Rapid7 Vulnerability & Exploit Database

Microsoft KB967940: Correct "Disable Autorun Registry Key" Enforcement

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Microsoft KB967940: Correct "Disable Autorun Registry Key" Enforcement

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

05/01/2008

Created

07/25/2018

Added

01/28/2009

Modified

09/11/2015

Description

Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. However the Autorun and NoDriveTypeAutorun registry values are both ineffective for fully disabling AutoRun capabilities. After setting the registry keys to disable these features, the AutoRun capabilities, the Double Click feature, and the Contextual Menu feature continue to function as if they were not set, which could be considered a vulnerability.

Solution(s)

fix-windows-correct-autorun-disable

References

https://attackerkb.com/topics/cve-2008-0951
28360
889747
CVE - 2008-0951
MS08-038
950582
953252
967715
967940
971029
41349

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft KB967940: Correct "Disable Autorun Registry Key" Enforcement

Microsoft KB967940: Correct "Disable Autorun Registry Key" Enforcement

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.