Disable Gadgets In Windows 7, Vista: Vulnerabilities in Gadgets Could Allow Remote Code Execution
Microsoft originally introduced desktop gadgets in Windows Vista operating system and continued supporting them in Windows 7 operating system. As the release of Windows 8 final version is coming near, there were reports that indicate that Microsoft will remove desktop gadgets from Windows 8 operating system. Microsoft has confirmed that it will deprecate Gadgets and Sidebar in Windows 8. Now, it seems Microsoft has a good reason for removing desktop gadgets from Windows 8.
Along with this month’s Patch Tuesday, a security advisory is released for Windows Vista and Windows 7 operating system. The security advisory is about vulnerabilities in desktop gadgets that could allow Remote Code Execution.
Here’s what Microsoft officially says addressing the issue:
Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.
An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
As you must have noticed from the official statement, desktop gadgets pose a serious security threat. A vulnerability in Windows Sidebar could allow malicious desktop gadgets to execute arbitrary code. As if this was not enough, third-party desktop gadgets installed from untrusted sources can access your computer’s files and may harm it. The only safe solution is to disable gadgets and Windows Sidebar.
Microsoft Fix-It Solution To Enable/Disable Gadgets In Windows 7 and Vista
Microsoft has made it easy to secure your Windows Vista and Windows 7 computer system from the threat posed by Windows Sidebar and desktop gadgets. You also don’t need to change any registry entries or do any hacks using the Group Policy Editor. To disable gadgets and Windows Sidebar completely, simply download the Fix-It solution that addresses the issue.
You will find two Fix-It Solutions available there. Microsoft Fix it 50906 will disable gadgets and Windows Sidebar in the supported operating systems. Microsoft Fix it 50907 on the other hand will enable the features again. When you run the Fix-It solution, it will automatically create a system restore point. Then it proceeds to enable or disable gadgets and the sidebar on the supported system.
Administrators and users are advised to use the Fix-It solution provided by Microsoft to disable gadgets and the sidebar, to protect their computer system.