Microsoft Issues Security Advisory, Vulnerabilities In Gadgets Pose Risk
Microsoft has issued a security advisory (2719662) which informs users that vulnerabilities in Gadgets exist which could allow remote code execution by an attacker. Essentially, should an attacker exploit a Gadget vulnerability they could run code as the current user and if they are logged in with administrative rights it could spell disaster. This is due to the fact that the attacker can install programs, view, change or delete data, create new accounts etc. In simple terms, they can take complete control of the system. Microsoft in response to this has announced the availability of an automated fix that will disable Windows Sidebar and Gadgets on the supported versions of Windows 7 and Windows Vista. This simple fix, while rudimentary, will help protect consumers for the time being. Hopefully Microsoft will have a full fix in the works for these vulnerabilities in the near future. The Microsoft Fix It tool to disable these features or re-enable them can be found here.
Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time.
Posted by | Fri, Jul 13, 2012 - 05:26 PM