April 12, 2007 12:08 PM PDT
Microsoft confirms Vista OEM hack
According to a post by Microsoft Senior Product Manager Alex Kochis on the Windows Genuine Advantage developers' blog, Microsoft has identified two ways in which hackers have broken the product activation security feature on original equipment manufacturer PCs that come bundled with Vista. But the Redmond, Wash.-based tech giant does not yet have plans to snuff out this threat.
"We focus on hacks that pose threats to our customers, partners and products," Kochis wrote. "Our goal isn't to stop every 'mad scientist' that's on a mission to hack Windows. Our first goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknowing victims."
Microsoft first introduced product activation as a security feature with its Windows XP operating system, which launched in 2001.
Reports of a vulnerability in Vista's product activation began to surface last month with word of a crack called "Vista Loader 2.0," an enhanced version of the "Vista Loader 1.0" that was devised by Chinese hackers, according to a March 10 post on the My Digital Life blog. Vista Loader, the post explained, simulates an OEM motherboard's basic input-output system, software that is responsible for communication between the machine's hardware and the operating system. Consequently, with a BIOS simulator, the registration process that would normally lock out an unauthorized copy of Windows Vista could be bypassed.
While Microsoft is not immediately taking action, Kochis did acknowledge on the Windows Genuine Advantage blog that this could be a problem. "Because Windows Vista can't be pirated as easily as Windows XP, it's possible that the increased pressure will result in more interest in efforts to attack the OEM Activation 2.0 implementation," Kochis wrote.
Last month, it was believed that hackers had found a loophole in Vista's product registration, but Microsoft refuted the claim shortly afterward. Another alleged hack, this one involving a random product key generator, was also debunked in March.
67 commentsJoin the conversation! Add your comment