Re: Yet Another Security Hole
Well Micros~1 could disable auto-run from USB sticks as the default.
Auto-run only being active for identified USB sticks (e.g. using some hash on the auto-run command) after it was authorized once after acknowledging a security warning would stop a lot of attacks on users not aware of this attack vector.
A trade off between security and convenience - what will win?