Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Gadgets Could Allow Remote Code Execution


12 Jul 2012   #1

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 
Gadgets Could Allow Remote Code Execution

Users of Windows Vista and Windows 7 have been advised to completely disable their Windows Sidebar and Gadgets, in response to what appears to be a serious security risk.

Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution

See also: Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack

My System SpecsSystem Spec
.

12 Jul 2012   #2

Win 7 Pro x64 SP1, Win 7 Ult x86 SP1
 
 

This was posted by Brink in the News forum Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack
, but i think it's good to have a post here so more people might see this.

Do you tell people they should stop using Gadgets because of a Security issue?

I don't use them, but i know and help (non-tech) people that do use them and love them...but i can only cry Wolf so many times
My System SpecsSystem Spec
12 Jul 2012   #3

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

***sigh***

I searched in News as well as System Security. Didn't see Shawn's thread. Isn't the first time that happened. Most likely won't be the last, either.
My System SpecsSystem Spec
.


12 Jul 2012   #4

Win 7 Pro x64 SP1, Win 7 Ult x86 SP1
 
 

Been there, done that
Shawn's too quick for us mortal's
My System SpecsSystem Spec
12 Jul 2012   #5

W7 HOP 64
 
 
Windows Gadgets Vulnerable

My System SpecsSystem Spec
15 Jul 2012   #6

Windows 7 Ultimate x64
 
 

What it's funny about that post is that, when M$ finds a problem, instead of solving it and prevent any vulnerability, they just decide to blow them off and nuke one of the most distinctive characteristics of Windows 7.

Does anyone know if it's really a problem in the gadgets themselves or in the runtime they use?? (and since they are HTML after all, I suppose they really run in the virus-friendly IE). Also, this problem most likely existed since the very first version of Win Vista and nobody has really problems isn't it? So, why would I disable them altogether?

Also, M$ fails to point in their article the security mitigations we can take to prevent problems without sacrificing functionality. What about UAC? What about limited user rights? What about antiviruses? What about firewalls? What about running in low integrity? It's not crazy that a reasonably protected computer is mostly immune to the Windows design flaws.
My System SpecsSystem Spec
16 Jul 2012   #7

Windows 7 x64 SP1
 
 

Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

My System SpecsSystem Spec
21 Jul 2012   #8

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by pincushion View Post
Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.
My System SpecsSystem Spec
22 Jul 2012   #9

Windows 7 x64 SP1
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
Quote   Quote: Originally Posted by pincushion View Post
Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.
That has put my mind at rest although I wasn't/am not really expecting much to happen.

My System SpecsSystem Spec
21 Aug 2012   #10

Windows 7 Ultimate 32bit
 
 

Well, I can't say for sure how this happened, but...
I run Windows 7 with Comodo Firewall, Avast Antivirus, and Windows Defender.
Left my system on overnight running torrents. This morning just happened to notice Comodo Firewall was not running. WTF? I am certain I did not turn it off. All the same, went about looking through the morning messages.
Then my system locks up. It happens sometimes. Cold reboot. Windows comes up, I enter pw, all appears normal until that very last part when Windows loads gadgets (heed a warning? me?), then the system freezes, screen goes pale like someone draped a thin tissue over the screen. I do another cold reboot. Same. It works like it always does, until the last few seconds when the gadgets should load. Freeze happens again. I notice the hard disk activity light is not flashing, as it usually does while the gadgets load.
I wasn't in the mood for forensic research, so restored a backup from 10 days before. This bu was before MS put out that load of recent updates (I think it was Aug 14).
After restore the first thing I did was shut off Gadget's sidebar.

Even though these holes have been there for years the recent publicity could very well attract people with nothing better to do.
My System SpecsSystem Spec
Reply

 Gadgets Could Allow Remote Code Execution




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:57 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33