Sign in with
Sign up | Sign in

Microsoft Urging Customers To Disable Windows Gadgets

By - Source: Microsoft | B 75 comments

In a security advisory released on Tuesday, Microsoft announced that it has released a fix that will disable the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. While many end-users may pout that they can no longer play virtual piano or giggle at their kitty cat clock, Microsoft insists it's in everyone's best interest, as vulnerabilities have been discovered that will allow remote code execution.

"Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets," Microsoft reports. "In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."

Microsoft warns that if an attacker successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system," the company adds. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

The advisory arrives just two weeks prior to Black Hat where Mickey Shkatov and Toby Kohlenberg are scheduled to present research on Windows Gadget flaws and exploits. As the warning indicates, Microsoft has acknowledged the problem, but the company has yet to detail the vulnerability, pushing users to ditch their favorite desktop Gadgets.

Taking place on July 26, the presentation will be called "We Have You By The Gadgets" and will note "a number of interesting attack vectors" discovered in Gadgets. "We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets," the presentation's description states.

News of the Gadget exploit arrives after a recent internal build of Windows 8 -- 844x -- revealed to contain no references to desktop Gadgets in the control panel or desktop mode. Currently Gadgets are supported in Windows 8 Consumer and Release Preview editions. Microsoft also recently cleaned "Gadget house" online, as the company now offers a "Greatest Hits" collection of 29 internal and 3rd-party developed Gadgets.

"Because we want to focus on the exciting possibilities of the newest version of Windows, Microsoft no longer supports uploading new Gadgets. But that doesn't mean you can't still get Gadgets. The most popular and highest-rated gadgets are still available on this page," the Gadget page officially reads towards the bottom.

Desktop Gadgets have been around since the launch of Windows Vista, and have proved to be quite useful and entertaining. They were originally required to be docked (or contained) within a special sidebar in Windows Vista. Visually this feature was removed in Windows 7, allowing Gadgets to float on the desktop or be attached to the left or right side of the screen. However all Gadgets are still owned by the sidebar.exe process, as seen in the Process tab of Windows Task Manager.

But now it seems that desktop Gadgets will experience an early death before the arrival of Windows 8. For more information about disabling the Windows Sidebar and Gadgets, read Security Advisory 2719552 here.

Discuss
Display all 75 comments.
This thread is closed for comments
Top Comments
  • 26 Hide
    badaxe2 , July 12, 2012 2:29 AM
    It's almost like they had this discussion in a board room meeting:


    Suit A: "So, we want less gadgets in Windows 8. Hell, we really don't want any. Capiche?"

    Suit B: "The people aren't gonna like that."

    Suit A: "Hmmm...true....well, lets just release a 'security' warning about how 'unsafe' they are."

    Suit B: "I like they way you think, sir."

    Suit A: "I know."
  • 26 Hide
    A Bad Day , July 12, 2012 2:15 AM
    Rick_CriswellMost toolbars,gadgets,free add-ons etc are considered trojans. They do offer their basic function but underneath most track everything you do on the internet and reports it back to the publisher.


    I agre-

    Oh look, a smiley face cursor! Hmm, it requires a 50 MB download. Meh, I want it anyways!
  • 25 Hide
    badaxe2 , July 12, 2012 2:25 AM
    Does this have anything to do with their recent chopping of Gadget support in Win 8?
Other Comments
  • 4 Hide
    leaderWON , July 12, 2012 1:40 AM
    people use these?
  • 25 Hide
    Unolocogringo , July 12, 2012 1:50 AM
    Most toolbars,gadgets,free add-ons etc are considered trojans.
    They do offer their basic function but underneath most track everything you do on the internet and reports it back to the publisher.
  • -5 Hide
    dameon51 , July 12, 2012 1:57 AM
    I really like the Google sidebar. i would rather use the windows once since its built it, but it doesn't have as many widgets/gadgets.
  • 26 Hide
    A Bad Day , July 12, 2012 2:15 AM
    Rick_CriswellMost toolbars,gadgets,free add-ons etc are considered trojans. They do offer their basic function but underneath most track everything you do on the internet and reports it back to the publisher.


    I agre-

    Oh look, a smiley face cursor! Hmm, it requires a 50 MB download. Meh, I want it anyways!
  • 13 Hide
    ashinms , July 12, 2012 2:17 AM
    If someone took over my computer and started doing stuff on it the first thing I would do is pull the chord...
  • 19 Hide
    balister , July 12, 2012 2:18 AM
    leaderWONpeople use these?


    Some of them are kind of handy. I run the MS CPU/Memory gadget so I can know what's going on at any given time with CPU and Memory resources without having to go to Task Manager. I also run the MS Weather gadget that can be configured to show the predicted weather for the next few days coming up. So yes, there's a couple useful ones, but most are not.
  • 25 Hide
    badaxe2 , July 12, 2012 2:25 AM
    Does this have anything to do with their recent chopping of Gadget support in Win 8?
  • 7 Hide
    jrharbort , July 12, 2012 2:27 AM
    There's always alternatives. Gotta love rainmeter.
  • 22 Hide
    halcyon , July 12, 2012 2:28 AM
    Wait, wait. Microsoft creates "gadgets" to copy the feature-set/functionality of OS X' widgets. Promotes the feature and now is turning around and telling us to stop using the feature because its a significant security threat? You. Have. Got. To. Be. Frick'n. Kidd'n. Me. ...right? As an OS X user I admit, I like Windows' gadgets and I believe the appropriate thing for MS to do is to FIX the frick'n security hole. How 'bout that, eh?! No, no. "If you buy our new Windows H8te OS you're good-to-go". I call bullsh*t. Fix it MS.

    Next they'll be advising not to use the desktop or screen-savers because a security hole was found.

    I really hope I mis-read the article in my skimming of it. If this was Apple the haters would be cumming all over themselves in self-righteous glee.

    Frick'n disqusting.
  • 26 Hide
    badaxe2 , July 12, 2012 2:29 AM
    It's almost like they had this discussion in a board room meeting:


    Suit A: "So, we want less gadgets in Windows 8. Hell, we really don't want any. Capiche?"

    Suit B: "The people aren't gonna like that."

    Suit A: "Hmmm...true....well, lets just release a 'security' warning about how 'unsafe' they are."

    Suit B: "I like they way you think, sir."

    Suit A: "I know."
  • 14 Hide
    faster23rd , July 12, 2012 2:38 AM
    Well, the notepad, and it's numerous size iterations, along with a sleek black CPU/GPU meter, are my reasons why I object to this. Some gadgets let me organize my desktop while others let me view vital information in a peek. Still, if Microsoft goes ahead with its plans, the only thing I could issue is a stern-worded condemnation. CONDEMN! There, I'm done here.
  • 0 Hide
    MarioJP , July 12, 2012 2:39 AM
    I don't know what you people are complaining about but I might have to agree on this one. I had a system gadget installed to monitor my system but for some odd reason the network activity light would just go crazy on the router. I look at the sent/receive status on network properties of windows i see unusual spike in the amount of packets being sent and received. For the lights of me i couldn't figure what that was. I scanned for viruses checked online but no answers. So next thing i started to do is start end task programs . Eventually ended a program that stopped the surge. so i retraced my step and yep it was that stupid sidebar.exe. and i traced to what gadget was causing this yep it was that stupid monitor third party gadget. So yes these nice looking gadget opens a back door to your system!.
  • 6 Hide
    halcyon , July 12, 2012 2:40 AM
    Quote:
    Some of them are kind of handy. I run the MS CPU/Memory gadget so I can know what's going on at any given time with CPU and Memory resources without having to go to Task Manager. I also run the MS Weather gadget that can be configured to show the predicted weather for the next few days coming up. So yes, there's a couple useful ones, but most are not.


    These are the exact gadgets I use as well, along with another that displays network traffic. They seem useful to me.
  • 13 Hide
    brickman , July 12, 2012 2:41 AM
    Disabled it the 1st time I used windows 7. No love lost, but no love will be given to the mistake of so called Windows 8.

  • 14 Hide
    PhilFrisbie , July 12, 2012 2:41 AM
    badaxe2Does this have anything to do with their recent chopping of Gadget support in Win 8?

    That would be my guess. . .Get the people convinced it is bad and that they do not need the feature anyway, that was they will not miss it. Next watch MS try to tell us the START menu is bad and is open to security issues ;) 
  • -9 Hide
    MarioJP , July 12, 2012 2:49 AM
    And then you guys wonder Windows is not "secure" ok which one is going to be A back door gadgets or really keeping your system secure?
  • 11 Hide
    randomizer , July 12, 2012 2:58 AM
    Why is this any different to other Windows security flaws that get patched? I don't see Microsoft disabling Office when it has a security vulnerability, so why are they taking the shortcut approach this time?
  • -1 Hide
    halcyon , July 12, 2012 2:59 AM
    Perhaps OSX' widgets are equally dangerous or even more-so but there's so few of us Apple sheep that its not relevant? I'll entertain that. ...worth a little research.
  • 1 Hide
    bspatial , July 12, 2012 3:00 AM
    I invite all the Trojans to come to my computer. My antivirus made in China, designed in Russia will guarantee these intruders epic failure. LOL!
  • 8 Hide
    CaedenV , July 12, 2012 3:16 AM
    ashinmsIf someone took over my computer and started doing stuff on it the first thing I would do is pull the chord...

    you would never know they were there. It's not like your mouse would move, or that windows would open without you doing things. They would get in, copy everything, and get out entirely without notice, and the only proof you would have is the credit card bill at the end of the month.
Display more comments