How to disable or re-enable the Windows 7 Gadgets sidebar
July 19, 2012
For the last few weeks I have been reading security bulletins warning us to turn off the Windows Gadgets sidebar, which is a feature introduced on Windows Vista and continued on 7. Two security researchers, Mickey Shkatov and Toby Kohlenberg, have announced that the Gadgets Platform is basically exploitable and are going to present their evidence in a keynote presentation at the upcoming Black Hat Convention, on July 26, 2012, at Caesars Palace, Las Vegas, Nevada.
According to Black Hat USA 2012 briefings page, here is what these guys are going to reveal: "We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets." Once their findings go public, hackers and cybercriminals will begin adding the published exploits to attack kits already in use (like the BlackHole, or Phoenix Exploit Kits). That is when it is going to hit the fan!
The Gadget sidebar is actually the Windows Gadget Platform. Misters Shkatov and Kohlenberg have notified Microsoft about their findings and in response, and without going into any meaningful details, Microsoft has issued a security advisory calling on concerned people everywhere to disable their (Windows Vista and Windows 7) Gadgets and Sidebars!
Here is the warning on the Microsoft Security Advisory (2719662) page:
An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The following paragraphs show two methods of disabling, or re-enabling your Windows Gadgets and Sidebar.
Automated Fix It Solution:
Microsoft has published another security page containing two Fix It buttons. The buttons download files with a .msi extension. The button on the left (50906) fixes the problem by disabling the Windows Sidebar and Gadgets entirely. The button on the right (50907) reverses the changes and enables the Sidebar and Gadgets. Running either requires you to reboot the computer to complete the action.
Manual Fix:
I also discovered that you can take matters into your own hands and disable or enable the Windows Gadget Platform by yourself. Simply open "Control Panel" > "Programs" > "Turn Windows features on or off" (acknowledge UAC prompt or type admin password) > "Windows Gadget Platform" and uncheck its checkbox and click OK. You will be told to restart the computer for the change to take affect. Reverse this procedure if you choose to enable the Gadgets after the details of the exploit are made public and you have assessed your exposure and exploitability.
Keep in mind that the Microsoft Advisory makes it clear that the danger of takeover is directly related to the privileges of the logged in user. If you, like me, operate with reduced user privileges, you are less likely to be exploited without any notification. You could, however, be tricked into installing a malicious gadget, just like any other kind of malware or Trojan Horse. This is referred to as the weakest link lies between the keyboard and chair. If you read my security alerts and those of other professionals in the computer security field, you should have enough street smarts to not fall for social engineering tactics meant to self-infect the clueless. Beware of Gadgets bearing gifts!
Yet to be revealed:
It still is unclear if Microsoft has any intentions of patching this vulnerability, or if hiding the Sidebar and Gadgets like ostrich heads in the sand is their best solution. Once the details of this exploit have been made public and Microsoft decides if a patch is to be issued, we'll all be able decide that it is safe or unsafe to re-enable the use of Windows Gadgets. I will wait and see, but have them turned off for now. I will publish a follow up article outlining the danger that is posed by using Windows Gadgets in the Windows Sidebar, once that information has been vetted.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.