Microsoft Asks Users To Disable Windows Gadgets Out Of Security Vulnerability Fears

Posted Jul 11, 2012

Microsoft is asking Windows Vista and Windows 7 users to disable the Sidebar and Gadget features built into the operating system.  Desktop Gadgets were first added in Windows Vista.  The mini-app gadgets are based on HTML and obtain information from web feeds.

Microsoft removed the Sidebar as part of the Gadgets implementation in Windows 7, but now the company is warning that insecure Gadgets could allow hackers to run arbitrary code in the context of the current user.  Microsoft issued the security warning earlier this week.

Microsoft has provided an automated fix to disable the Windows Sidebar and Gadgets in supported editions of Windows Vista and Windows 7.  Microsoft said that the temporary fix will “help block known attack vectors before a security update is available.”  It is uncertain whether Microsoft will issue a full security update that will disable the Gadgets feature.

Microsoft Windows 8 does not have Gadget support, but the Consumer and Release Preview editions have Gadgets.  Researchers are planning to disclosed the bugs and vulnerabilities at a Black Hat convention later this month.