Microsoft is urging Windows Vista and Windows 7 users to disable the Sidebar and Gadget features of the operating systems. Desktop Gadgets, originally introduced in Windows Vista, are mini-apps based on HTML that obtain information from web feeds. Microsoft removed the Sidebar part of its Gadgets implementation in Windows 7, but the software maker is now warning that "insecure" Gadgets could allow attackers to run arbitrary code in the context of the current user.
In a security advisory issued earlier this week, the company has provided an automated fix to disable the Windows Sidebar and Gadgets in supported editions of Windows Vista and Windows 7. Described as a workaround, the firm says its temporary fix will "help block known attack vectors before a security update is available." It's not immediately clear whether the firm plans to issue a full security update in future that will also disable the Gadgets feature, but its temporary workaround suggests that might be the case.
Microsoft's security advisory follows a decision by the firm to kill its desktop Gadget support in Windows 8. Although the Consumer and Release Preview editions of Windows 8 include Gadgets, we have been informed by reliable sources that the software giant has decided to axe them in the final edition of Windows 8. Whether this decision is related to the security concerns isn't clear at this stage. Computerworld reports that researchers are planning to disclose bugs and security vulnerabilities at a Black Hat convention later this month, a move that may have prompted Microsoft's security advisory.