Microsoft advises users to nuke Windows 7 Gadgets. Now!

Updated happygeek 1 Tallied Votes 603 Views Share

It's not often that Microsoft recommends that Windows users should disable a much hyped part of the OS, but that's exactly what has happened regarding the Windows Sidebar and Windows Gadgets found in Windows Vista and Windows 7. Microsoft Security Advisory 2719662 clearly states "Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets" and Microsoft even provides a handy Fix-It tool to do the job for you. So what's all the fuss about, all of a sudden?


Well the simple answer is either 'Black Hat 2012' or "Gadgets have always been insecure but now someone has actually noticed the fact". The someone in question being Israeli security researcher Mickey Shkatov and infosec professional Toby Kohlenberg who are planning to reveal just how insecure the whole Windows Gadget Platform actually is on July 26th at Black Hat USA in a briefing aptly entitled 'We have you by the Gadgets'.

The briefing promises to reveal "a number of number of interesting attack vectors that are interesting to explore and take advantage of" as part of their "research into creating malicious gadgets, misappropriating legitimate gadgets" and "the sorts of flaws we have found in published gadgets". Microsoft notes that gadgets installed from untrusted sources can "harm your computer and can access your computer's files" and perhaps importantly change their behavior at any time so a once trusted Gadget could go rogue with no warning. "An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user" Microsoft warns, adding "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system".

Unusually, perhaps because the revelations at Black Hat are due to take place before the end of the month, or perhaps because it had already decided to kill off the Gadget platform in Windows 8 anyway, Microsoft has opted not to wait for the next Patch Tuesday updates to handle the problem but instead issue a 'Fix It' tool that will totally nuke the Sidebar and Gadgets from your system. Something it recommends users do 'as soon as possible'. The Desktop Gadgets Gallery has already vanished from the Internet, and notes that Gadget developers are already "shifting their efforts to the online Windows Store" in readiness for Windows 8 anyway.

So, have you disabled Windows Gadgets yet? I have...

abou.mohamed.370 commented: audio +0
salt3t commented: i want to need window7 software +0
framdani86 -4 Newbie Poster

Did you set up Homegroup for networking in Windows 7?
Homegroup only works with Windows 7 computers and will not talk to your XP computer.
If so, you will need to change the networking system to one that XP can use.

On your Windows 7 computer, click the Start button at the bottom left of the screen, then go to the Control Panel and choose Network and Sharing Center. Click the link under "view your active networks" (if you've set up a Homegroup,the link should say "home network").
In the next window choose "Work network" that will switch you from a homegroup to a workgroup so your two computers can talk to each other. Before you can network the computers, you must assign the same workgroup name to both of them and SHARE folders in Explorer.

The XP computer's internet problem is not related the above. If your broadband modem is connected to the router and the router is connected to each computer your should not have any problems. If you are using a wireless connection you may have changed the ID or keyword when you installed the Win 7 computer.

Good Luck

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

I don't think you really meant to post that as a comment to my news story, did you? :)

john29 0 Light Poster

thank you for this beautiful article.

firdousahmad -1 Junior Poster in Training

thnx for the info.

sobusbd -2 Newbie Poster
<script type="text/javascript"><!--
google_ad_client = "ca-pub-6874938759473897";
/* adse */
google_ad_slot = "4271462309";
google_ad_width = 728;
google_ad_height = 90;
<script type="text/javascript"
happygeek commented: ??? -2
caperjack 875 I hate 20 Questions Team Colleague

i will leave my gagets alone for now ,just a clock and weather gaget ,been there now for a few yrs ,and i still got money in my bank acct's .lol

chiccosilva 0 Newbie Poster

I became better when I did read this article, because we note that there are people in the word that desire to help others. Thank you!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.