Microsoft fix-it to disable gadgets - SA 2719662
Microsoft Security Advisory 2719662 announces the availability of a fix-it to disable windows sidebar and gadgets. The threat seems to be insecure gadgets that allow random code to be executed with the rights of the logged on user.
See:
The fix-it disables the sidebar and gadgets.
--
Swa Frantzen -- Section 66
×
Diary Archives
Comments
Anonymous
Jul 10th 2012
1 decade ago
Gadgets in the sidebar are typically just scripting-enabled html and are no longer part of Windows 8. Microsoft stopped distributing new Gadgets some time ago, which sent users to other sites. If a user wants a function that is currently provided by a Gadget and the user can no longer use Gadgets, then that user will download and install 3rd party software that provides that function. That 3rd party software will allow code to be executed with the rights of the logged on user. Per MS' security advisory "Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time." That applies to pretty much all software installed from untrusted sources... but MS is no longer serving as a "trusted source" for Gadgets.
yvesk
Jul 11th 2012
1 decade ago
Anonymous
Jul 11th 2012
1 decade ago
A potential compromise I would like to investigate for environments where gadgets are in use is to apply the GPO to disable the installation of unsigned gadgets until more information is available.
adam
Jul 12th 2012
1 decade ago
http://www.theregister.co.uk/2012/07/11/disable_stupid_gadgets_says_microsoft/
"Microsoft has advised Vista and Windows 7 users to put Gadgets and the Windows Sidebar to the sword, following the revelation of yet-to-be-detailed remote code execution vulnerabilities in the features.
Redmond issued this advisory ahead of an upcoming Black Hat presentation by Mickey Shkatov and Toby Kohlenberg. The two have promised to reveal “interesting attack vectors†in a presentation called “We Have You By The Gadgetsâ€."
Joe
Jul 12th 2012
1 decade ago
Joe
Jul 12th 2012
1 decade ago