As I was monitoring the feed from my local CERT this little titbit caught my eye. It is about how, in my opinion, Microsoft is doing the right thing.
What has happend is that Microsoft has changed the way that autorun is executed, thereby stopping malware from exploiting the USB key to spread itself. The change is that thee have disabled autorun for everything but CD and DVD. DK-CERT bullitin (Danish).
Microsoft Malware Protection Center has done an analysis on this vulnerability that was fixed in February 2011 with the windows update. The reason for the fix is that during the last half of the year 2010 there was an increase in malicious code using the autorun.inf to infect systems. The MMPC did the analysis on data reported from Microsoft security products. They says that in the period of January 2011(pre fix) and May 2011 (post fix) the saw a drop in exploitations using the autorun from 59% on windows XP and a fall by 74% on Windows Vista.