Microsoft has issued a security advisory urging users to install an update that disables the Sidebar and Gadgets features on Windows Vista and Windows 7 operating systems due to a potential security vulnerability.
The security advisory warns that a hacker could get into a users system through an insecure Gadget running in Sidebar, execute arbitrary code and wreak havoc on the system. The Sidebar, as its name implies, is a section of the desktop real estate that lies to one side of the screen. Gadgets running in Sidebar are various tools, created with small amounts of code, which a user can see at a glance while working on their computer, such as a clock, the local temperature, a news headline feed or a stock ticker.
Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time, Microsoft stated in its security advisory, posted July 10.
Worse yet, if the user of the compromised computer has administrative rights on a network, the hacker could take complete control of the affected system, making it possible for them to install programs, view, change, or delete data, or create new accounts with full user rights, the advisory stated.
The advice to disable Gadgets, for those who still use them, comes shortly before security researchers are scheduled to make a presentation on Gadget vulnerabilities at the annual Black Hat USA 2012 security industry conference beginning July 21 in Las Vegas. On July 26, researchers Mickey Shkatov and Toby Kohlenberg will present We Have You By The Gadgets that will detail the risks.
Microsoft closed the Windows Live Gallery at which users could select Gadgets to run in Sidebar in 2011, so the end of the feature was already preordained.
Because we want to focus on the exciting possibilities of the newest version of Windows, the Windows Website no longer hosts the Gadget gallery, Microsoft explained last year.