Microsoft appears to be winning a major battle against autorun malware.

A blog post this week by Microsoft's Malware Protection Center said the company discovered 1.3 million fewer infections on Windows Vista and XP caused by autorun malware from mid-February to mid-May, compared with the three months prior.

A persistent security threat for the past several years, autorun malware typically spreads through flash drives, memory cards, and other external devices courtesy of Microsoft's autorun feature, which automatically executes a command when the device is plugged in.

Autorun has been a trigger for some of the "top families" of malware, including Conficker, Rimecud, and Taterf, according to Microsoft.

In February, Microsoft started pushing out updates for Windows XP and Vista to lock down the autorun feature. The company had already rolled out a similar update for the release candidate of Windows 7 early in 2009.

Following the updates to XP and Vista, Microsoft said it started seeing a drop in the number of autorun-based infections. In May, there were 59 percent fewer infections on XP and 74 percent fewer on Vista, compared with May 2010. Infections in versions of Windows with the latest service packs, such as Windows XP SP3 and Windows Vista SP1 and SP2, showed even greater declines.

The year-over-year rates for Windows 7 stayed about the same because it already had autorun lockdown in place. They also remained similar for Windows XP SP2, which didn't get the update because Microsoft no longer supports it.

Overall, the company said, the number of infections found across all operating systems by Microsoft in May had dropped by 68 percent compared with the 2010 numbers.

Of course, the larger war against malware continues to rage, but the battle against autorun infections seems to have scored a victory, according to Microsoft.

"Abusing Autorun was only one trick up their [the malware writers'] collective sleeve," Microsoft said in its blog. "However, judging by the numbers in our data, it was a lucrative one."