Hack cracks Microsoft antipiracy check
The Windows Genuine Advantage program was implemented just last week
IDG News Service - Microsoft Corp. has acknowledged that hackers were quickly able to bypass a process implemented last week to ensure that users of Microsoft's update services had legitimate copies of Windows before downloading updates and content from those services.
The anti-piracy effort makes users run a program to verify that their Windows operating system is not pirated before they can use Microsoft's software update services (see Update: Microsoft requires Windows piracy checks). Microsoft had been running it as a pilot program since September but made the validation system a requirement on Wednesday.
A Microsoft spokesman said Friday that hackers indeed succeeded in cracking the WGA program and that the software giant will fix the flaw they had exploited in an upcoming version of the WGA program.
The exploit came soon after the Wednesday launch of the program, the spokesman said. "Within 24 hours, hackers claimed to have circumvented the process, and it appears that they did," he said. "This is a hack that exploits a feature that enables repeat downloads in the same session so that a hacker never has to validate as a genuine user."
The move to lock out pirated copies of Windows from the update sites is part of Microsoft's effort to fight software piracy, a major issue for the software vendor.
The Boing Boing hack is not the only way to get around WGA's restrictions.
David Keller, founder of PC consulting and services firm Compu-Doctor in Cape Coral, Fla., was able to change his Internet Explorer settings to bypass WGA when he experienced a flaw in the program that flagged a legitimate product key on a customer's Windows XP Professional Service Pack 2 as invalid.
"The customer was the original owner, no hardware was changed since purchase, nor was Windows ever reinstalled on the system," Keller said in an e-mail to the IDG News Service. WGA rejected the operating system, nevertheless, which prevented Windows Update from working, he said.
Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the WindowsGenuine Advantage add-on within his browser's Internet Options. By clicking on Tools/Internet Options/Programs/Manage Add-ons, Keller disabled the WGA add-on. He then exited Internet Explorer and was able to do a Windows Update without the validation.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts