The Windows Genuine Advantage program has moved from an optional one to a requirement to obtain updates.

The transition of the WGA program means users will have their version of Windows verified online when attempting to retrieve a software update. Microsoft has changed the verification process so that users do not have to enter the 25-digit product key themselves.

If the code proves to be counterfeit, users can complete a piracy report and submit their proof of purchase and the counterfeit CDs to receive a genuine copy at no cost. Without proof of purchase, the user will be able to purchase a genuine copy of XP Home or Professional at a price of $99 or $149, respectively.


In a press release, Microsoft says 40 million customers willingly participated in the WGA pilot program. The Business Software Alliance has claimed piracy costs businesses and governments billions of dollars globally each year.

Security updates will be available whether or not a system has been through the WGA process. Microsoft seems to recognize that an unpatched system is a greater threat than an unlicensed system when connected to the Internet.

Microsoft has not yet disclosed how many pirated copies of Windows it has found since the pilot program started. The company has went after resellers in Virginia and California after customers discovered the Windows software they purchased from those firms was pirated.

---

Microsoft Releases RDP Security Advisory

By David Utter

It would take a specially crafted message to accomplish the attack, but the only result would be a denial of service, causing the system to restart. Only Windows XP Media Center edition has RDP enabled by default.

To date, no attacks have been reported to Microsoft. The company advises that the presence of a firewall can mitigate the effect of an external attack. Users and administrators should ensure that Internet-connected systems have the minimum number of ports needed open.

Specifically, firewalls can be configured to block requests to TCP port 3389. Other workarounds listed by Microsoft include disabling Terminal Services or the Remote Desktop feature, or by implementing an IPSec policy or VPN connectivity. Microsoft has not yet determined if an update will be released with its regular monthly update, or if it will provide one for RDP before the second Tuesday of August.