Microsoft Admits To Hacks’ Presence In Vista OEM

Reacting to general chat on forums and blogs, Microsoft admitted the existence of loopholes that might enable scammers to outwit the security measures of product activation in its Vista OS.

The hacker is still not seen as a big menace, even if Microsoft revealed it might take action if more cyber-terrorists see breaching Windows Vista's OEM product activation as a dare worth accepting.

A posting by Microsoft's Senior Product Manager, Alex Kochis on the company's blog site indicates that Microsoft has distinguished two methods by which cyber-terrorists have busted the security feature of product activation on OEM computers having Windows Vista.

First method requires modifying the BIOS on the system's motherboard to make it appear as if it's from a sanctioned OEM. This technique is rather wild and a very arduous procedure. Ruining the modification of BIOS on any motherboard can certainly make it ineffective forever, thus making this less menacing.

Method number two employs software to assure Windows Vista it's functioning on OA 2.0-equipped hardware. According to Microsoft, for the user, this technique is not only simpler to execute, but also to locate and counter, said.

Though Microsoft isn't initiating action directly, Kochis admitted on the blog page of Windows Genuine Advantage that it could be tough. "Since Windows Vista can not be plagiarized as effortlessly as Windows XP, it is likely that pressurizing will invite more avid attempts to strike the execution OEM Activation 2.0," Kochis communicated.

"It isn't our sole aim to prevent every 'crazy researcher' on a campaign to edit Windows. Our objective is to break up the business structure of masterminded forgers and shield end-users from becoming unsuspected targets. This entails concentrating on fighting hacks that are accessible and can be readily marketed."

The cyber-terrorists were thought to have detected a breach in product registration of Vista in March 2007, but Microsoft repudiated the claim soon afterwards. Yet another so-called attack, this one regarding arbitrary product key source, was also exposed in March 2007.

The last time Microsoft found its product activation system invaded was after the 2001 launch of Windows XP, but the attacks were restricted and not extensive.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 4/20/2007