Skip to main content

如果你沒有,請禁用Windows 7和Vista邊欄和小工具!

如果你沒有,請禁用Windows 7和Vista邊欄和小工具!

Geoffrey Carr

Windows 7桌面小工具的用戶可能會意識到這一點,但由於我沒有在Windows 7上使用小工具,所以當我今天遇到這些新聞時,這對我來說是新的。但由於這是一個重要的發展,我決定發布它,儘管很晚。

為什麼在Windows 7中停止使用小工具

Microsoft網站上不再提供小工具,因為Windows 7和Windows Vista中的Windows邊欄平台存在嚴重漏洞。小工具可能被利用來損害您的計算機,訪問您的計算機文件,向您顯示令人反感的內容,或隨時改變他們的行為。攻擊者甚至可以使用小工具來完全控制您的PC。

幾個月前,微軟決定在Windows個性化圖庫中取消所有由它託管的小工具。 Windows Personalization Gallery託管主題,壁紙和Windows小工具。 小工具畫廊提到的原因是:

Because we want to focus on the exciting possibilities of the newest version of Windows, the Windows website no longer hosts the gadget gallery.


An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

在其安全諮詢2719662中,微軟還感謝Mickey Shkatov和Toby Kohlenberg在這個問題上與他們合作。兩位安全研究人員在黑帽安全會議上介紹了這個漏洞。

Why send someone an executable when you can just send them a sidebar gadget? We will be talking about the windows gadget platform and what the nastiness that can be done with it, how are gadgets made, how are they distributed and more importantly their weaknesses. Gadgets are composed of JS, CSS and HTML and are application that the Windows operating system has embedded by default. As a resultthere are a number of interesting attack vectors that are interesting to explore and take advantage of. We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets.

Microsoft建議Windows 7和Windows Vista用戶禁用補充工具欄和桌面小工具。

因此,微軟在Windows的新版本中退出了該功能,轉而使用Windows 8中的Windows應用商店應用。

Disabling the Windows Sidebar and Gadgets can help protect customers from vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets. In addition, Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.

要手動禁用Windows邊欄7小工具,請打開或關閉“控制”>“面板”>“打開Windows功能”。取消選中Windows Gadget Platform並單擊OK。還跑 服務。msc打開服務管理器。搜索Windows邊欄服務。右鍵單擊它,然後選擇“屬性”。將其啟動類型設置為“禁用”。您可能需要重新啟動Windows計算機。

為了幫助用戶輕鬆快速地禁用補充工具欄和小工具,Microsoft發布了一個自動修復程序,您可以從KB2719662下載。 Fix It將自動并快速禁用補充工具欄和桌面小工具。

難怪微軟已經放棄了Windows 8中的小工具!

作為Windows 7或Windows Vista用戶,您是否已禁用補充工具欄和小工具?