In a security advisory Tuesday, Microsoft urged Windows Vista and 7 users to download a tool that disables the operating system's sidebar and gadgets. The company warned that insecure gadgets could be used to run arbitrary code on a computer, access its files or display objectionable content. In the event of arbitrary code execution, an attacker could take control of the affected system with the ability to install programs, view, change or delete data, or create new accounts with full user rights.
Unfortunately, Microsoft hasn't detailed the vulnerabilities, when (if?) they'll be addressed or whether systems are actively being exploited in the wild. Some have suggested the advisory is merely an attempt to prepare users for the rumored removal of gadgets in Windows 8. Computerworld offers a more plausible explanation, noting that researchers at the Black Hat security conference in Las Vegas on July 26 plan to outline "interesting attack vectors" for creating malicious Windows gadgets.
As mentioned, Microsoft offers a utility to disable gadgets, but you can also do this manually via Group Policy, which is available on Windows Vista Business, Enterprise and Ultimate as well as Windows 7 Professional, Enterprise and Ultimate. It seems Windows Starter, Home Basic or Home Premium users will simply have to use Microsoft's tool. To disable the sidebar/gadgets manually, open the Group Policy Editor by searching for gpedit.msc via the Start menu or Run, then:
- Go to Computer Configuration > Administrative Templates > Windows Components > Windows Sidebar (Vista) or Desktop Gadgets (Windows 7)
- Double click Turn off Windows Sidebar on Vista or Turn off desktop gadgets on Windows 7, select Enabled in the properties and click OK