Microsoft advises disabling Windows Gadgets amid vulnerability fears
In a post on the Microsoft Security Response Center (MSRC) blog, the company says that, as some Gadgets "don't adhere to secure coding practices", they can pose a potentially serious risk to users' systems. These vulnerable or malicious Gadgets could be used by an attacker to inject and execute malicious code to compromise a victim's system.
The advisory comes just two weeks ahead of a planned presentation that will be given at this year's Black Hat information security conference, which will take place on 25 and 26 July in Las Vegas. In the presentation, security specialists Mickey Shkatov and Toby Kohlenberg will talk about how the Windows Gadget Platform can be exploited, and describe their research into creating malicious apps as well as using flaws in legitimate apps as attack vectors.
In the upcoming release of Windows 8, expected to arrive in the autumn, the Sidebar and Gadgets will be deprecated and no longer supported as Microsoft shifts its focus to Metro style apps for the Metro UI. Ahead of the release of Windows 8 and because of these concerns, Microsoft has now taken down the Desktop Gadgets Gallery. In a Knowledge Base Article, the company has provided a Fix it tool that disables the Windows Sidebar and all Gadget functionality in Windows.
- Vulnerabilities in Gadgets Could Allow Remote Code Execution, security advisory from Microsoft.
- Microsoft patches a critical hole in XML Core Services, a report from The H.