Results 1 to 3 of 3

Thread: Win7 and Vista sidebar/gadget vulnerability

  1. #1
    Senior Moment blueball's Avatar
    Join Date
    Aug 2005
    Location
    Edinburgh
    Posts
    2,426
    Thanks
    846
    Thanked
    379 times in 294 posts
    • blueball's system
      • Motherboard:
      • Asus Z390A
      • CPU:
      • i9-9900KS
      • Memory:
      • Kingston 64GB (2x32GB) DDR4 2400MHz
      • Storage:
      • 2TB Samsung 970 EVO Plus NVMe PCIE M.2 plus Samsung 860 EVO 4TB SSD
      • Graphics card(s):
      • ASUS TUF RTX 3080 Ti GAMING OC
      • PSU:
      • Corsair HX850 850 W Full Modular 80 Plus Platinum
      • Case:
      • Corsair Carbide 330R Ultra Silent Midi Tower
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • IIYAMA 3461WQ IPS 34" 3440x1440 plus BenQ GW2765HT IPS 27" 2560x1440
      • Internet:
      • Plusnet 28Mb

    Win7 and Vista sidebar/gadget vulnerability

    Taking a sledgehammer to crack a nut?
    ===============================================================


    This is a security bulletin from the MCT-SafeComputing-List.
    A copy of the text of this email for verification - which may include
    further updates is at:
    http://safecomputing.open.ac.uk/latest_bulletins.htm

    Bulletin ID (also shown on web version): DCLR-8W5B4A

    -----------------------------------------------------------------------------------------------
    B U L L E T I N
    Microsoft is proceeding with plans to remove the Windows 'Sidebar and
    Gadget' platform from Windows Vista and Windows 7 because it allegedly
    contains serious security vulnerabilities which will be disclosed at a
    forthcoming security conference.

    Microsoft has said that it has discovered that some Vista and Win7 gadgets
    don’t adhere to secure coding practices and should be regarded as causing
    risk to the systems on which they’re run. They intend to provide a 'Fix it'
    utility to help system administrators to disable Gadgets and the Sidebar
    across their enterprises.

    if an attacker successfully exploited a Gadget vulnerability they could run
    arbitrary code in the context of the current user

    Domestic users will also be affected by vulnerabilities about to be
    revealed in the Sidebar and Gadgets interface, and may decide not to use
    them as a precaution. A link to the Microsoft FixIt utility which will
    disable the interface is shown below

    The Sidebar and Gadgets interface will not be present in Windows 8 when it
    is released.
    -------------------------------------------------------------------------------------------------------------------

    W E B L I N K S
    ZDNet:
    http://www.zdnet.com/security-flaws-...ts-7000000724/

    Ars Technica:
    http://arstechnica.com/security/2012...ndows-gadgets/

    The Verge:
    http://www.theverge.com/2012/7/11/31...-vulnerability

    Microsoft Gadgets:
    http://windows.microsoft.com/en-us/w...dgets-overview

    Microsoft Bulletin:
    http://technet.microsoft.com/en-us/s...19662#section1
    Microsoft FixIt: http://support.microsoft.com/kb/2719662
    -------------------------------------------------------------------------------------------------------------------
    Rgds,

    BB
    Hexus Trust here and here

  2. #2
    Chaos Monkey Apex's Avatar
    Join Date
    Jul 2003
    Location
    Huddersfield
    Posts
    4,528
    Thanks
    957
    Thanked
    233 times in 163 posts
    • Apex's system
      • Motherboard:
      • Asus Z87M-PLUS
      • CPU:
      • Intel i5-4670K
      • Memory:
      • 32 GiB
      • Storage:
      • 14 TiB
      • Graphics card(s):
      • R9 480X 8Gib
      • PSU:
      • 750
      • Case:
      • Core View 21
      • Operating System:
      • Windows 10 pro
      • Monitor(s):
      • Dell S2721DGFA
      • Internet:
      • 200Mb nTL Cable

    Re: Win7 and Vista sidebar/gadget vulnerability

    So insted of fixing it they are removing it, way to go M$.



  3. #3
    Pork & Beans Powerup Phage's Avatar
    Join Date
    May 2009
    Location
    Kent
    Posts
    6,260
    Thanks
    1,618
    Thanked
    608 times in 518 posts
    • Phage's system
      • Motherboard:
      • Asus Crosshair VIII
      • CPU:
      • 3800x
      • Memory:
      • 16Gb @ 3600Mhz
      • Storage:
      • Samsung 960 512Gb + 2Tb Samsung 860
      • Graphics card(s):
      • EVGA 1080ti
      • PSU:
      • BeQuiet 850w
      • Case:
      • Fractal Define 7
      • Operating System:
      • W10 64
      • Monitor(s):
      • Iiyama GB3461WQSU-B1

    Re: Win7 and Vista sidebar/gadget vulnerability

    Reading that it seems that vulnerabilities would be introduced by gadgets written by 3rd parties. Accordingly, they are assuming the lowest common denominator and allowing the public to remove the functionality if they feel it's necessary.

    I'm OK with that.
    Society's to blame,
    Or possibly Atari.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •