Windows Vista fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Vista from effectively disabling AutoRun and AutoPlay features. The risk is MEDIUM. Windows VIsta may have some AutoPlay enabled, even though the Group Policy Editor and associated registry values indicate otherwise. This may allow an attacker to cause a user to inadvertently execute arbitrary code on a removable device, such as a USB drive.