Taking a sledgehammer to crack a nut?
===============================================================
This is a security bulletin from the MCT-SafeComputing-List.
A copy of the text of this email for verification - which may include
further updates is at:
http://safecomputing.open.ac.uk/latest_bulletins.htm
Bulletin ID (also shown on web version): DCLR-8W5B4A
-----------------------------------------------------------------------------------------------
B U L L E T I N
Microsoft is proceeding with plans to remove the Windows 'Sidebar and
Gadget' platform from Windows Vista and Windows 7 because it allegedly
contains serious security vulnerabilities which will be disclosed at a
forthcoming security conference.
Microsoft has said that it has discovered that some Vista and Win7 gadgets
don’t adhere to secure coding practices and should be regarded as causing
risk to the systems on which they’re run. They intend to provide a 'Fix it'
utility to help system administrators to disable Gadgets and the Sidebar
across their enterprises.
if an attacker successfully exploited a Gadget vulnerability they could run
arbitrary code in the context of the current user
Domestic users will also be affected by vulnerabilities about to be
revealed in the Sidebar and Gadgets interface, and may decide not to use
them as a precaution. A link to the Microsoft FixIt utility which will
disable the interface is shown below
The Sidebar and Gadgets interface will not be present in Windows 8 when it
is released.
-------------------------------------------------------------------------------------------------------------------
W E B L I N K S
ZDNet:
http://www.zdnet.com/security-flaws-...ts-7000000724/
Ars Technica:
http://arstechnica.com/security/2012...ndows-gadgets/
The Verge:
http://www.theverge.com/2012/7/11/31...-vulnerability
Microsoft Gadgets:
http://windows.microsoft.com/en-us/w...dgets-overview
Microsoft Bulletin:
http://technet.microsoft.com/en-us/s...19662#section1
Microsoft FixIt: http://support.microsoft.com/kb/2719662
-------------------------------------------------------------------------------------------------------------------