Microsoft has finally taken a huge step forward in order to put a check on Malicious tools which have actively used the Autorun facility to manifest themselves on the computers of millions of users. Most viruses create an Autorun.inf file in removable media ( CD - ROM / USB Drives ) in order to spread on to other computers. Microsoft had already disabled Autorun for removable media on Windows 7.
Now Microsoft has released an update (KB 967940) which will turn off the Autorun facility on Windows XP, Vista and Windows 2000 too. This is an optional update and you can choose this update manually in order to install it. Here is what a Microsoft engineer has to say about the "Turn-Off Autorun" update:
We're marking this as an "Important, non-security update." It may seem a little odd to call this a "non-security update," especially since we're delivering it alongside our February bulletins. But at Microsoft we reserve the term "Security Update" to mean "a broadly released fix for a product-specific security-related vulnerability." And it would be odd to refer to Autorun as avulnerability.
That term is generally used, and we use it, to mean accidental functionality that allows someone to violate the security of the system. But Autorun isn't an accident -- it's by design, and as I mentioned we care about the very real positive uses of the feature. In other words, in a very real sense, it's not a bug, it's a feature, and we documented it as such.