Jump to content

Microsoft fix kills Windows Gadgets, warns it could lead to PC hijacks

ShyWriter

By ShyWriter
in General Chat

 Share

Recommended Posts

ShyWriter

ShyWriter

Posted
Posted

.

screenhunter02may311743.jpg

Microsoft fix kills Windows Gadgets, warns it could lead to PC hijacks

The company said the feature could lead to remote code-execution attacks.

by Dan Goodin - Jul 12, 2012 12:00 am UTC

Microsoft has warned that a Gadgets feature included in Vista and later versions of Windows could allow attackers to hijack end-user machines and has taken the unusual step of issuing a temporary update that allows it to be completely disabled.

"An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user," company officials said in an advisory issued Tuesday. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system." To be successful, they added, "An attacker would have to convince a user to install and enable a vulnerable Gadget."

Microsoft added the Gadgets feature and an accompanying Sidebar to Windows Vista in hopes of matching the success Apple had with a similar feature called Dashboard, which is included in Mac OS X. It allows end users to add clocks, stock tickers, and other small apps to their desktops. A few weeks ago, Microsoft pulled the plug on its official Gadgets gallery. The page now includes a warning that says, "Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."

An accompanying Fix-it, which users are free to use or ignore, is described as a "workaround" and completely disables the Windows Sidebar and Gadgets.

Microsoft didn't elaborate on the vulnerability or its long-term plans for Gadgets. Tuesday's advisory thanked "Mickey Shkatov and Toby Kohlenberg for working with us on Gadget vulnerabilities." The researchers are scheduled to deliver a presentation on July 26 at the Black Hat security conference in Las Vegas titled "We Have You by the Gadgets."

SOURCE: http://arstechnica.c...windows-gadgets

Steve

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.