05:03 PM
Thomas Claburn
Thomas Claburn
Connect Directly

Microsoft's 'Black Screen of Death' Patched...By Hackers

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers.

But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death."The "black screen of death," a reference to the infamous Microsoft "blue screen of death" that appears following a system crash, describes what happens to PCs running unauthorized versions of Windows after they're detected by Microsoft's Windows Genuine Advantage (WGA) program.

WGA, as implemented in China, seeks to curtail the use of illegally copied versions of Windows by setting desktop background color of unauthorized Windows installations to black. It's an aesthetic punishment rather than a functional one.

Not surprisingly for a country where the majority of Windows installations are unauthorized, this hasn't gone over well, even if it doesn't actually hobble computer functionality.

Scott Henderson, who runs The Dark Visitor blog, has been following the backlash. And in a blog post on Monday, he notes that a group of female Chinese hackers at Guangdong Foreign Studies University posted a fix for the WGA screen color change on Oct. 15, five days before Microsoft's preannounced plan went into effect.

Henderson has posted a translation of a message that the hacker group enclosed in its screen fix download. It reads:

"Excuse me Bill Gates, this time, I must once again oppose all of you [Microsoft]. I can't let you introduce chaos into the Chinese system again for no good reason! For many years now, people have stolen Windows and just this year you decide do something about it? That is stupid!! We are not the military but we have the same mission, to protect the sovereignty of the Chinese network."

This raises an interesting question: Were China and America ever to find themselves in genuine conflict, could Microsoft alter WGA to take stronger action, like disabling nongenuine versions of Windows? And would it do so if it could? (And would the Chinese government respond by mandating that everyone in China use Linux?)

WGA can be removed, so it's not clear how many unauthorized versions of Windows might actually be affected by such a ploy. But if doing so leads to falling behind on security patches, it's questionable as to whether running unauthorized software is worth the security risk.

And if, as the hackers stated, the Chinese people have the same mission as the Chinese military -- protecting network sovereignty -- running insecure software hardly seems like the right way to do that.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.