if you
only want to apply it to some users
Key: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoDriveTypeAutoRun
Data 0xFF
Jesper M. Johansson
