Most computer security experts are probably baking in the Las Vegas sun this week and listening to esoteric presentations at the annual Black Hat security conference.
Meanwhile, we get a bit of a summer break, too, from Windows updates — so take some time to ponder the use of Windows gadgets, patch Firefox, and say goodbye to Thunderbird.
Waiting for details on the gadget threat
This week, we’ll find out exactly what AV researchers Mickey Shkatov and Toby Kohlenberg know about the insecurities of Vista and Win7 gadgets when they deliver their presentation at Black Hat. Woody Leonhard gave a preview of this problem (and some advice) in his July 19 Top Story, and Microsoft posted Support article 2719662, which contains a fixit for disabling gadgets.
I hope Shkatov and Kohlenberg tell us that the threat from malicious gadgets is relatively low for home users. I’d love to keep using my favorite weather and calendar gadgets. If Microsoft truly thought the risk was high, it would most likely have rolled out a patch instead of the optional security advisory it posted.
Once this article is published, I’ll post some thoughts on this issue in the Windows Secrets Lounge and will also revisit it in the last Patch Watch for August. I welcome your comments; you’ll find a link to this column’s Lounge post at the bottom of this article.
What to do: Until we have more information on the threats to Vista and Win7 gadgets, take Woody’s advice to disable them with the fixit in 2719662.
MSXML Core Services 5.0 patch still MIA
As reported in the July 12 Patch Watch, we received updates for Microsoft XML Core Services 3.0, 4.0, and 6.0. But an update for XML 5.0 was missing in action — and still is. According to an MS Security Research & Defense blog, Office 2003 and 2007 users should apply MS fixit 50908.