Gadgets Could Allow Remote Code Execution
-
Gadgets Could Allow Remote Code Execution
-
-
This was posted by Brink in the News forum Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack
, but i think it's good to have a post here so more people might see this.
Do you tell people they should stop using Gadgets because of a Security issue?
I don't use them, but i know and help (non-tech) people that do use them and love them...but i can only cry Wolf so many times
-
***sigh***
I searched in News as well as System Security. Didn't see Shawn's thread. Isn't the first time that happened. Most likely won't be the last, either.
-
-
Been there, done that
Shawn's too quick for us mortal's
-
Windows Gadgets Vulnerable
-
What it's funny about that post is that, when M$ finds a problem, instead of solving it and prevent any vulnerability, they just decide to blow them off and nuke one of the most distinctive characteristics of Win7.
Does anyone know if it's really a problem in the gadgets themselves or in the runtime they use?? (and since they are HTML after all, I suppose they really run in the virus-friendly IE). Also, this problem most likely existed since the very first version of Win Vista and nobody has really problems isn't it? So, why would I disable them altogether?
Also, M$ fails to point in their article the security mitigations we can take to prevent problems without sacrificing functionality. What about UAC? What about limited user rights? What about antiviruses? What about firewalls? What about running in low integrity? It's not crazy that a reasonably protected computer is mostly immune to the Windows design flaws.
-
-
-
I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.
-
I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.
That has put my mind at rest although I wasn't/am not really expecting much to happen.
-
Well, I can't say for sure how this happened, but...
I run Win7 with Comodo Firewall, Avast Antivirus, and Windows Defender.
Left my system on overnight running torrents. This morning just happened to notice Comodo Firewall was not running. WTF? I am certain I did not turn it off. All the same, went about looking through the morning messages.
Then my system locks up. It happens sometimes. Cold reboot. Windows comes up, I enter pw, all appears normal until that very last part when Windows loads gadgets (heed a warning? me?), then the system freezes, screen goes pale like someone draped a thin tissue over the screen. I do another cold reboot. Same. It works like it always does, until the last few seconds when the gadgets should load. Freeze happens again. I notice the hard disk activity light is not flashing, as it usually does while the gadgets load.
I wasn't in the mood for forensic research, so restored a backup from 10 days before. This bu was before MS put out that load of recent updates (I think it was Aug 14).
After restore the first thing I did was shut off Gadget's sidebar.
Even though these holes have been there for years the recent publicity could very well attract people with nothing better to do.