Microsoft has no immediate plans to tackle a reported hack to Windows Vista product activation that could allow illegal copies of Windows to be widely installed.

The hack is not yet viewed as a wide-scale threat, although Microsoft indicated it may act if more hackers view breaking Windows Vista's OEM product activation as a challenge worth taking.

Microsoft responded following reports Windows Vista's OEM Activation (OA) 2.0 has been broken. OA uses pre-installed code on the BIOS of an OEM'd PC motherboard to identify the system as pre-installed with a licensed copy of Windows.

The company has so-far identified two approaches to cracking OA 2.0. One involves editing the BIOS on the motherboard to make it appear as if it's from an authorized OEM, and the second uses software to convince Windows Vista it's running on OA 2.0-enabled hardware.

Microsoft last saw product activation hacked when it introduced Windows XP in 2001.

According to Kochis, Microsoft is taking a wait-and-see approach on this latest challenge: "Our goal isn't to stop every 'mad scientist' that's on a mission to hack Windows. Our goal is to disrupt the business model of organized counterfeiters and protect users from becoming unknown victims. This means focusing on responding to hacks that are scalable and can easily be commercialized." ®

Related stories

• Column Vista – End of the Dream? (29 April 2007)
• Interview 0wning Vista from the boot (26 April 2007)
• Notes on Vista forensics (16 April 2007)
• Attacks exploit Windows DNS server flaw (13 April 2007)
• Wanna copy of Windows XP next year? Forget it (12 April 2007)
• Vista keygen hoax exposed (5 March 2007)
• Review Vista security overview: too little too late (20 February 2007)
• Simon says: let me hack your Vista PC (1 February 2007)
• Analysis Vista's Suicide Bomb: who gets hurt? (28 December 2006)
• Windows Trojan masquerades as Vista hack (6 December 2006)