Microsoft releases fix for Gadgets vulnerability

A Black Hat presentation on June 26 by Mickey Shkatov and Toby Kohlenberg will reveal a number of interesting attack vectors using the Windows Gadget platform. According to the authors of ‘We have you by the Gadgets’ , legitimate gadgets have flaws and can be compromised while, it is possible to create a malicious Gadget and distribute it to end users! Microsoft has already released a fix that disables the windows Sidebar and Gadgets for Vista and Windows 7 users. Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.

The Gadget vulnerability could allow an attacker to gain administrative privileges on a system where the current user is logged on as an administrator. This will give an attacker full control of the system and could steal, modify and delete any data or programs!

Read more here – http://technet.microsoft.com/en-us/security/advisory/2719662

Run the fix from here – http://support.microsoft.com/kb/2719662

Microsoft releases fix for Gadgets vulnerability

Leave a Comment

Further Reading

Hidden secrets the average user doesn’t know about Windows 7

Microsoft’s GPO Excel sheet for Windows Server 2012

The 12 most popular Windows command-line tools

Showing Administrative Tools on the Start Menu

Add Search Internet link to Windows 7 Start Menu

Windows 8 Data Backup and Recovery Features

Find out which Hypervisor your Windows 7 is running on!

Manage windows using keyboard shortcuts

Registry setting for User Account Control (UAC)

Encrypting the Pagefile

Downloads

Categories

Command line Tips

News