Risk
10/27/2008
05:03 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft's 'Black Screen of Death' Patched...By Hackers

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers.

But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death."The "black screen of death," a reference to the infamous Microsoft "blue screen of death" that appears following a system crash, describes what happens to PCs running unauthorized versions of Windows after they're detected by Microsoft's Windows Genuine Advantage (WGA) program.

WGA, as implemented in China, seeks to curtail the use of illegally copied versions of Windows by setting desktop background color of unauthorized Windows installations to black. It's an aesthetic punishment rather than a functional one.

Not surprisingly for a country where the majority of Windows installations are unauthorized, this hasn't gone over well, even if it doesn't actually hobble computer functionality.

Scott Henderson, who runs The Dark Visitor blog, has been following the backlash. And in a blog post on Monday, he notes that a group of female Chinese hackers at Guangdong Foreign Studies University posted a fix for the WGA screen color change on Oct. 15, five days before Microsoft's preannounced plan went into effect.

Henderson has posted a translation of a message that the hacker group enclosed in its screen fix download. It reads:

"Excuse me Bill Gates, this time, I must once again oppose all of you [Microsoft]. I can't let you introduce chaos into the Chinese system again for no good reason! For many years now, people have stolen Windows and just this year you decide do something about it? That is stupid!! We are not the military but we have the same mission, to protect the sovereignty of the Chinese network."

This raises an interesting question: Were China and America ever to find themselves in genuine conflict, could Microsoft alter WGA to take stronger action, like disabling nongenuine versions of Windows? And would it do so if it could? (And would the Chinese government respond by mandating that everyone in China use Linux?)

WGA can be removed, so it's not clear how many unauthorized versions of Windows might actually be affected by such a ploy. But if doing so leads to falling behind on security patches, it's questionable as to whether running unauthorized software is worth the security risk.

And if, as the hackers stated, the Chinese people have the same mission as the Chinese military -- protecting network sovereignty -- running insecure software hardly seems like the right way to do that.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.