Microsoft has officially killed the Windows Gadgets feature of Windows 7 and Windows Vista, following the discovery of a major security flaw in the Windows Sidebar.
Introduced in Windows Vista, the Sidebar and its associated Gadgets functionality was supposed to make users' lives easier. The sidebar could contain active content, providing weather information, a clock, network status, system status, unread email counts, or almost any other piece of information the user desired. Although it made the move intact to Windows 7, its use has never been particularly popular - leaving Microsoft deciding to deactivate the functionality rather than try to fix a recently-discovered vulnerability.
Discovered by security researchers Mickey Shkatov and Toby Kohlenberg, who are due to present a talk entitled We Have You By The Gadgets
at the Black Hat Briefings event later this month, the flaw allows attackers to take over the system by exploiting badly-written or maliciously-coded Gadgets installed in the Sidebar.
Microsoft's solution: turn the whole damn thing off. A Fix It Solution, which Microsoft describes as 'not intended to be a replacement for any security update
,' disables the Sidebar functionality entirely in order to protect users from attack. For those who still want the Sidebar, there is little in the way of attack mitigation at present - aside from running Microsoft's Sidebar-killer and installing a third-party application designed to perform the same task.
Security-conscious users running any Windows 7 Service Pack 1, Windows 7, Windows Vista Service Pack 2 or Windows Vista Service Pack 1 build are advised to download and apply the patch, which can be found on Microsoft's support site