Why you should hit the kill switch for Windows Gadgets
Security vulnerabilities have been identified in the Windows Gadgets and Sidebar by researchers Mickey Shkatov and Toby Kohlenberg.
The duo will present their findings at a session to be held at the Black Hat 2012 hacker conference on July 26. The weaknesses are applicable to the Windows 7 and Windows Vista platforms.
To encounter the threats posed by malicious gadgets, Microsoft has issued a solution in the form of a kill switch to disable the Windows Gadgets and Sidebar.
Security loopholes in Windows Gadgets and Sidebar
In their presentation, Mickey and Toby will talk about the vulnerabilities in Windows Gadgets and Sidebar that can allow remote code execution by hackers. The summary of their keynote mentions the following:
We will be talking about the windows gadget platform and what the nastiness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.
Microsoft’s kill switch for Windows Gadgets and Sidebar
Windows 7 and Windows Vista users can download the Microsoft Fix It solution, which disables the Windows Gadgets and Sidebar. Just download the file and run it. It’s necessary to ensure the security of your Windows 7 or Windows Vista-based computer.
As Mickey and Toby reveal the security vulnerabilities in Windows Gadgets, Microsoft could release more patches to fix the issues. Until then, it’s best to run the Microsoft Fix It solution.