A recent surge in attacks (notably the conficker worm) is using a capability known as "autorun" to travel from removable media to system and onward.

As a safety precaution, we intend to disable the "autorun" functionality on CAT supported Windows systems.

Users will note that USB sticks and data CDs or DVDs with autorun configured may not automatically fire up an application when they are inserted.  It will be necessary to first Open (using Windows Explorer) the removable media and consciously click "Autorun" if you want the media to perform that action.

This should not affect audio CDs and video DVDs from playing

Details on some of these attacks can be found at:

http://technet.microsoft.com/en-us/magazine/2008.01.securitywatch.aspx

http://isc.sans.org/diary.html?storyid=5695

If you have any questions, please contact: support@cat.pdx.edu