Gadgets Could Allow Remote Code Execution

Page 1 of 2 12 LastLast

  1. Posts : 10,994
    Win 7 Pro 64-bit
       #1

    Gadgets Could Allow Remote Code Execution


    Users of Windows Vista and Windows 7 have been advised to completely disable their Windows Sidebar and Gadgets, in response to what appears to be a serious security risk.

    Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution

    See also: Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack
      My Computer


  2. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #2

    This was posted by Brink in the News forum Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack
    , but i think it's good to have a post here so more people might see this.

    Do you tell people they should stop using Gadgets because of a Security issue?

    I don't use them, but i know and help (non-tech) people that do use them and love them...but i can only cry Wolf so many times
      My Computer


  3. Posts : 10,994
    Win 7 Pro 64-bit
    Thread Starter
       #3

    ***sigh***

    I searched in News as well as System Security. Didn't see Shawn's thread. Isn't the first time that happened. Most likely won't be the last, either.
      My Computer


  4. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #4

    Been there, done that
    Shawn's too quick for us mortal's
      My Computer


  5. Posts : 91
    W7 HOP 64
       #5

    Windows Gadgets Vulnerable

      My Computer


  6. Posts : 2,465
    Windows 7 Ultimate x64
       #6

    What it's funny about that post is that, when M$ finds a problem, instead of solving it and prevent any vulnerability, they just decide to blow them off and nuke one of the most distinctive characteristics of Win7.

    Does anyone know if it's really a problem in the gadgets themselves or in the runtime they use?? (and since they are HTML after all, I suppose they really run in the virus-friendly IE). Also, this problem most likely existed since the very first version of Win Vista and nobody has really problems isn't it? So, why would I disable them altogether?

    Also, M$ fails to point in their article the security mitigations we can take to prevent problems without sacrificing functionality. What about UAC? What about limited user rights? What about antiviruses? What about firewalls? What about running in low integrity? It's not crazy that a reasonably protected computer is mostly immune to the Windows design flaws.
      My Computer


  7. Posts : 472
    Windows 7 x64 SP1
       #7

    Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

      My Computer


  8. Posts : 2,465
    Windows 7 Ultimate x64
       #8

    pincushion said:
    Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

    I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.
      My Computer


  9. Posts : 472
    Windows 7 x64 SP1
       #9

    Alejandro85 said:
    pincushion said:
    Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

    I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.
    That has put my mind at rest although I wasn't/am not really expecting much to happen.

      My Computer


  10. Posts : 2
    Windows 7 Ultimate 32bit
       #10

    Well, I can't say for sure how this happened, but...
    I run Win7 with Comodo Firewall, Avast Antivirus, and Windows Defender.
    Left my system on overnight running torrents. This morning just happened to notice Comodo Firewall was not running. WTF? I am certain I did not turn it off. All the same, went about looking through the morning messages.
    Then my system locks up. It happens sometimes. Cold reboot. Windows comes up, I enter pw, all appears normal until that very last part when Windows loads gadgets (heed a warning? me?), then the system freezes, screen goes pale like someone draped a thin tissue over the screen. I do another cold reboot. Same. It works like it always does, until the last few seconds when the gadgets should load. Freeze happens again. I notice the hard disk activity light is not flashing, as it usually does while the gadgets load.
    I wasn't in the mood for forensic research, so restored a backup from 10 days before. This bu was before MS put out that load of recent updates (I think it was Aug 14).
    After restore the first thing I did was shut off Gadget's sidebar.

    Even though these holes have been there for years the recent publicity could very well attract people with nothing better to do.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:12.
Find Us