Homeland Secure IT Alert for Thursday, February 23, 2011
Microsoft has released Security Advisory 967940, titled “Update for Windows Autorun”, and it covers an issue that has long plagued Microsoft Windows Operating Systems. When you insert a USB flash drive, or USB hard drive, Windows has attempted to treat them like CD/DVD material and perform an autorun on it. While most IT professionals and tech savvy individuals have disabled that feature, and anti-virus developers such as Trend Micro have provided an option to disable that function, as gaping hole has been there for everyone else.
How has it affected people? Many ways, from a person inserting their USB flash drive from home into a business computer and the autorun functionality automatically installing the malware that was on the home system directly onto a network computer, creating a huge network security issue, down to malicious people dropping a flash drive containing malicious software on it in the parking lot of a large company they wanted access to. This resulted in workers at said company picking up the flash drive and inserting it into a computer on the corporate network in an attempt to see what was on it or find the owner to return it, and unknowingly permit software that would allow remote access to the network.
So, finally, after years of this, Microsoft has addressed it!
Microsoft has also published MS10-077, a revision to a bulletin posted in 2010 for a change to the Microsoft .NET Framework 4.0 update package. And MS10-070, which is yet another revision to .NET Framework 4.0. These are labeled “Critical” and “Important”, respectively.
Keep your systems up to date, and be sure you have current anti-virus… We recommend and sell Trend Micro Worry-Free Business Security and Titanium. In Greenville / Upstate, SC please call 864.990.4748 or email firstname.lastname@example.org for more information…