The Windows sidebar and gadgets feature was first introduced in Vista and continued in Windows 7.
Windows sidebar is a long, vertical bar that is displayed on the side of your desktop. It contains mini-programs called gadgets e.g. to display a weather report or view continuously updated headlines.
Microsoft have just released a security advisory – some Vista and W7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run.
Specifically, an attacker could take complete control of the affected computer. As this is a serious security risk, Microsoft recommend that users immediately disable the sidebar and gadgets – they have released a one-click fix:
How To Disable Sidebar and Gadgets
Visit the Microsoft Support site here. Scroll down to the ‘Fix it for me’ section and click the ‘Fix it’ button or Link under the ‘Disable’ heading.
Click ‘Run’ in the ‘File Download’ dialog box, and then follow the steps in the Fix it wizard.
How Serious Is The Threat?
Reading between the lines it’s a major threat but Microsoft’s stance on this issue is contradictory.
On the one hand, they haven’t issued an automatic update to fix the problem – which could be expected if it was a serious risk. Instead, Microsoft expect Vista and W7 users to manually apply a fix – if they ever get to hear about it…
This all suggests that the risk isn’t actually that great. On the other hand, Microsoft have closed the Windows Gadget Gallery with immediate effect – preventing Vista and W7 users from installing any further gadgets.
Although they note that Windows 8 will not include the sidebar and gadgets, and claim that time is running out for them, those are poor reasons for suddenly taking down the Gallery. 50% of the world’s computers run Vista or W7 and most of those will still be used for years to come.
In practical terms, time was not running out for the Sidebar and Gadgets – so Microsoft’s decision to close the Gallery seems a strong indication that they view the risk as very serious.
Conclusion
Although it is not clear whether the risk applies only to future gadgets or to existing ones as well, the fact that Microsoft advise disabling them and have closed the Gadget Gallery suggests that the risk applies to both.
Windows 7 and Vista users concerned about security should run the one click Fix It to disable the sidebar and gadgets.
Most gadgets have equivalent apps available anyway – there are many solutions to display things like news or weather within a web browser or on the desktop – in a similar way to the Windows sidebar.