On Thursday July 26, Security researchers Mickey Shkatov and Toby Kohlenberg are scheduled to deliver a presentation at Black Hat USA 2012 hacker conference in which they will demonstrate weaknesses in the ‘Sidebar and Gadgets’ technology that is embedded into the Windows Vista and Windows 7 operating system.
“Why send someone an executable when you can just send them a sidebar gadget?” writes Shkatov and Kohlenberg. Gadgets, which are comprised of HTML code that run on Windows PC’s. “Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.”
“We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.”
This is a problem because once this vulnerability is shown off hackers will try to exploit these weaknesses before Microsoft has a chance to patch the vulnerabilities properly. Microsoft has released a Kill Switch for the Windows Sidebar and Gadgets. This will allow you to disable the Sidebar and Gadgets on your PC. This is easy to download, run and install on your computer and then reboot your computer. This needs to be done on computers running Windows Vista and Windows 7 before Thursday July 26th.