You will find this CVE-2009-0243 in many Windows systems in your organisation.
AutoPlay is a Windows feature that allows you to choose which program to use to start different kinds of media, such as music CDs, or CDs and DVDs containing photos. For example, if you have more than one media player installed on your computer, AutoPlay will ask which media player you want to use when you try to play a music CD for the first time. You can change AutoPlay settings for each media type.
You will find this CVE-2009-0243 in many Windows systems in your organisation.
Microsoft does not properly enforce the Autorun and NoDriveTypeAutoRun registry values in Windows systems, which allows physically adjacent attackers to execute arbitrary code by:
- Inserting CD-ROM
- Inserting DVD
- Connecting a Flash drive
- Connecting a Firewire device
- Allows user-assisted remote attackers to execute arbitrary code by mapping a shared drive.
The fix is simple for this:
Make the following changes to fix the vulnerability:
- Start Registry Editor run as admin (Regedit.msc)
- Make sure that the 255 value NoDriveTypeAutoRun is defined under this registry key: “HKU\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”
- Disable autoplay from any disk type by editing the value NoDriveTypeAutoRun to 255 for this registry key: “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”
Possible Value of autorun type as below :
- 0x00000091 enable autorun for CD/DVD and floppy/USB disks (Windows XP default)
- 0x00000095 disable autorun for floppy/USB disks (Windows 2003 default)
- 0x000000b1 disable autorun for CD/DVD
- 0x000000b5 disable autorun for CD/DVD and floppy/USB flash disks
- 0x000000ff disable all available autoruns (we use this, we have added 255 in numeric which is the same as this)
Check out more about Intune & I have a specific section for Windows troubleshooting I hope you will like to explore.
Always check the Microsoft Learn website for new study programmes.