Hacker finds chink in Microsoft's anti-piracy armor

Summary:A security researcher in India has discovered "easy to exploit" ways to cheat Microsoft's OGA (Office Genuine Advantage) anti-piracy checks.

A security researcher in India has discovered "easy to exploit" ways to cheat Microsoft's OGA (Office Genuine Advantage) anti-piracy checks.

Debasis Mohanty, a hacker with a history of circumventing Redmond's software validation tools, says there are numerous ways to bypass the checks, which generate a hash out of information from the installed Microsoft Office software and passes it to a server for verification.

According to a proof-of-concept released by Mohanty, a simple Google query for Office updates or add-ins will return direct download links to the file on Microsoft's server "without any validation check."

Mohanty also hinted that the OGACheckControl.dll can be patched to sidestep validation.  "However just to keep myself away from those scary legal notices, I do not want to release any patch at this point of time," he said in a note posted to the Full Disclosure mailing list.

Topics: Microsoft, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.