An attacker could take over a user's system if they are logged in as admin and they install a vulnerable gadget.

I always thought that if an attacker is logged in as admin, he owns the system already.

Why do they talk about a specific attack? There are zillions of them if you have admin rights.

Some of us are the beneficiaries of updates pushed out to us by IT departments where they take whatever Microsoft puts up, without much reading, because they don't know who they might step on.

But your point is well taken.

But we want Microsoft to be EVIL and Blundering. As we giggle in glee of all of Microsoft Mistakes knowing these are mistakes of Pure Evil. While we use our own Pure OS, which by the nature of the fact that we chose to run it, is Good and infallible (unless it in some ways have been corrupted), but would be quickly purified by the forces of good. While the same problem by Microsoft is part of a devious plot to keep its corruption to an all time high.

And even if it was, it wouldn't matter. IT departments that push patches indiscriminately deserve any negative feedback they get.

As a former enterprise-grade desktop support staffer (i.e.: one level up from the front-line call-takers), I know there have always been ways to disable the Windows Gadget platform. If not through GPO, at least through most other alternative rights-management schemes. Ultimately, it's as simple as removing the sidebar.exe file from the Program Files folder(s). Alternatively, an anti-malware utility (that's centrally managed, right?) can prevent the executable from starting.

This should not be news to any company large enough to have a (competent) IT staff. Anything that runs applets or other code locally is potentially vulnerable. Disabling the platform entirely is one of the most effective ways of preventing this sort of vulnerability from being any sort of problem on a large-ish network. As such, assuming they're competent, they've already disabled or restricted this functionality long before a formal vulnerability existed.

And, like you said, what IS sorta newsworthy is the subtext - that Microsoft is choosing to eliminate the Gadget platform altogether rather than patch it appropriately. Heading into Windows 8, I'm betting they didn't want to expend the resources necessary to do a proper repair job and, instead, focus developer time on Windows 8, Windows Server 2012, and optimizations on their new tablet platform.

This is something I have been wanting to ask for awhile, seriously, WTF does ANYBODY CARE about these so called "shills" anyway? I mean seriously the real shills are so damned easy to spot they may as well be the PHB on Dilbert, they use the same "buzzword bingo" that the corps just looooove to see in print, like "synergy" and "vertical integration" and "user experience' that nobody IRL uses, and if their point is bullshit? Well its not hard to spot actual bullshit and it gets modded down quick enough.

In the meanwhile all this "ZOMFG It a shill ZOMFG!" creates total paranoia and has the unstable seeing shill EVERYWHERE, I mean anybody that has read my history knows I'm just a little shop owner in the middle of bum fuck nowhere but so far I've been told I'm not actually in a little college town in the middle of AR, nope I'm hidden in a sekret bunker under Redmond, which I actually thought would be a hell of a lot more cool and interesting than my boring shop, oh and I'm also sub contracted to Comodo, AMD, Apple (Still haven't figured THAT one out, I don't even own an iPod), Asus, Gigabyte, and Asrock. I just wish someone would tell me where the sekret Swiss bank account is with all that money from subcontracting as I'd like a new truck, thanks.

As for TFA I smell bullshit. Are you seriously telling me that MSFT can't even keep their own fucking website safe? Seriously? they got all those people working there, they can't even scan the fucking executables put on their own damned website? What are they running it on, a badly done FB page?

Considering the fact I've NEVER seen anyone ever get a gadget at ANY site other than MSFT's, and that when you clicked on "get more gadgets online" it took you straight to their page i have to conclude that they simply want gadgets gone because it offers the same tweeting twitting FB shitting social crap that MSFT is pushing for Win 8. I've said it before and I'll say it again...watch out! I have NO doubt that between now and the release of Win 8 that MSFT will push more "security updates" that will be designed to cripple Win 7, because they are scared to death Win 8 is gonna be WinME the second coming.

So triple check every damned update that comes out between now and then, and be sure to have disc images handy, because Ballmer and Sinofsky isn't gonna do anything that would allow Win 8 to flop and the simple fact is unless you have a touchscreen Win 7 will do anything you want. But if a security update were to...ohh I don't know....say kill 30%+ of performance, or take the decent features away, for 'security reasons" of course, why folks might be more likely to buy Windows 8! The fact that MSFT is offering Win 8 pro upgrades on their website for $40 tells me they are running scared, hell they have NEVER offered pro for anywhere near that cheap, so frankly every single thing they say or do between now and then i would look at as suspect. MSFT is on the ropes, stuck in a niche that is flatline and will never be #1 again, and when backed into a corner as we have seen in the past MSFT can be pretty nasty. Just something to think about.

Tell me something, Mr Elite. How does someone who has never had formal training, but ends up leading a team of even less clued lackys across a few hundred servers/workstations? You think they have time to test patches or arrange their environment for better upgrading? No probably not, they are probably worked to the n'th hour, job prospects for them look slim so they are happy with the $35k year they make and they do enough to keep up with outages, requests, and upper management.

When things are working perfectly fine for 800 days and a malformed patch comes down the line they have every right to bitch.. but don't you dare tell them they deserve the negative feedback. That just feeds into their need to drink away their daily woes.

And fuck you if you don't care about those people, there are hundreds upon thousands of these kind of IT shops out there.