To respond a serious security risk, Microsoft released a security advisory (2719662) that suggests that disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.
An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
According to Naked Security, the warning comes ahead of a talk scheduled for Black Hat later this month by Mickey Shkatov and Toby Kohlenberg. Shkatov and Kohlenberg’s talk, entitled “We have you by the gadgets”, threatens to expose various attack vectors against gadgets, how malicious gadgets can be created, and the flaws they have found in published gadgets.
Microsoft hasn’t released a security update to address this vulnerability but released an automated Microsoft Fix It solution to help users to disable the entire Windows Sidebar and Gadget components on Windows Vista, and Windows 7. Simply heading over to this Microsoft KB and click the Fix it icon to disable it.
IT admins can also disable the Sidebar through Group Policy on a Windows network. The setting is Windows Sidebar which is located
Computer Configuration -> Administrative Templates -> Windows Component
It’s typically a bad news to those Gadget lovers who have been enjoying the sidebar for so long but unfortunately those who heavily enjoyed the sidebar are also the ones exposing themselves to the bad guy the most. It’s time to move on and find some new way to replace them. Besides, Microsoft itself seemed to have lost the interest on those Gadgets as well since there will be no such thing a sidebar existed in the upcoming Windows 8.