Disable Gadgets In Windows 7, Vista: Vulnerabilities in Gadgets Could Allow Remote Code Execution

Microsoft originally introduced desktop gadgets in Windows Vista operating system and continued supporting them in Windows 7 operating system. As the release of Windows 8 final version is coming near, there were reports that indicate that Microsoft will remove desktop gadgets from Windows 8 operating system. Microsoft has confirmed that it will deprecate Gadgets and Sidebar in Windows 8. Now, it seems Microsoft has a good reason for removing desktop gadgets from Windows 8.

Along with this month’s Patch Tuesday, a security advisory is released for Windows Vista and Windows 7 operating system. The security advisory is about vulnerabilities in desktop gadgets that could allow Remote Code Execution.

Here’s what Microsoft officially says addressing the issue:

Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.

An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

As you must have noticed from the official statement, desktop gadgets pose a serious security threat. A vulnerability in Windows Sidebar could allow malicious desktop gadgets to execute arbitrary code. As if this was not enough, third-party desktop gadgets installed from untrusted sources can access your computer’s files and may harm it. The only safe solution is to disable gadgets and Windows Sidebar.

Microsoft Fix-It Solution To Enable/Disable Gadgets In Windows 7 and Vista

Microsoft has made it easy to secure your Windows Vista and Windows 7 computer system from the threat posed by Windows Sidebar and desktop gadgets. You also don’t need to change any registry entries or do any hacks using the Group Policy Editor. To disable gadgets and Windows Sidebar completely, simply download the Fix-It solution that addresses the issue.

You will find two Fix-It Solutions available there. Microsoft Fix it 50906 will disable gadgets and Windows Sidebar in the supported operating systems. Microsoft Fix it 50907 on the other hand will enable the features again. When you run the Fix-It solution, it will automatically create a system restore point. Then it proceeds to enable or disable gadgets and the sidebar on the supported system.

fix-it-solution-to-disable-gadgets-and-sidebar-in-windows

Administrators and users are advised to use the Fix-It solution provided by Microsoft to disable gadgets and the sidebar, to protect their computer system.

Missing out computer how to, tips, tutorials, and more? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications - please check your spam folder if you don't receive this.

About SK Mezanul Haque

SK Mezanul Haque is the founder of MyTechGuide.org (popularly known as My Technology Guide). Passionate about all things in tech. Let's talk on Google Plus.

  • ms

    you have the actions of the fix-its backwards…..50907 enables the fix-it process to disable the gadgets, while 50906 disables the fix-it process and actually enables the gadgets.

    • http://www.mytechguide.org/ Mezanul

      Hi,

      If you see the screenshot below, Microsoft clearly mentiones that 50906 disabled gadgets and sidebar, while 50907 enable sidebar and gadget back. So, what I have written in the article is correct. Hope I was able to clear your doubts. :)

      Fix-it solution