Autorun was a handy feature for making it more convenient to play CDs, but as with all good things, the bad guys found a way to abuse it. Malware authors have been writing malicious code to take advantage of autorun to automatically run their malware and infect systems that had it enabled. Consequently, Microsoft disabled it in Windows 7 but it was still turned on by default in older operating systems, so this continued to be a problem. Microsoft’s response was to release an update in February that locks down the autorun feature on XP and Vista machines, too. Infection rates for those machines dropped dramatically. This is very good news for those organizations that haven’t yet upgraded to Windows 7 on the desktop.
You can read more in the Microsoft Malware Protection Center (MMPC) blog on TechNet:
http://blogs.technet.com/b/mmpc/archive/2011/06/14/autorun-abusing-malware-where-are-they-now.aspx