There’s a major chink in Microsoft’s Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.
A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.’s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.
Best online Microsoft MCTS Training, Microsoft MCITP Certification at certkingdom.com
Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.
Mohanty’s findings come as the world’s largest software maker prepares a mandatory rollout of the program.
Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.
If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.
PointerClick here to read more about Microsoft’s Windows Genuine Advantage.
A Microsoft spokesperson on Monday confirmed Mohanty’s findings but insisted that the weakness presented no real threat to the company’s attempts to strangle software pirates.
“We expected that counterfeiters would try a number of methods to circumvent the safeguards, so this isn’t a surprise,” the spokesperson said. “We don’t see this as any different from software piracy that goes on when people burn copies on a disk for sharing.”
According to Mohanty, a pirate with a genuine copy of Windows XP could simply run the “GenuineCheck.exe” file used during the WGA validation program to generate a key code. “This key code … can be used to circumvent the WGA check on the machine running a pirated copy of Windows XP,” he said.
See more stories on Microsoft Watch
He provided step-by-step instructions on how the system can be cheated and noted that his tests showed that the updates to the machine using the pirated copy were up and running for almost two months.
PointerRead more here about reactions to Microsoft’s attempts to crack down on piracy.
While acknowledging that the loophole allows the reuse of WGA key codes, the Microsoft spokesperson said the risk of widespread piracy is limited because the code includes a time stamp that prevents its use after a short period.
“The code expires very quickly. The updates would continue to run but it’s not going to allow widespread theft. He can steal the software for himself but once the code expires, it can’t be reused,” the spokesperson told Ziff Davis Internet News.
eWEEK.com Special Report: Piracy & Counterfeiting
He did not say how long the code remains live and made it clear the issue did not point to a security vulnerability that puts Windows users at risk.
“Software pirates are getting more and more sophisticated. We see WGA as an attempt to balance the need to make downloads easily available for customers while trying to safeguard our intellectual property,” he added.
The spokesperson said there were no plans to modify the way WGA works, even after Mohanty’s public demonstration, which was posted on a high-profile security mailing list.
PointerCheck out eWEEK.com’s Windows Center for Microsoft and Windows news, views and analysis.
