Description: This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system.

Update type: Important

Release date: August 14, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/938123

Download link: 32-bit | 64-bit

Comments: After you install Windows Gadgets security update 938123, you may experience the following issues in the RSS Feeds Gadget.

• Text in the RSS Feed Gadget’s headline does not change from bold text to plain text until the next refresh occurs in Gadget.
• RSS Feed Gadget’s headline is truncated and is shown as one line with ellipses. A new line is present in the title.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
941099 The headline of the RSS Feed Gadget in Windows Vista is displayed incorrectly after you install security update 938123.