Since the original deployment of Windows Vista, PC users have been able to embed small applications on their desktops to get a quick, continually updated look at weather, time zones, stocks, sports scores and more. This feature was retained in the current Windows 7 operating systems. In a security advisory released last month, Microsoft announced that running insecure gadgets could allow remote attackers to run arbitrary code as the current user. In other words, someone could access your data, change your computer’s behavior, or display objectionable content to users without physical access to the machine. If the vulnerable users are logged in with administrator security privileges, the attacker could take complete control of the affected system.
The proposed workaround is a fix-it solution available from Microsoft that fully disables the Windows Sidebar and Gadgets. The company has also discontinued the official Gadgets gallery, where users could formerly browse, download and install a variety of small desktop apps. Non-Vista-based operating systems are not at risk. Windows XP, Server 2003, Server 2008 and Server 2008 R2 are included in the list of those not affected by this threat.
© 2012 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.