Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack
Rather than fix vulnerabilities with Gadgets and the Sidebar in Windows Vista and Windows 7, Microsoft is advising users to disable the features altogether.
Gadgets and Sidebar allow users to add visual information and small programs to the Windows desktop, including clock faces, music players and RSS feed readers.
Now, Microsoft has issued a Fix It solution to disable Gadgets and the Sidebar. These features, if left enabled, may allow the execution of arbitrary code, and could allow attackers to take complete control of a person’s system, Microsoft warns in a Knowledge Base article.
As Computerworld notes, researchers are getting ready to disclose Gadget vulnerabilities at the Black Hat conference this month. Microsoft describes the fix as a temporary workaround, so it's possible that the company will release a proper fix, but Microsoft hasn't said either way.
As The Verge reports, Microsoft will eliminate Gadget and Sidebar support in Windows 8. The features are available in the Consumer and Release Preview editions, but like Aero, they may not make the cut in the final product. It's worth noting that the security fix doesn't apply to either preview version of Windows 8.
The languishing of desktop Gadgets and Sidebar isn't a surprise. The feature hasn't been very popular, and Microsoft only bundles nine of its own gadgets with Windows 7. Microsoft used to host more online, but has stopped doing so. The company's website now advises users not to seek out Gadgets from untrusted sources.
Meanwhile, some of the basic ideas behind Gadgets will translate over to Live Tiles in Windows 8. On the new Metro Start screen, users will be able to view unread e-mail counts, upcoming calendar appointments, current weather, news headlines and other tidbits of information. These tiles will likely get more attention from average users than Gadgets and Sidebar ever did.