N/A - KB943411

An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411. For more information about how Windows Sidebar Protection helps block installed gadgets from running in Windows Sidebar, see Microsoft Knowledge Base Article 941411.

The document, Six safety tips for using gadgets with Windows Vista, provides guidance on downloading and using gadgets safely. The MSDN document, Gadgets for Windows Sidebar Security, contains information about the security model of the Windows Sidebar. The MSDN document, Inspect Your Gadget, outlines best practices for secure programming that should be followed when building gadgets.

What is the scope of the advisory?
To announce the availability of and to clarify the purpose of an update for Windows Sidebar Protection.

What are gadgets?
Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets like it treats all executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as Web pages are. HTML content in the gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to the process for applications (.exe files) downloaded from the Internet.

What is Windows Sidebar Protection?
Windows Sidebar Protection enables Windows Vista to block gadgets from running in Windows Sidebar to help protect against potential security vulnerabilities in gadgets.

Why is Microsoft releasing this update?
Microsoft is releasing this update to provide additional security capabilities to Windows Sidebar. The update enables Windows Sidebar Protection to block potentially vulnerable gadgets as a mitigation.

After installing this update, will gadgets still run in Sidebar?
Yes. After installing this update, all gadgets will still run in Sidebar. This update does not block any specific gadget from running in Windows Sidebar. This update enables Windows Sidebar to help protect against future potential security vulnerabilities in gadgets.

Is this a security vulnerability that requires Microsoft to issue a security update?
No. While this update adds capabilities to the Windows Sidebar, it does not involve a security vulnerability that currently exists in Sidebar or available gadgets.

How will Microsoft list this update on the Windows Update Web site?
The update for Windows Sidebar Protection is a high-priority update on the Windows Update Web site. On the Windows Update site it will be listed in the “High Priority” Updates category for customers that have not already received the update and are running the software listed above.

Should I install this update even if I have kept my Windows operating systems up to date?
Yes. While this update does not address any critical security vulnerabilities, the update does increase the reliability and resiliency of Windows Sidebar.

Will this update be distributed over Automatic Updates?
Yes, this update will be distributed over Automatic Updates to the software listed above.