Microsoft urged Windows Vista users to download a new security tool that automatically disables suspicious or malicious "gadgets," the small applets that mimic the "widgets" popular on Mac OS X. Dubbed "Windows Sidebar Protection," the 1MB download was added to Windows Update on Tuesday and classified as a "high-priority" update. Microsoft customers running Vista RTM -- the initial version that launched in late 2006 to businesses and early 2007 to consumers -- saw the update on the list starting Tuesday. The update is optional, but depending on what settings have been selected in Windows' Automatic Updates, it may be downloaded and installed without any additional user interaction.
Windows Sidebar is a Vista-only panel that holds the miniature applications known as gadgets -- small single-purpose tools that, for instance, display the time and date or RSS feeds. The Windows gadgets are composed of HTML and various scripts. And there's the rub, said Microsoft.
"Vista treats gadgets like it treats all executable code," said the advisory that accompanied the update. "Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as Web pages are. HTML content in the gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer."
Windows Vista, Security Update, Fix, Malicious, Code, Gadget, Widget, Applet, Mac OS X, Security, Vulnerability, Microsoft