This was two years ago and nothing at all came of it. An article that, if I remember correctly, you yourself parroted as the end of Windows. Of course, the source you quote is the same one who said that Linux is DirectX compatible with a native implementation simply because a state tracker had been developed with pre-alpha-wtf quality. Sure enough, in the "Acknowledgments" section of the advisory, Microsoft thanks "Mickey Shkatov and Toby Kohlenberg for working with us on Gadget vulnerabilities." I guess Shkatov and Kohlenberg may be white hat hackers rather than black hat ones. We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets. As a result there are a number of interesting attack vectors that are interesting to explore and take advantage of.
Gadgets are comprised of JS, CSS and HTML and are application that the Windows operating system has embedded by default. We will be talking about the windows gadget platform and what the nastiness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Why send someone an executable when you can just send them a sidebar gadget? There, two researchers-Mickey Shkatov and Toby Kohlenberg-plan to show a presentation about attack vectors in Gadgets. (Another wizard, available from the same page, switches the feature back on.) Microsoft’s security advisory says you can disable Windows Gadgets yourself using the Registry Editor, as well, provided you follow a few simple instructions.Īccording to Computerworld, the advisory "may be linked" to the upcoming Black Hat security conference. To address the problem, Microsoft has released a "Fix it" wizard that disables Windows Gadgets altogether. An attacker could purportedly use them to access your PC with the same privileges as your user account-so if you have administrative privileges, the attacker could get full control of your machine. In a security advisory published yesterday, Microsoft says the diminutive desktop (and sidebar) applets may be vulnerable to attacks that enable remote code execution. Do you use Gadgets in Windows 7 or Vista? Bad news, then.
0 kommentar(er)
