Last week, Microsoft released a security patch that disables the ‘AutoRun’ function for USB drives and other forms of removable media for the Windows 2000, XP, and Vista operating systems.  This patch is a long-awaited response to virus and malware attacks that exploit the ‘AutoRun’ function of these operating systems to automatically execute malicious code upon insertion of the removable drive.  In Microsoft’s more current desktop operating systems like Windows 7, the ‘AutoRun’ setting for these devices is disabled by default.  However, it is important to note that the ‘AutoRun’ function is still supported on CDs and DVDs  through ‘AutoPlay’ for all of Microsoft’s desktop operating systems.  Therefore, the threat of virus and malware attacks that exploit ‘AutoRun’ is still present in these types of media.

GraVoc Associates, Inc. is based in Peabody, MA, and its information security practice has been serving customers in the financial services industry for over ten years in the areas of risk management, IT assurance, and audit.  GraVoc also offers solutions in the practices of IT and network services, information systems, media production, and professional services.  For more information about GraVoc, please visit