Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Gadgets Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB2719662 | First vendor Publication | 2012-07-10 |
Vendor | Microsoft | Last vendor Modification | 2013-07-03 |
Severity (Vendor) | N/A | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code: In addition, Gadgets can access your computer's files, show you objectionable content, or change their behavior at any time. Gadgets could also potentially harm your computer. Applying the automated Microsoft Fix it solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality. Recommendation. Customers who are concerned about vulnerable or malicious Gadgets should apply the automated Microsoft Fix it solution as soon as possible. For more information, see the Suggested Actions section of this advisory. For more information about this issue, see the following references: This advisory discusses the following software. What is the scope of the advisory? What caused the issue? What might an attacker use the vulnerability to do? How could an attacker exploit the vulnerability? Apply Workarounds Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. See the next section, Workarounds, for more information. See Microsoft Knowledge Base Article 2719662 for instructions on applying an automated Microsoft Fix it solution that blocks the attack vector by disabling Windows Sidebar and Gadgets. We recommend that administrators review the article closely prior to deploying this Fix it solution. Note This Fix it solution does not apply to Windows 8 Consumer Preview or Windows 8 Release Preview. To disable Sidebar in Group Policy, follow these steps: Impact of Workaround: Sidebar is disabled. Disabling Sidebar by creating a new registry key helps protect the affected system from attempts to exploit this vulnerability. To create a new Sidebar registry key, follow these steps: Note: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note: We recommend backing up the registry before you edit it. Impact of Workaround: Sidebar is disabled. We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps by visiting Protect Your Computer. For more information about staying safe on the Internet, visit Microsoft Security Central. Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2719662.mspx |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:40 |
|
2013-09-18 17:10:30 |
|