“Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets,” states a security advisory released July 10 by Microsoft.
An attacker who successfully exploited Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Gadgets are those little mini-applications, resembling animated icons that hang around the desktop to tell you the time, weather, news headlines and so on. (Other software makers, including Apple and Yahoo!, call them “widgets.”)
Gadgets and the Windows Sidebar they live in, first appeared in 2007 as a default setting in Vista.
Windows 7 has Gadgets built in as well, but they’re turned off by default. Instead of being in a sidebar pinned to the right edge of the screen, Gadgets are in a floating window that can be placed anywhere on the desktop.
The page where Microsoft used to host additional Gadgets for download now states, “The Windows website no longer hosts the gadget gallery.”
“Microsoft hasn’t issued a security patch to fix the vulnerability,” “They’re suggesting you completely nuke your Windows Sidebar and Gadgets.”
Applying the automated Microsoft Fix It solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality.
Gadgets have not yet appeared in the preview versions of Windows 8, due this fall, and likely never will.
Click on the below link to download Microsoft Fix It.