Microsoft Investigates Reported Hack of Windows Authenticity Check - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
7/28/2005
04:47 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Investigates Reported Hack of Windows Authenticity Check

A popular blog reports that Microsoft's online validation process for Windows has been hacked.

"Does it matter if your copy of Windows is genuine?" Microsoft asks, knowing full well the impact of illegally copied software on its bottom line. "Yes, if you want the confidence of knowing that your software is legitimate and fully supported. And only genuine Windows customers can receive product downloads, Windows updates, and special offers."

That was true yesterday, but today hackers have come up with a way to disable Microsoft's online validation check. As noted in popular blog Boing Boing and elsewhere, by pasting a single line of JavaScript code into their Web browsers during the Windows Genuine Advantage validation process, users of counterfeit copies of Microsoft Windows can bypass the authenticity test, enabling them to receive product downloads, Windows updates, and special offers, just like paying customers.

Also, a Slashdot thread on the subject suggested several readers had tried it for themselves successfully.

No doubt Microsoft will disable this hack shortly, if it hasn't already. "The hack as far as we can tell is not a security vulnerability nor does it put customers at risk," a Microsoft spokesman said. "We're investigating the claims now, and we're going to take action in response to those as appropriate."

The irony here is that the validation process relies on an ActiveX control, a small executable code package that users of Internet Explorer can download and run on their computers. Computer security organizations like the CERT Coordination Center have recommended disabling ActiveX as a way to defend against security flaws in Internet Explorer.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Slideshows
Flash Poll