Microsoft Kills Windows Gadgets Via Security Update

benfrog writes "Microsoft has taken the unusual step of killing the Windows Gadgets feature completely via a security update. According to an advisory issued Tuesday, an attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget. Microsoft has pulled the plug on its official Gadgets Gallery and is offering a Fix-it that completely disables the Windows Sidebar and Gadgets. Researchers Mickey Shkatov and Toby Kohlenberg are scheduled to give a presentation on the vulnerability at the upcoming Black Hat conference called We Have You By the Gadgets."

Misinformed Title

[Mike+Wag]

Slashdot's title gives the idea that Microsoft is using Windows Update to disable gadgets while in fact they are not. The article, however, is correct so this is just Slashdot trying to be sensationalist.

What Microsoft is giving is 'Fix It' executable on their website. These are entirely optional and are proactively downloaded and enabled by users. They also contain the full info of what they do.

As for the "vulnerability", well, duh. You download executable code, you might get pwnd. Even Chrome warns you that addons can pwn your system.

Re:Misinformed Title

[Sc4Freak]

This is a fix-it update, which doesn't appear through windows update and isn't pushed out through WSUS...

Re:Misinformed Title

[Dog-Cow]

And even if it was, it wouldn't matter. IT departments that push patches indiscriminately deserve any negative feedback they get.

Re:Misinformed Title

[hairyfeet]

This is something I have been wanting to ask for awhile, seriously, WTF does ANYBODY CARE about these so called "shills" anyway? I mean seriously the real shills are so damned easy to spot they may as well be the PHB on Dilbert, they use the same "buzzword bingo" that the corps just looooove to see in print, like "synergy" and "vertical integration" and "user experience' that nobody IRL uses, and if their point is bullshit? Well its not hard to spot actual bullshit and it gets modded down quick enough.

In the meanwhile all this "ZOMFG It a shill ZOMFG!" creates total paranoia and has the unstable seeing shill EVERYWHERE, I mean anybody that has read my history knows I'm just a little shop owner in the middle of bum fuck nowhere but so far I've been told I'm not actually in a little college town in the middle of AR, nope I'm hidden in a sekret bunker under Redmond, which I actually thought would be a hell of a lot more cool and interesting than my boring shop, oh and I'm also sub contracted to Comodo, AMD, Apple (Still haven't figured THAT one out, I don't even own an iPod), Asus, Gigabyte, and Asrock. I just wish someone would tell me where the sekret Swiss bank account is with all that money from subcontracting as I'd like a new truck, thanks.

As for TFA I smell bullshit. Are you seriously telling me that MSFT can't even keep their own fucking website safe? Seriously? they got all those people working there, they can't even scan the fucking executables put on their own damned website? What are they running it on, a badly done FB page?

Considering the fact I've NEVER seen anyone ever get a gadget at ANY site other than MSFT's, and that when you clicked on "get more gadgets online" it took you straight to their page i have to conclude that they simply want gadgets gone because it offers the same tweeting twitting FB shitting social crap that MSFT is pushing for Win 8. I've said it before and I'll say it again...watch out! I have NO doubt that between now and the release of Win 8 that MSFT will push more "security updates" that will be designed to cripple Win 7, because they are scared to death Win 8 is gonna be WinME the second coming.

So triple check every damned update that comes out between now and then, and be sure to have disc images handy, because Ballmer and Sinofsky isn't gonna do anything that would allow Win 8 to flop and the simple fact is unless you have a touchscreen Win 7 will do anything you want. But if a security update were to...ohh I don't know....say kill 30%+ of performance, or take the decent features away, for 'security reasons" of course, why folks might be more likely to buy Windows 8! The fact that MSFT is offering Win 8 pro upgrades on their website for $40 tells me they are running scared, hell they have NEVER offered pro for anywhere near that cheap, so frankly every single thing they say or do between now and then i would look at as suspect. MSFT is on the ropes, stuck in a niche that is flatline and will never be #1 again, and when backed into a corner as we have seen in the past MSFT can be pretty nasty. Just something to think about.

Wrong summary

[Jennifer+Wag]

Microsoft Windows Update does not remove Windows Gadgets. To remove Windows Gadgets, you need to proceed to Microsoft website and download a Fix-It that can be then used to disable Windows Gadgets on your computer.

What?

[trifish]

An attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget.

I always thought that if an attacker is logged in as admin, he owns the system already.

Why do they talk about a specific attack? There are zillions of them if you have admin rights.

Dr. Claw's response

[Megane]

"I got you this time, Gadgets!"

Re:Sigh

[the+eric+conspiracy]

> But then thats MS in 2012. Remove and restrict features, charge you for what was free before, and generally be a fucking bunch of dicks.

As Steve Ballmer said, we are not going to let Apple have any market unchallenged.