We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft antipiracy check cracked

Windows Update lockout foiled

Microsoft acknowledged on Friday that hackers had successfully bypassed its Windows Update antipiracy check. The process implemented earlier last week aims to ensure only owners of legitimate Windows copies can use the download service.

A posting on popular blog Boing Boing on Thursday claimed that a simple JavaScript command could bypass the WGA (Windows Genuine Advantage) check introduced the previous day.

Users can override the test by pasting a single line of Javascript in the browser address bar and pressing enter. The code "turns off the trigger for the key check," according to the blog posting.

The WGA program makes users run a program that verifies that their copy of Windows is not pirated before they can use Microsoft's software update services. Microsoft introduced it as a pilot program in September but made the validation system a requirement on Wednesday.

A Microsoft spokesman confirmed on Friday that hackers had indeed succeeded in cracking the WGA program, and that the software giant will fix the flaw they had exploited in an upcoming version of the WGA program.

The exploit came soon after the launch of the program, the spokesman said. "Within 24 hours hackers claimed to have circumvented the process and it appears that they did," he said. "This is a hack that exploits a feature that enables repeat downloads in the same session so that a hacker never has to validate as a genuine user," he added.

The move to lock out pirated copies of Windows from the update sites is part of Microsoft's effort to fight software piracy, which is a major issue for the software vendor.

The Boing Boing hack is not the only way to get around WGA's restrictions.

David Keller, founder of PC consulting and services firm Compu-Doctor in Florida was able to change his Internet Explorer settings to bypass WGA when he experienced a flaw in the program that flagged a legitimate product key on a customer's machine as invalid.

"The customer was the original owner, no hardware was changed since purchase, nor was Windows ever reinstalled on the system," Keller said in an email to the IDG News Service. WGA rejected the operating system, nevertheless, which prevented Windows Update from working, he said.

Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the Windows Genuine Advantage add-on. He was then able to do a Windows Update without the validation step.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite