The AutoRun patch, KB 967715, is a mess @ AskWoody.com

The AutoRun patch, KB 967715, is a mess

Posted on March 10th, 2009 at 15:46 woody 15 comments

Last week, I warned you about installing the KB 967715 patch – the one that’s supposed to fix the AutoRun/AutoPlay stupidities that have allowed the Conficker worm to multiply. (Remember, this is the worm that has drawn a $250,000 bounty from Microsoft – and the folks at MS can’t even plug one of its simplest infection vectors.)

This week, Susan Bradley has analyzed the patch, and it’s a complete mess. She has posted instructions for fixing the AutoRun/AutoPlay debacle – manual instructions which you should follow after installing the KB 967715 patch, if you should be motivated to install the patch.

For now, I continue to recommend that you avoid the KB 967715 patch like the plague it is. Remember to hold down the Shift key when you stick a USB drive (or SD card) in your computer, and you’ll be safe. That isn’t a good permanent solution, but as a temporary stopgap, it works.

Windows Patches/Security Botched patch, KB 967715
15 responses to “The AutoRun patch, KB 967715, is a mess”
1. Bob Primak March 11th, 2009 at 13:14
  
  I downloaded the patch before your warning, and my Windows XP Pro SP3 laptop seems to be working just fine. Acronis True Image made a pair of successful image backups to a USB Hard drive, and they checked out just fine. For me, that is the Acid Test. But I understand that others may not have been as fortunate as I, so the warning about the patch is still warranted, I believe.
2. EP March 12th, 2009 at 04:15
  
  On the other hand, I use the TweakUI 2.10 powertoy for WinXP/2003 to disable autorun for just removable devices but keep autorun enabled for CD & DVD drives instead of installing the KB967715 Autorun XP patch.
  
  For those using WinXP or Win2003, install & run TweakUI 2.10, expand the “My Computer” branch from the TweakUI dialog box, then expand the “Autoplay” branch, click on Types and uncheck the box that says “Enable Autoplay for removable drives”, then click OK and restart the computer. If you also want to disable autoplay for CD/DVD drives, uncheck the box that says “Enable Autoplay for CD and DVD drives”, then click OK to save changes.
  
  The TweakUI method of shutting off Autorun/Autoplay is recommended for power users/advanced users who don’t like to fiddle around with the Registry Editor tool and screw things up.
3. Todd McKinney March 12th, 2009 at 20:10
  
  I have installed 967715 with no operating issues, but on certain machines the update appears to not have installed after reboot (return to MS update site reveals need to install same update). My tests have proven that a portion of a Roxio installation package has overwritten the key important to the installation of 967715. While installations that include things like Roxio Data, Roxio Audio, and Roxio Copy are OK, it is “Roxio DLA” which, if installed, will overwrite the key in question when the PC is rebooted. Uninstall “Roxio DLA” and the issue no longer remains. I’m not sure what DLA stands for yet (drive letter access?) but after uninstalling DLA I can still open the Roxio application and burn CDs, ISOs, and so on.
  
  The key in question is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, and it should have at least one value in there: HonorAutorunSetting, a dword value set to “1″ (hex or decimal). If you can’t set the policy using gpedit to turn off Autorun (XP Home doesn’t appear to have the tools), then add a value of type dword named “NoDriveTypeAutoRun” with the hex value of “ff” or decimal value of “255″, which would disable autorun on all types.
  
  With Roxio DLA installed, however, the above key, values and all, are replaced with Roxio’s own setting.
4. woody March 12th, 2009 at 20:31
  
  Brilliant sleuthing. Let me get this to Microsoft right away. Thanks!
5. EP March 13th, 2009 at 23:23
  
  Todd, DLA DOES stand for Drive Letter Access, which I have installed on my XP home ed. machine as I do use DLA-based CDRW discs. I installed Roxio DLA from Dell’s R113511 package but I don’t install any other Roxio programs.
6. Br1anstorm March 16th, 2009 at 08:32
  
  The various forum discussions about KB 967715 – and the variety of suggested solutions – are getting about as complex and confusing as the original problem. As a non-expert, I’m reluctant to mess with registry settings.
  
  I have XP Pro and I normally do custom Windows updates. I downloaded 967715, and it apparently installed. But when I next went to do an update, the Update website said it was downloaded but needed to be installed (again). It now does this each time I check for updates.
  
  Let me pose the questions in simple and logical terms:
  1) has this patch indeed been installed in my system?
  2) if so, why am I being asked to install it again?
  3) should I uninstall it (via Add/Remove Progs), and if so is it then possible to reinstall it and not get reminders?
  5) or should I do without it completely?
  6) or what else can I do to keep my system safe and up to date without risking a foul-up in the Registry?
7. michael March 29th, 2009 at 22:52
  
  Thank you. I “installed” 967717 6 or 7 times. Then I saw your post. I uninstalled Roxio, did the update, and reinstalled roxio. It seems that all works properly now, and I am not bothered with a so-called “new” update at every start up.
8. walter April 3rd, 2009 at 21:13
  
  If you choose to uninstall Roxio, How can you reinstall it if you don’t have the original disk?
9. Bill April 6th, 2009 at 07:47
  
  967715 is installing every time I hop on the net. I don’t have Roxio. Hmmm.
10. Marco April 9th, 2009 at 22:12
  
  Sorry to see so many people regard you as a authoritative figure.
  But in the land of the blind the one-eyed is king, I guess.
  This patch doesn’t do anything more then fixing the policy behavior of autorun (so you should install it!), it doesn’t change the autorun settings itself, so you will have to do that manually as Susan Bradley wrote down (she knows what she’s talking about).
  Yeah, holding the shift key down to prevent viruses from spreading is a good idea!
  But I agree that M$ is lax in not fixing this.
11. R1 April 22nd, 2009 at 05:43
  
  Was I ever sorry I installed this patch. There are a lot of different solutions out there that people are offering, but none of them are working for me. I guess I’m just going to have to get used of it.
12. Jenn May 6th, 2009 at 07:23
  
  This patch automatically downloaded and installed itself (and yes I have MS Auto Update turned off and somehow I still got it.. not happy at all about it!!). I have one of those little Acer Spire Ones’.. it’s not a bad cheap system, but after the computer restarted from this update, I got the black screen of death! Power and fan turn on, but nothing else. Just a plain black screen! So I trudged on to the desktop to google possible fixes, and apparently, the update/patch is killing a lot of these little Acers! Also, a few other systems. A friend of mine is a Page at the State Capitol, and it killed 9 of their Notebooks this week! A BIOS fix is the only thing that seems to cute it. Bad Microsoft!
13. Tim December 4th, 2009 at 09:13
  
  I have a Toshiba Satellite laptop and I have tried every fix and I do not have Roxio software and it still wants to update this patch everytime I boot up. I’d rather just uninstall all MS software and install Apple software if it was possible.
14. Suresh Keswani March 14th, 2010 at 15:14
  
  I have windows XP Pro installed on desktop PC. It installed all the updates except KB967715. 10 times i tried to install through microsoft windows update site. Everytime it says ” failed to install”. Whats wrong? I believe others are also having the same problem. Roxio is not installed, but Nero CD burning software is installed. My all USB drive load automatically. Whats wrong?
15. woody March 14th, 2010 at 20:37
  
  Suresh -
  
  Check out http://aumha.net/viewtopic.php?f=62&t=38665
Leave a reply

Name (required)

Mail (will not be published) (required)

Website