Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Kills Windows Gadgets Via Security Update

Posted by timothy on from the cutting-losses dept.

benfrog writes "Microsoft has taken the unusual step of killing the Windows Gadgets feature completely via a security update. According to an advisory issued Tuesday, an attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget. Microsoft has pulled the plug on its official Gadgets Gallery and is offering a Fix-it that completely disables the Windows Sidebar and Gadgets. Researchers Mickey Shkatov and Toby Kohlenberg are scheduled to give a presentation on the vulnerability at the upcoming Black Hat conference called We Have You By the Gadgets."

6 of 161 comments (clear)

  1. Misinformed Title by Mike+Wag · · Score: 5, Informative

    Slashdot's title gives the idea that Microsoft is using Windows Update to disable gadgets while in fact they are not. The article, however, is correct so this is just Slashdot trying to be sensationalist.

    What Microsoft is giving is 'Fix It' executable on their website. These are entirely optional and are proactively downloaded and enabled by users. They also contain the full info of what they do.

    As for the "vulnerability", well, duh. You download executable code, you might get pwnd. Even Chrome warns you that addons can pwn your system.

    1. Re:Misinformed Title by Sc4Freak · · Score: 5, Informative

      This is a fix-it update, which doesn't appear through windows update and isn't pushed out through WSUS...

    2. Re:Misinformed Title by mister_playboy · · Score: 4, Informative

      You like to complain about others making hyperbolic posts, yet every single post you make is an exaggerated bluster-filled rant.

      Your endless faux outrage is fucking boring. Get a new gimmick and maybe I'll consider reading your comments again.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
  2. Wrong summary by Jennifer+Wag · · Score: 5, Informative

    Microsoft Windows Update does not remove Windows Gadgets. To remove Windows Gadgets, you need to proceed to Microsoft website and download a Fix-It that can be then used to disable Windows Gadgets on your computer.

  3. Re:Uh by Dynamoo · · Score: 4, Informative

    The same goes for installing ANY application. This is a stupid knee-jerk reaction.

    --
    Never email donotemail@WeAreSpammers.com
  4. Re:Uh by Marc+Madness · · Score: 4, Informative
    The featured article explains with a much less confusing use of pronouns:

    "An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user," company officials said in an advisory issued Tuesday. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system."