Microsoft has issued a security advisory, and encouraged users of Windows Vista and Windows 7 to disable the Windows Sidebar and associated gadgets. The move comes just before a scheduled talk at BlackHat this month, where researchers will explore the types of flaws that exist in existing gadgets, as well as other weaknesses.
Microsoft’s advisory provides a FixIt tool, which will disable the Windows Sidebar and any gadget that is currently enabled on the system. The measure is necessary, Redmond said, because it will protect customers from “…vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.”
“In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.”
As mentioned, Microsoft is likely reacting to a talk scheduled for BlackHat titled, We Have You By The Gadgets. Presented by researchers Mickey Shkatov and Toby Kohlenberg, the talk will delve into their work on “creating malicious gadgets, misappropriating legitimate gadgets, and the sorts of flaws we have found in published gadgets.”
This could be problematic for Vista and Windows 7 users who happen to have left their systems as they were the day they came out of the box – almost all of which have the gadgets enabled.
“Clearly Microsoft is worried about the security researchers’ findings…Microsoft hasn’t issued a security patch to fix the vulnerability. They’re suggesting you completely nuke your Windows Sidebar and Gadgets,” commented Sophos’ Graham Cluley.