Microsoft finds vulnerabilities in Vista, W7 gadgets

By Juha Saarinen on Jul 12, 2012 8:06 AM
Filed under Security

Security risk for admins.

Microsoft has urged Windows Vista and Windows 7 users to disable desktop accessories in the operating systems as a security measure.

The software giant said in a security advisory that the insecure Gadgets feature in the systems can execute arbitrary code as well as access user data.

Users logged on as administrator, guest or power user could unwittingly allow rogue Gadgets to run any code it wants at that security level, and take complete control over the system, according to Microsoft.

The advisory includes an automated  "Fix It" tool disabling the features.

While Microsoft did not outline the specific vulnerabilities, a briefing at the Black Hat security conference later this month promises to provide greater detail on the issue.

Gadgets — developed with JavaScript, CSS and HTML — are embedded into the Windows operating system by default, potentially providing a number of interesting attack vectors, according to researchers Mickey Shkatov and Toby Kohlenberg.

All editions of Windows Vista Serivce Pack 2 are affected by the vulnerability, as well as the entire Windows 7 operating system family.

 
Follow us on Facebook and Twitter
 

Copyright © iTnews.com.au . All rights reserved.

Microsoft finds vulnerabilities in Vista, W7 gadgets
 
 
 
 
 
Top Stories
Apple's Australian tax bill hiked as profits triple
Flat revenues but surging bottom line for Apple.
 
IBM dismisses report of 112,000 layoffs
Big Blue breaks media silence to deny "stupid" report.
 
Fast50 firms hit the Australian Open with CRN and Synnex
Select Fast50 companies watched the tennis from the distie's superbox.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which was your strongest quarter of the 2014 calendar year?



Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.