In a recent security note, Microsoft has released a FixIt tool that completely disables the sidebar functionality along with gadgets to protect users from an unspecified security threat:
Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.
An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
So there’s a threat out there that users can choose to protect themselves from by disabling a function of Windows Vista or 7, but we don’t know what the threat is. That tells me this. If there was an active exploit floating around out there, Microsoft would be way more aggressive about this and they wouldn’t be giving users the choice to disable the sidebar and gadgets. That says to me that this risk is real, but theoretical at this point. You’ll have to make the decision on your own to use this FixIt tool or not depending on your paranoia level. Though I will point this out. Gadgets are entirely optional and are proactively downloaded and enabled by users. So if you don’t want your Windows Vista or 7 system compromised, don’t download stuff that comes from questionable sources. That’s a better way to protect yourself.
Like this:
Like Loading...
Related
This entry was posted on July 12, 2012 at 5:33 pm and is filed under Commentary with tags Microsoft, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microsoft Give Users The Option To Kill Sidebar And Gadgets To Protect Themselves….. What?
In a recent security note, Microsoft has released a FixIt tool that completely disables the sidebar functionality along with gadgets to protect users from an unspecified security threat:
Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.
An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
So there’s a threat out there that users can choose to protect themselves from by disabling a function of Windows Vista or 7, but we don’t know what the threat is. That tells me this. If there was an active exploit floating around out there, Microsoft would be way more aggressive about this and they wouldn’t be giving users the choice to disable the sidebar and gadgets. That says to me that this risk is real, but theoretical at this point. You’ll have to make the decision on your own to use this FixIt tool or not depending on your paranoia level. Though I will point this out. Gadgets are entirely optional and are proactively downloaded and enabled by users. So if you don’t want your Windows Vista or 7 system compromised, don’t download stuff that comes from questionable sources. That’s a better way to protect yourself.
Share this:
Like this:
Related
This entry was posted on July 12, 2012 at 5:33 pm and is filed under Commentary with tags Microsoft, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.