Microsoft Security Advisory (2719662)

Discussion in 'other security issues & news' started by ronjor, Jul 11, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,032
    Location:
    Texas
    https://technet.microsoft.com/en-us/security/advisory/2719662
     
  2. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Thanks for this.
     
  3. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Thanks, Ron - fixed via Services and MSCONFIG.
     
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Microsoft fix kills Windows Gadgets, warns it could lead to PC hijacks
    Article
     
  5. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Isn't this the same as the original excellent post of Ronjor?
     
  6. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The article cites the same MS Technet findings and recommendations, otherwise, it is not.
     
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I made the registry changes and exported so I could distribute to other machines. I don't see them fixing this ever, since they are wanting to kill gadgets anyway.
     
  8. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Windows 8 will not support desktop gadgets, for reason cited in this thread, that have yet to be substantiated by Microsoft as written correctly.

    It has been reported in many instances the Fit-it's are inverted. :ouch:
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Is 50906 "Enable" or "Disable"?
    The headings and explanations show conflicating results.
     
  10. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    We are not sure, meaning, those in the security community, have implemented both, some desktop gadget functionality is removed, yet desktop gadgets can still be enabled, this is a fix that does not completely work.
    I cannot say with 100 % certainty, which is which, or, what will do what.
     
  11. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    i know some love those gadgets but imo good riddance. i dont use them nor will i ever. over the life of vista and 7 i have seen so many issues from them causing problems with various clients im personally glad to see them go.
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I'm not using any Gadgets, so does that mean I need to do anything?
    And I have no idea where to find Sidebars (I looked in Accessories), so where is it? :doubt:
     
  13. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Please re-read further up the thread for a detailed explanation.

     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I did read the thread and as a result of reading the thread I have two questions...
    1. I'm not using any Gadgets, so does that mean I need to do anything?
    2. I have no idea where to find Sidebars (I looked in Accessories), so where is it?
     
  15. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    The vulnerabilities discussed in the Advisory involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.
    Does anyone know if I still need to disable Gadgets if I am not running any of them?
     
  17. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The sidebar is still executed as cited here regardless of what fix-it used.
    See:
    Code:
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows 
    Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    Best bet is to not run any desktop gadgets on Vista or Windows 7 regardless if you have run them or not.
     
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I would just get rid of them altogether. Go to control panel, Programs and features, turn Windows features on or off, uncheck Windows gadget platform, reboot when prompted, done. No more gadgets.
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's one of the first things I do when I install Windows 7 clean. :)
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    @ xxJackxx ...
    Thanks, that was very clear! I did as you suggested. :)
    To date, I have been relying upon the description from Microsoft that states, "An attacker would have to convince a user to install and enable a vulnerable Gadget."
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Don't run them regardless if you have run them or not? o_O
     
  22. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    Which may be easier to have happen than one would suspect. If you for example install something like Norton Internet Security (or many other products) it installs a desktop gadget as part of the installation and opens it. An attacker would not need to prompt "Hey, install this gadget and run it too", they could slip it into many other processes. I'm sure most of the folks here would not get into that situation to begin with, but it probably wouldn't be any harder than it would be to slip a browser toolbar into your system. Better safe than sorry.
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Well, I'm not very knowledgeable on the topic, but it would seem that the operative phrase is "vulnerable Gadget."
    Doesn't seem to me that NIS would install a vulnerable gadget on a user's system.
    Bottom line, though, is as you stated... better safe than sorry. :thumb:
     
  24. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I don't expect they would, the point was ANY installer could install and run a gadget. That was just an example of how one can appear without you being specifically asked to install one.
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Thanks, I also followed your instructions to get rid of them, did not even try them out in my new laptop with W7.

    Bo
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.