Security Advisory
Microsoft Security Advisory 943411
Update to Improve Windows Sidebar Protection
Published: January 08, 2008
An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411. For more information about how Windows Sidebar Protection helps block installed gadgets from running in Windows Sidebar, see Microsoft Knowledge Base Article 941411.
The document, Six safety tips for using gadgets with Windows Vista, provides guidance on downloading and using gadgets safely. The MSDN document, Gadgets for Windows Sidebar Security, contains information about the security model of the Windows Sidebar. The MSDN document, Inspect Your Gadget, outlines best practices for secure programming that should be followed when building gadgets.
General Information
Overview
Purpose of Advisory: To announce the availability of and to clarify the purpose of an update for Windows Sidebar.
Advisory Status: Microsoft Knowledge Base Article and associated update were released.
Recommendation: Review the referenced Knowledge Base Article and apply the appropriate update.
| References | Identification |
|---|---|
| Microsoft Knowledge Base Article | 943411 |
This advisory discusses the following software.
| Related Software |
|---|
| Windows Vista |
| Windows Vista x64 Edition |
Frequently Asked Questions
What is the scope of the advisory?
To announce the availability of and to clarify the purpose of an update for Windows Sidebar Protection.
What are gadgets?
Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets like it treats all executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as Web pages are. HTML content in the gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to the process for applications (.exe files) downloaded from the Internet.
What is Windows Sidebar Protection?
Windows Sidebar Protection enables Windows Vista to block gadgets from running in Windows Sidebar to help protect against potential security vulnerabilities in gadgets.
Why is Microsoft releasing this update?
Microsoft is releasing this update to provide additional security capabilities to Windows Sidebar. The update enables Windows Sidebar Protection to block potentially vulnerable gadgets as a mitigation.
After installing this update, will gadgets still run in Sidebar?
Yes. After installing this update, all gadgets will still run in Sidebar. This update does not block any specific gadget from running in Windows Sidebar. This update enables Windows Sidebar to help protect against future potential security vulnerabilities in gadgets.
Is this a security vulnerability that requires Microsoft to issue a security update?
No. While this update adds capabilities to the Windows Sidebar, it does not involve a security vulnerability that currently exists in Sidebar or available gadgets.
How will Microsoft list this update on the Windows Update Web site?
The update for Windows Sidebar Protection is a high-priority update on the Windows Update Web site. On the Windows Update site it will be listed in the “High Priority” Updates category for customers that have not already received the update and are running the software listed above.
Should I install this update even if I have kept my Windows operating systems up to date?
Yes. While this update does not address any critical security vulnerabilities, the update does increase the reliability and resiliency of Windows Sidebar.
Will this update be distributed over Automatic Updates?
Yes, this update will be distributed over Automatic Updates to the software listed above.
Suggested Actions
Review the Microsoft Knowledge Base Article that is associated with this advisory
We encourage customers running Windows Vista operating systems to install this update. Customers who are interested in learning more about Windows Sidebar Protection should review Microsoft Knowledge Base Article 943411.
Other Information
Resources:
- You can provide feedback by completing the form by visiting the following Web site.
- Customers in the United States and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
- The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
Disclaimer:
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
- January 8, 2008: Advisory published.
Built at 2014-04-18T13:49:36Z-07:00