Writing Vista Sidebar Gadgets securely

During today's patch release cycle from Microsoft, a new set of vulnerabilties were fixed against Vista Sidebar gadgets that could allow for remote code execution. You can read the security bulletin on this threat over on TechNet here if you would like more information.

David Ross and Michael Howard wrote an interesting article a few months back on how to "Inspect Your Gadgets" to make them more resilient to such attacks. Since they run with full trust in the side bar... care should be taken to validate and sanitize all inputs, as well as to ensure no untrusted comms and XSS occur.

It's a short, but well written article that I believe all sidebar gadget authors should read.

Happy reading.