Home Microsoft to users: disable Windows Gadgets
News

Microsoft to users: disable Windows Gadgets

Cyril Kowaliski
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

Do you use Gadgets in Windows 7 or Vista? Bad news, then. In a security advisory published yesterday, Microsoft says the diminutive desktop (and sidebar) applets may be vulnerable to attacks that enable remote code execution. An attacker could purportedly use them to access your PC with the same privileges as your user account—so if you have administrative privileges, the attacker could get full control of your machine.

To address the problem, Microsoft has released a "Fix it" wizard that disables Windows Gadgets altogether. (Another wizard, available from the same page, switches the feature back on.) Microsoft’s security advisory says you can disable Windows Gadgets yourself using the Registry Editor, as well, provided you follow a few simple instructions.

According to Computerworld, the advisory "may be linked" to the upcoming Black Hat security conference. There, two researchers—Mickey Shkatov and Toby Kohlenberg—plan to show a presentation about attack vectors in Gadgets. Here’s the abstract:

Why send someone an executable when you can just send them a sidebar gadget?

We will be talking about the windows gadget platform and what the nastiness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.

We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.

Sure enough, in the "Acknowledgments" section of the advisory, Microsoft thanks "Mickey Shkatov and Toby Kohlenberg for working with us on Gadget vulnerabilities." I guess Shkatov and Kohlenberg may be white hat hackers rather than black hat ones. (Thanks to The Verge for the tip.)

Latest News

Top Crypto Gainers on 18 March – AVAX and RNDR
Crypto News

Top Crypto Gainers on 18 March – AVAX and RNDR

smartphone security organization
Community Contributions

How to Successfully Tackle Smartphone Security in Your Organization

With so many new smartphone models being rolled out each year, it’s crucial to stay on top of security for your business. The last thing you want is to experience...

meme-season (1)
Crypto News

8 Meme Coins to Consider for Investment During the Current Meme Coin Trend

Meme coins recorded jaw-dropping returns in the past couple of weeks. Many household projects pushed towards its new ATHs in recent weeks. Dogwifhat, surged over 600% in the last week...

SpaceX Is Building A Network Of 100 Spy Satellites For The US
News

SpaceX Is Building a Network of 100 Spy Satellites for the US Government, Angers China

IMF Shared An Update About The February Security Breach
News

IMF Shared an Update about the February Security Breach – All Affected Email Accounts Resecured

Taylor Swift in concert
Statistics

9 Taylor Swift Controversies – The Numbers Behind the Drama

What is Darwin AI, Apple’s Latest AI Acquisition?
News

What is Darwin AI, Apple’s Latest AI Acquisition?