Windows Sidebar/Gadgets for Windows 8 RTM ADDED 32bit Version




Microsoft is speeding up plans to kill off the Windows Gadget platform after receiving word that serious security vulnerabilities will be disclosed at the upcoming Black Hat security conference.
According to a brief abstract from the Black Hat site, researchers Mickey Shkatov and Toby Kohlenberg plan to discuss weaknesses associated with Windows Sidebar and Gadgets and demonstrate "nastiness" that can be done on the platform.


Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of. We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets," the researchers said.

Microsoft was already planning to deprecate Sidebar and Gadgets in the upcoming Windows 8 but, after working with Schkatov and Kohlenberg ahead of Black Hat, the company decided to push for the immediate death of the platform.


The company released a security advisory with information to help system administrators disable the Windows Sidebar and Gadgets on supported versions of Windows Vista and Windows 7 with one Fix it click.

Microsoft did not provide details on the vulnerabilities but warned that there is a risk of remote code execution attacks.

"An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system," Microsoft warned.

This automated Fix-It will disable the Windows Sidebar experience and all Gadget functionality on affected machines.


Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Advertisement