Gadgets Could Allow Remote Code Execution

[marsmimar]

Users of Windows Vista and Windows 7 have been advised to completely disable their Windows Sidebar and Gadgets, in response to what appears to be a serious security risk.

Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution

See also: http://www.sevenforums.com/security...rs-shut-down-windows-gadgets-risk-attack.html

 

[DavidE]

This was posted by Brink in the News forum http://www.sevenforums.com/security...rs-shut-down-windows-gadgets-risk-attack.html
, but i think it's good to have a post here so more people might see this.

Do you tell people they should stop using Gadgets because of a Security issue?

I don't use them, but i know and help (non-tech) people that do use them and love them...but i can only cry Wolf so many times

 

[marsmimar]

***sigh***

I searched in News as well as System Security. Didn't see Shawn's thread. Isn't the first time that happened. Most likely won't be the last, either.

 

[DavidE]

Been there, done that
Shawn's too quick for us mortal's

 

[rusty post]

Windows Gadgets Vulnerable

Apparently it is best to nuke them altogether...

Disable Windows Sidebar and Gadgets NOW on Vista and Windows 7. Microsoft warns of security risk | Naked Security

 

[Alejandro85]

What it's funny about that post is that, when M$ finds a problem, instead of solving it and prevent any vulnerability, they just decide to blow them off and nuke one of the most distinctive characteristics of Win7.

Does anyone know if it's really a problem in the gadgets themselves or in the runtime they use?? (and since they are HTML after all, I suppose they really run in the virus-friendly IE). Also, this problem most likely existed since the very first version of Win Vista and nobody has really problems isn't it? So, why would I disable them altogether?

Also, M$ fails to point in their article the security mitigations we can take to prevent problems without sacrificing functionality. What about UAC? What about limited user rights? What about antiviruses? What about firewalls? What about running in low integrity? It's not crazy that a reasonably protected computer is mostly immune to the Windows design flaws.

 

[pincushion]

Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

:huh:

 

[Alejandro85]

Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

:huh:

I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.

 

[pincushion]

Since I run as admin and have several gadgets - no problems yet - I will shortly be expecting my first malware and will report back when I have stopped crying all night!

:huh:

I bet you'll not notice any difference at all. The bug have been there for years and nobody has ever cried because of them.

That has put my mind at rest although I wasn't/am not really expecting much to happen.

:roflmao:

 

[dutara]

Well, I can't say for sure how this happened, but...
I run Win7 with Comodo Firewall, Avast Antivirus, and Windows Defender.
Left my system on overnight running torrents. This morning just happened to notice Comodo Firewall was not running. WTF? I am certain I did not turn it off. All the same, went about looking through the morning messages.
Then my system locks up. It happens sometimes. Cold reboot. Windows comes up, I enter pw, all appears normal until that very last part when Windows loads gadgets (heed a warning? me?), then the system freezes, screen goes pale like someone draped a thin tissue over the screen. I do another cold reboot. Same. It works like it always does, until the last few seconds when the gadgets should load. Freeze happens again. I notice the hard disk activity light is not flashing, as it usually does while the gadgets load.
I wasn't in the mood for forensic research, so restored a backup from 10 days before. This bu was before MS put out that load of recent updates (I think it was Aug 14).
After restore the first thing I did was shut off Gadget's sidebar.

Even though these holes have been there for years the recent publicity could very well attract people with nothing better to do.

 

[pincushion]

Well, I can't say for sure how this happened, but...
I run Win7 with Comodo Firewall, Avast Antivirus, and Windows Defender.
Left my system on overnight running torrents. This morning just happened to notice Comodo Firewall was not running. WTF? I am certain I did not turn it off. All the same, went about looking through the morning messages.
Then my system locks up. It happens sometimes. Cold reboot. Windows comes up, I enter pw, all appears normal until that very last part when Windows loads gadgets (heed a warning? me?), then the system freezes, screen goes pale like someone draped a thin tissue over the screen. I do another cold reboot. Same. It works like it always does, until the last few seconds when the gadgets should load. Freeze happens again. I notice the hard disk activity light is not flashing, as it usually does while the gadgets load.
I wasn't in the mood for forensic research, so restored a backup from 10 days before. This bu was before MS put out that load of recent updates (I think it was Aug 14).
After restore the first thing I did was shut off Gadget's sidebar.

Even though these holes have been there for years the recent publicity could very well attract people with nothing better to do.

Perhaps the updates affected your system but they didn't with mine and I use several gadgets including system control (shutdown, restart and cmd buttons), applauncher, network meter and cpu/memory meter all working perfectly.

:huh: