cancel
Showing results for 
Search instead for 
Did you mean: 

Warning about insecure gadgets etc

Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Warning about insecure gadgets etc

http://technet.microsoft.com/en-us/security/advisory/2719662
Quote
Executive Summary
Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.
An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applying the automated Microsoft Fix It solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality.
Recommendation. Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Fix It solution as soon as possible. For more information, see the Suggested Actions section of this advisory.
5 REPLIES 5
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Warning about insecure gadgets etc

Is this topical, Oldjim?  Any software you download and install on your computer could turn out to be malicious and that applies to Sidebar Apps and Gadgets as much as anything else.  Why start worrying about it now?
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Warning about insecure gadgets etc

The way I read the Advisory, it implies there is some additional/different vulnerability with the Sidebar. Good idea to alert people, their choice what to do.
kmilburn
Grafter
Posts: 911
Thanks: 6
Registered: ‎30-07-2007

Re: Warning about insecure gadgets etc

Definately topical...  Microsoft themselves no longer host any Gadgets for Vista and Windows 7,  leaving the only third party sources.
Disable Gadgets NOW says Redmond
Quote
Microsoft has advised Vista and Windows 7 users to put Gadgets and the Windows Sidebar to the sword, following the revelation of yet-to-be-detailed remote code execution vulnerabilities in the features.

Quote
The unloved Sidebar feature for Gadgets was killed off in Windows 8, as was the Windows Live Gallery used to access Gadgets from the desktop


ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Warning about insecure gadgets etc

Windows 8 doesn't have gadgets but it has Apps.  Surely if Microsoft cannot or will not vet Gadgets it's not going to be able to do better with Apps.
zedingrove
Grafter
Posts: 293
Registered: ‎18-06-2012

Re: Warning about insecure gadgets etc

So now you have me concerned how the frack do you uninstall them?
I can stop them, close them but fracking uninstall them....