The following lines were added (+) and removed (-):
=== Additional Security and Support ===CERT ADVISORY 14 Apr 2009: VU#889747: [https://www.kb.cert.org/vuls/id/889747 Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value]. This issue is addressed for Windows Vista and Server 2008 systems in Microsoft Security Bulletin [http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx MS08-038]. This update corrects the behavior of NoDriveTypeAutoRun on those platforms. Windows 2000, XP, and Server 2003 users should install the update in Microsoft Support Document [http://support.microsoft.com/kb/967715 KB967715]. From that advisory: With limited testing, it appears to be possible to disable AutoRun and AutoPlay on Microsoft Windows systems by saving the following text as a .REG file and importing it into the registry: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] @="@SYS:DoesNotExist"This registry value appears to prevent windows from parsing and taking actions based on the Autorun.inf file, which both AutoRun and AutoPlay utilize. Note that Windows can cache AutoRun capabilities of devices via the MountPoints2 registry key, though. So even after disabling AutoRun as described above, Windows may still automatically execute files on devices that Windows has listed in this cache. For this reason, we also recommend removing this cache by deleting the MountPoints2 registry key for each user: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2