Not what you were looking for? Ask our experts!
Reply
Regular Contributor
BajaBoojum
Posts: 140
Registered: ‎05-29-2008

MS Security Advisory: Disable Desktop Gadgets

[ Edited ]

Microsoft issued a Security Advisory on July 10 strongly recommending all Vista/Windows 7 users disable desktop/sidebar gadgets (Advisory 2719662).  They believe they are vulnerable to exploitation.

 

I assume NIS offers the same level of protection against gadget exploitation as any other risk.  I'm interested to know if anyone has more insight and if following typical safe practices and using only trusted gadgets is an acceptable risk. 

Norton Fighter
Krusty13
Posts: 5,866
Registered: ‎05-31-2011

Re: MS Security Advisory: Disable Desktop Gadgets

Very interesting!

 

I can not speak with any authority,  but it appears the focus is on "insecure" gadgets.  Here are the FAQ from the Microsoft Advisory.  http://technet.microsoft.com/en-us/security/advisory/2719662#section4

 

Frequently Asked Questions

What is the scope of the advisory? The purpose of this advisory is to notify customers that Microsoft is aware of vulnerabilities in insecure Gadgets affecting the Windows Sidebar on supported versions of Windows Vista and Windows 7.

What caused the issue? The issue is caused when Gadgets, running in the Windows Sidebar, contain vulnerabilities that can be leveraged by an attacker.

What might an attacker use the vulnerability to do? An attacker who successfully exploited a Gadget vulnerability could gain the same user rights as a logged-on user. If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

How could an attacker exploit the vulnerability? An attacker would have to convince a user to install and enable a vulnerable Gadget.

 

I could only guess that the gadgets that came with Windows should be secure and it could relate to third party gadgets.  That is just my guess though.

 

Dave. 

W W W  =  Wild Wild West.    Be careful out there!

Norton Fighter
Krusty13
Posts: 5,866
Registered: ‎05-31-2011

Re: MS Security Advisory: Disable Desktop Gadgets

For those of us that use Windows Gadgets,  this may be disappointing  -  http://www.scmagazine.com.au/Tools/Print.aspx?CIID=308426.

 

Dave

W W W  =  Wild Wild West.    Be careful out there!

Regular Contributor
Calls
Posts: 2,002
Registered: ‎10-07-2009

Re: MS Security Advisory: Disable Desktop Gadgets

wow. So does that mean if run the find microsft updates that you will get the update that removes the gadgets from your desktop? And if you install the update all the gadgets will be gone or only non-microsoft gadgets?
I think all my gadgets:
Norton Gadget
Sticky pad
Calander
clock
local weather

all came with the computer (except for the Norton gadget)
yank
Posts: 9,399
Kudos: 2,063
Solutions: 471
Registered: ‎12-02-2009

Re: MS Security Advisory: Disable Desktop Gadgets

[ Edited ]

FWIW - here is some addtional information:

 

Advisory:

http://technet.microsoft.com/en-us/security/advisory/2719662

 

Fix-it tool mentioned in advisory:

 http://support.microsoft.com/kb/2719662

 

 

Info on Gadget Gallery being removed:

 http://windows.microsoft.com/en-us/windows/downloads/personalize/gadgets?SignedIn=1

Regular Contributor
Calls
Posts: 2,002
Registered: ‎10-07-2009

Re: MS Security Advisory: Disable Desktop Gadgets

can one manually disable it? And how would that be done?
Would it have the same result as the Fix-It tool?
Regular Contributor
Calls
Posts: 2,002
Registered: ‎10-07-2009

Re: MS Security Advisory: Disable Desktop Gadgets

I've tried finding info on the microsoft answers forums, but not seeing much about this at all. The gadgets on my desktop have been there at least 2 years or longer
Norton Fighter
Krusty13
Posts: 5,866
Registered: ‎05-31-2011

Re: MS Security Advisory: Disable Desktop Gadgets

While it may be true that some third party gadgets could be "insecure",  I believe that this is just a scare campaign by Microsoft to stop people using gadgets so they will except Window 8 - which I will not be doing.

 

Dave.

W W W  =  Wild Wild West.    Be careful out there!

huwyngr
Posts: 21,057
Topics: 1,003
Kudos: 2,737
Solutions: 368
Registered: ‎04-13-2008

Re: MS Security Advisory: Disable Desktop Gadgets


Krusty13 wrote:

While it may be true that some third party gadgets could be "insecure",  I believe that this is just a scare campaign by Microsoft to stop people using gadgets so they will except Window 8 - which I will not be doing.

 

Dave.


Just because that sounds neurotic it doesn't mean you are not right! This from that last reference that Yank gives:

 

<<  Desktop gadgets

     

Because we want to focus on the exciting possibilities of the newest version of Windows, the Windows website no longer hosts the gadget gallery.  >>

 

Well thank you -- I really like and value the ones I have all of which, except for Norton's, came with the installation of Windows 7



Hugh
Regular Contributor
Calls
Posts: 2,002
Registered: ‎10-07-2009

Re: MS Security Advisory: Disable Desktop Gadgets

so how were those of us who have gadgets to be notified of the suggestion to disable? will it come as a security update?