Microsoft urges death of Windows gadgets as researchers plan disclosures

Reacts to upcoming revelations of gadget vulnerabilities at Black Hat by offering tool that kills feature in Vista, Windows 7

By , Computerworld |  Security, Black Hat, Microsoft

Just two weeks before researchers are to disclose bugs in Windows "gadgets" at Black Hat, Microsoft acknowledged unspecified security vulnerabilities in the small pieces of software supported by Vista and Windows 7.

To deal with the vulnerabilities, Microsoft has provided a way to cripple all gadgets and disable the "sidebar" engine that runs them.

"The purpose of this advisory is to notify customers that Microsoft is aware of vulnerabilities in insecure Gadgets affecting the Windows Sidebar on supported versions of Windows Vista and Windows 7," Microsoft said in a security warning issued Tuesday.

"The deprecation of gadgets and the sidebar is interesting," said Jason Miller, manager of research and development at VMware, in an interview. "Gadgets are not much used for business, so if you don't use it, get rid of it. That's one of the best ways to reduce your attack profile."

Microsoft did not detail the vulnerabilities or explain why it was letting users ditch gadgets, but the move may be linked to an upcoming presentation at Black Hat, the annual security conference held in Las Vegas. On July 26, Mickey Shkatov and Toby Kohlenberg are scheduled to present research on gadget flaws and exploits.

The Black Hat entry for their presentation, "We Have You by the Gadgets," noted "a number of interesting attack vectors" in gadgets.

"We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets," the description stated.

In its advisory, Microsoft thanked Shkatov and Kohlenberg for their help with gadget bugs. The researchers were unavailable for comment or to answer questions late Tuesday.

Gadgets and the sidebar engine were introduced in 2007's Windows Vista as a way to run and manage single-use, lightweight applications. Windows 7 also supported gadgets, but let users place them directly on the desktop rather than on the separate sidebar.

At their debut, some critics noted gadgets' similarity to the widgets and Dashboard introduced two years earlier by Apple in OS X 10.4, also known as Tiger.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness