But many Windows users may not realize installing a gadget is just as dangerous as installing a program. Gadgets are full Windows programs with full access to your system, and there are third-party gadgets with known security vulnerabilities that will never be fixed. In other words, the desktop gadgets aren’t just a lightweight gadget platform. Install a gadget and it can run any code it wants on your computer with your full system permissions. Second, your computer could be compromised if an attacker creates a malicious gadget and gets you to install it. Attackers could exploit a vulnerability in a gadget to gain control over your entire computer, if you’re signed on as a user account with administrator privileges.
First, Microsoft says it’s aware of legitimate desktop gadgets that contain security vulnerabilities that could be exploited by attackers. Microsoft’s official security advisory on the subject explains two big problems. That’s not just our opinion–that’s what Microsoft says.
There’s a reason these were discontinued in Windows 8 and 10: Microsoft’s desktop gadget platform has a variety of security problems. Windows Desktop Gadgets Were Discontinued Because They’re a Security Risk
