URL: http://arstechnica.com/security/2012/07/microsoft-fix-kills-windows-gadgets/
Microsoft has warned that a Gadgets feature included in Vista and later versions of Windows could allow attackers to hijack end-user machines and has taken the unusual step of issuing an temporary update that allows it to be completely disabled.
"An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user," company officials said in an advisory issued Tuesday. "If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system." To be successful, they added: "An attacker would have to convince a user to install and enable a vulnerable Gadget."
Microsoft added the Gadgets feature and an accompanying Sidebar to Windows Vista in hopes of matching the success Apple had with a similar feature called Dashboard, which is included in Mac OS X. It allows end users to add clocks, stock tickers, and other small apps to their desktops. A few weeks ago, Microsoft pulled the plug on its official Gadgets gallery. The page now includes a warning that says: "Gadgets installed from untrusted sources can harm your computer and can access your computer's files, show you objectionable content, or change their behavior at any time."
Nenhum comentário:
Postar um comentário