Language Selection

English French German Italian Portuguese Spanish

Exploit Allows Windows XP Piracy

Filed under
Microsoft

There's a major chink in Microsoft's Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.

A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.'s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Mohanty's findings come as the world's largest software maker prepares a mandatory rollout of the program.

Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.

If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.

A Microsoft spokesperson on Monday confirmed Mohanty's findings but insisted that the weakness presented no real threat to the company's attempts to strangle software pirates.

The spokesperson said there were no plans to modify the way WGA works, even after Mohanty's public demonstration, which was posted on a high-profile security mailing list.

Full Story.

More in Tux Machines

Thank You Akademy 2014 Sponsors

Akademy is a non-commercial event, free of charge for all who want to attend. Generous sponsor support helps make Akademy possible. Most of the Akademy budget goes towards travel support for KDE community members from all over the world, contributors who would not be able to attend the conference otherwise. The wide diversity of attendees is essential to the success of the annual in-person Akademy conference. Many thanks to Akademy 2014 sponsors. Read more

Linux @ About.com

During the past month I have been in discussions with a number of people at about.com. I have been provided with the opportunity of writing articles on the linux.about.com subsite and I am in full control of all the content that will appear on that site. It is early days and there is some old content on the site which is a bit out of date but I plan to make linux.about.com a great resource for everyone. Read more

Leftovers: Software

today's howtos