Microsoft Investigates Reported Hack of Windows Authenticity Check - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
7/28/2005
04:47 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Investigates Reported Hack of Windows Authenticity Check

A popular blog reports that Microsoft's online validation process for Windows has been hacked.

"Does it matter if your copy of Windows is genuine?" Microsoft asks, knowing full well the impact of illegally copied software on its bottom line. "Yes, if you want the confidence of knowing that your software is legitimate and fully supported. And only genuine Windows customers can receive product downloads, Windows updates, and special offers."

That was true yesterday, but today hackers have come up with a way to disable Microsoft's online validation check. As noted in popular blog Boing Boing and elsewhere, by pasting a single line of JavaScript code into their Web browsers during the Windows Genuine Advantage validation process, users of counterfeit copies of Microsoft Windows can bypass the authenticity test, enabling them to receive product downloads, Windows updates, and special offers, just like paying customers.

Also, a Slashdot thread on the subject suggested several readers had tried it for themselves successfully.

No doubt Microsoft will disable this hack shortly, if it hasn't already. "The hack as far as we can tell is not a security vulnerability nor does it put customers at risk," a Microsoft spokesman said. "We're investigating the claims now, and we're going to take action in response to those as appropriate."

The irony here is that the validation process relies on an ActiveX control, a small executable code package that users of Internet Explorer can download and run on their computers. Computer security organizations like the CERT Coordination Center have recommended disabling ActiveX as a way to defend against security flaws in Internet Explorer.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll