How many of you still using desktop gadgets on Windows 7 PC’s? FYI, there will be no gadgets in Windows 8 as metro/modern apps are there for that purpose, which updates tiles by fetching information from the web, coming to the point, Microsoft has released security advisory (2719662) for IT professionals, which states that vulnerabilities in gadgets could allow remote code execution.
Microsoft recommends users to disable Windows sidebar and gadgets in Windows Vista and Windows 7 to prevent this code execution run from insecure gadgets. If user installs malicious gadgets from untrusted sources, then they can access user’s computer files, shows objectionable content, or may change their behavior.
“An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Microsoft has released Fix It tool to fix this issue, after running this tool, it automatically disables Windows Sidebar and gadgets in Windows Vista/7. You need to restart your Computer after that for the changes to take effect. You can download this tool from here., from then onwards if you try to access gadgets by selecting gadgets from right-click menu on desktop, you’ll get “desktop gadgets are managed by your system administrator” dialog.
Microsoft offers another Fix It tool to enable Windows Sidebar and gadgets again, which you can download from here.