All geek questions in one place

What is a gadget vulnerability?

In a recent security tip, Microsoft warns that "Vulnerabilities in gadgets allow remote code execution":

An attacker who successfully exploited the Gadget vulnerability could run arbitrary code in the context of the current user.

( Microsoft Security Advisory 2719662 )

I do not quite understand the point. As far as I know, gadgets (by design) work based on HTML applications with full confidence!

Full trust

The choice to launch the gadget is presented to the user in the same way as the choice to launch any application downloaded from the Internet. Information about the author of the gadget is displayed in a dialog box indicating that there is a risk associated with this file. After the user accepts the warning, the gadget will work with all permissions associated with the user's login account.

( MSDN: Windows Sidebar Security Gadgets )

For example, nothing prevents you from adding

<script language="VBScript"> Set shell = CreateObject("Wscript.Shell") shell.Run "notepad.exe" </script>

and executing arbitrary commands from your gadget. It works by design.

Obviously, they can do everything that another application running in a local user context can do. So where is the MS Security Advisory vulnerability that could be exploited?

+6
source share
5 answers

Well, the "gadget vulnerability" is a problem that:

The risks faced by gadgets are the same as those faced by any websites such as Man-In-The-Middle or code entry. Similar problems existed in earlier versions of most web browsers, but modern browsers specifically implemented controls to try to mitigate many of these problems. These controls are not implemented on the Gadgets platform, which makes them vulnerable to well-known and thoroughly discussed attacks.
- We have you gadgets, a black hat.

so you can see that the main exploit is that there were no controls to restrict gadgets from running code without any restrictions.

another problem:

Microsoft said it found that some Vista and Win7 gadgets do not adhere to secure encoding methods and should be considered as causing risks to the systems on which they run.

so the really launched arbitrary code is part of the HTA, but since the sidebar and gadget platform didn’t soften it and was pretty pessimistic, considering that all gadget programmers would write safe code and wouldn’t try to use or do anything, gadgets aren to do.

hope he answered what you asked.

I still think that the question is rather vague, because you say: well, they allow you to run arbitrary code, and part of the model and concept, and they did not soften it, but what exploit? it has already been exploited ... is the whole idea :)

you can ask about each flaw and attack, and it is precisely in this problem - by design, the problem was not protected, it was found that, since there is no mitigation, and since you can really run and execute malicious code with no problems, these gadgets have drawbacks.

+6
source

Agreed, the Gadgets platform is no more or less vulnerable than if the user executed an unsigned application.

Why the same warning of execution at the system level, heuristic analysis and other methods applied to applications cannot be applied to gadgets, it mystifies me.

This is by no means an embarrassment on the part of Microsoft: the Gadgets platform has not been highly appreciated or widely used (despite the potential for an unprecedented level of capabilities and the integration of web functions directly on the desktop), so instead of making any attempts to protect the user from malicious gadgets, they simply stopped them.

With the direction of user interfaces in Windows, Mac and Android, the average user is becoming less and less aware of how the application (or plug-in) actually does what it does, so the proliferation of unnecessary, opportunistic or even malicious applications continues. I was back and forth in the Gadgets specification, and as far as I can tell, it is no more secure than the plugin system used by Chrome and FireFox.

Running ActiveX and Java on the gadget is subject to the security settings in Internet Explorer. If your security settings allow the gadget to do something, most of these functions can be used in a plugin or Java application.

Analyst reports that I read indicate that these vulnerabilities have been fixed in "the most modern browsers", but this is clearly not true for Internet Explorer, since every gadget that I see can also be launched in IE browser.

In short, this is the “switch style switch” for ActiveX, Java, and the other plugins that are to blame here. Trying to save the user from endless requests and eliminate the requirement of making an informed decision, Microsoft continues to leave uninformed or reckless users open to malicious web applications and plugins.

Trust certificates and security patches would be much preferable to terminating the function.

+2
source

As I see it, I think the security issue is the smoke screen. These "security problems" exist in many vectors, and gadgets, if they were such a problem, would have been considered much earlier than the dawn of the release of Windows 8. My opinion is that the gadgets were dropped because they represent an energy leak to the Windows Tablet 8. This reminds me of how the tape interface "exposed deeply recessed functionality" when I think that Microsoft really planned the touch interface. So, whatever the “excuse” Microsoft would give for something, I tend to look for a deeper goal. Hope this changes with a new guide. Does anyone know if it is possible to install some kind of gadget platform in Windows 8.1? Thank you

+2
source

These attacks occur as follows:

  • An attacker must convince a user to install and enable a vulnerable gadget
  • An attacker who successfully exploited the Gadget vulnerability could gain the same user rights as the logged-in user. If a user is logged on as an administrator, an attacker who successfully exploited this vulnerability could take complete control of the affected system. Then the attacker can install the program; View, modify or delete data or create new accounts with full user rights.

as you can see, just if you install a vulnerable gadget, tell me who permits your gadgets? there are many fake gadgets in the wild world. Be careful.

In addition, Microsoft has a fix for disabling the sidebar and gadgets, which you can find at this link: Microsoft consultation

and they killed gadgets and sidebar in windows 8

0
source

I appreciate you to find the exact details, here is an article presented in blackhat that made Microsoft turn off gadgets:

Do you have gadgets - Black Hat (pdf file)

0
source

Source: https://habr.com/ru/post/920513/

More articles:


All Articles