Microsoft Investigates Reported Hack of Windows Authenticity Check - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
7/28/2005
04:47 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Investigates Reported Hack of Windows Authenticity Check

A popular blog reports that Microsoft's online validation process for Windows has been hacked.

"Does it matter if your copy of Windows is genuine?" Microsoft asks, knowing full well the impact of illegally copied software on its bottom line. "Yes, if you want the confidence of knowing that your software is legitimate and fully supported. And only genuine Windows customers can receive product downloads, Windows updates, and special offers."

That was true yesterday, but today hackers have come up with a way to disable Microsoft's online validation check. As noted in popular blog Boing Boing and elsewhere, by pasting a single line of JavaScript code into their Web browsers during the Windows Genuine Advantage validation process, users of counterfeit copies of Microsoft Windows can bypass the authenticity test, enabling them to receive product downloads, Windows updates, and special offers, just like paying customers.

Also, a Slashdot thread on the subject suggested several readers had tried it for themselves successfully.

No doubt Microsoft will disable this hack shortly, if it hasn't already. "The hack as far as we can tell is not a security vulnerability nor does it put customers at risk," a Microsoft spokesman said. "We're investigating the claims now, and we're going to take action in response to those as appropriate."

The irony here is that the validation process relies on an ActiveX control, a small executable code package that users of Internet Explorer can download and run on their computers. Computer security organizations like the CERT Coordination Center have recommended disabling ActiveX as a way to defend against security flaws in Internet Explorer.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll