Microsoft releases fix for Gadgets vulnerability
A Black Hat presentation on June 26 by Mickey Shkatov and Toby Kohlenberg will reveal a number of interesting attack vectors using the Windows Gadget platform. According to the authors of ‘We have you by the Gadgets’ , legitimate gadgets have flaws and can be compromised while, it is possible to create a malicious Gadget and distribute it to end users! Microsoft has already released a fix that disables the windows Sidebar and Gadgets for Vista and Windows 7 users. Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.
The Gadget vulnerability could allow an attacker to gain administrative privileges on a system where the current user is logged on as an administrator. This will give an attacker full control of the system and could steal, modify and delete any data or programs!
Read more here – http://technet.microsoft.com/en-us/security/advisory/2719662
Run the fix from here – http://support.microsoft.com/kb/2719662