Among other things, Microsoft has notified users that it has made available an automated Microsoft Fix it solution (a workaround - not a patch) that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7, because of a number of vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.
The vulnerabilities in question will be revealed in a scheduled talk at the Black Hat security conference later this month in Las Vegas by two security researchers who shared their knowledge with Microsoft beforehand in order not to endanger users.
The company has also issued an advisory notifying users that it has revoked trust in 28 of its own intermediate CA certificates.
"Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and replacing them with new certificate authorities that meet our high standard of public-key infrastructure (PKI) management," they said. "We are unaware of any misuse of the certificate authorities, but are taking pre-emptive action to protect customers."
The revoked certificates could be uses to spoof content, perform phishing attacks, or perform man-in-the-middle attacks, and this move by Microsoft is the result of the discovery of the misuse of the company's trusted digital signatures by the recently discovered Flame malware.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.