Microsoft has officially killed the Windows Gadgets feature of Windows 7 and Windows Vista, following the discovery of a major security flaw in the Windows Sidebar.Introduced in Windows Vista, the Sidebar and its associated Gadgets functionality was supposed to make users' lives easier.

vista sidebar news feed not updating-21

Discovered by security researchers Mickey Shkatov and Toby Kohlenberg, who are due to present a talk entitled We Have You By The Gadgets at the Black Hat Briefings event later this month, the flaw allows attackers to take over the system by exploiting badly-written or maliciously-coded Gadgets installed in the Sidebar.

Microsoft's solution: turn the whole damn thing off.

A Fix It Solution, which Microsoft describes as 'not intended to be a replacement for any security update,' disables the Sidebar functionality entirely in order to protect users from attack.

For those who still want the Sidebar, there is little in the way of attack mitigation at present - aside from running Microsoft's Sidebar-killer and installing a third-party application designed to perform the same task.

MS already stopped some time ago their own page with gadgets, and when this vulnerability came up, they decided to kill it, especially considering they are soon releasing Windows 8 with live tiles, which is a turbo version of these gadgets.

I like and use this, I like having the analogue clock on the top right of my screen.

I also use the weather, news-feeds, share-price tracker and currency tracker, and the little screen of rotating images is a nice touch. I use a couple of gadgets - a CPU and memory usage meter and temperature monitor, a similar one for the GPU, and a little control thing for Daemon Tools.

Security-conscious users running any Windows 7 Service Pack 1, Windows 7, Windows Vista Service Pack 2 or Windows Vista Service Pack 1 build are advised to download and apply the patch, which can be found on Microsoft's support site.

Surely this should be an optional or even forced update through Windows Update?

How many people are actually going to read about this and then visit the Microsoft site to fix it? :| I really hope they get this fixed through Windows Update and quick, this sort of thing only brings publicity to a security hole which unless its been properly patched for the bulk of the userbase isn't a smart move.

It is more like "we don't have any spare programmer to fix that".