Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/27/2008
05:03 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft's 'Black Screen of Death' Patched...By Hackers

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers.

But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death."The "black screen of death," a reference to the infamous Microsoft "blue screen of death" that appears following a system crash, describes what happens to PCs running unauthorized versions of Windows after they're detected by Microsoft's Windows Genuine Advantage (WGA) program.

WGA, as implemented in China, seeks to curtail the use of illegally copied versions of Windows by setting desktop background color of unauthorized Windows installations to black. It's an aesthetic punishment rather than a functional one.

Not surprisingly for a country where the majority of Windows installations are unauthorized, this hasn't gone over well, even if it doesn't actually hobble computer functionality.

Scott Henderson, who runs The Dark Visitor blog, has been following the backlash. And in a blog post on Monday, he notes that a group of female Chinese hackers at Guangdong Foreign Studies University posted a fix for the WGA screen color change on Oct. 15, five days before Microsoft's preannounced plan went into effect.

Henderson has posted a translation of a message that the hacker group enclosed in its screen fix download. It reads:

"Excuse me Bill Gates, this time, I must once again oppose all of you [Microsoft]. I can't let you introduce chaos into the Chinese system again for no good reason! For many years now, people have stolen Windows and just this year you decide do something about it? That is stupid!! We are not the military but we have the same mission, to protect the sovereignty of the Chinese network."

This raises an interesting question: Were China and America ever to find themselves in genuine conflict, could Microsoft alter WGA to take stronger action, like disabling nongenuine versions of Windows? And would it do so if it could? (And would the Chinese government respond by mandating that everyone in China use Linux?)

WGA can be removed, so it's not clear how many unauthorized versions of Windows might actually be affected by such a ploy. But if doing so leads to falling behind on security patches, it's questionable as to whether running unauthorized software is worth the security risk.

And if, as the hackers stated, the Chinese people have the same mission as the Chinese military -- protecting network sovereignty -- running insecure software hardly seems like the right way to do that.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.