Microsoft has urged Windows 7 and Vista users to disable the Sidebar and Gadgets immediately, in response to a serious security risk posed by the desktop applications.
Gadgets appear in the Windows Sidebar at the edge of the Windows 7 and Vista desktop, and can provide information such as news headlines, weather, calendars and more.
The computer giant has issued a temporary fix for the problem here, which disables the Sidebar and Gadgets until a more permanent solution can be found. Users who leave their Sidebar open run the risk of having their computers attacked by malicious Gadgets.
Microsoft said: "An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Microsoft seems to have issued this warning in response to the up-coming Black Hat hacker conference on 26 July, where security researchers Mickey Shkatov and Toby Kohlenberg will give a talk entitled: "We have you by the Gadgets." The talk threatens to expose various attack vectors against gadgets, how malicious gadgets can be created, and the flaws they have found in published gadgets.
Security expert Graham Cluley said on the Naked Security blog: "Clearly Microsoft is worried about the security researchers' findings, and has issued a "Fix It Tool" which will protect Windows 7 and Vista users by entirely disabling the Windows Sidebar and Gadgets functionality.
"Yes, that's right. Microsoft hasn't issued a security patch to fix the vulnerability. They're suggesting you completely nuke your Windows Sidebar and Gadgets. Which is bad news if you found those sidebar gadgets useful. You better find a new way to tell what time it is, or catch the latest from your favourite RSS feeds."
Along with issuing the temporary fix, Microsoft announced the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7.
"Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets."
Microsoft add that customers should apply the fix as soon as possible.