Smokey's Security Weblog

veritas odium parit

Microsoft admits it sent Office nag to all WSUS servers

April 19, 2008 (Computerworld) Admins, furious, say their Office installs have been falsely fingered as fake:

System administrators have ripped Microsoft Corp. for pushing a trial anti-piracy program meant for limited distribution to all enterprise update servers, a mistake that has triggered false warnings of Office counterfeits.

Earlier this month, Microsoft announced it would kick off a pilot program for software to display nagging notices on copies of Office that it deems fake. The program, part of the Office Genuine Advantage (OGA) initiative, which already requires users to validate their software as legitimate, was to run in only four countries: Chile, Italy, Spain and Turkey. The notices would appear on machines running phony copies of Office XP (called Office 2002 by some), Office 2003 and Office 2007.

Last Tuesday, however, Microsoft published the test update to all Windows Server Update Services (WSUS) servers, and did not limit its delivery to end users in Chile, Italy, Span and Turkey. WSUS is the primary update mechanism used by businesses to patch their Microsoft software. Later, Microsoft said the mistake had seeded the OGA update to WSUS servers for about 24 hours.

By early Wednesday, administrators in the U.S., U.K., New Zealand and elsewhere were posting messages on Microsoft support newsgroups, asking why their WSUS systems had received the Office nag. In some cases, administrators reported that the update had fingered large numbers of desktop PCs as running counterfeit copies of Office.

“Update KB949810 arrived via WSUS yesterday and now all my XP workstations running Word 2002 are telling me it needs activating,” said a user identified as “morriswoodyman,” who said he is in the U.K. “The only problem is that the software is genuine and was activated three years ago,” the user added in a message to a Microsoft support newsgroup.

The support document morriswoodyman referenced — KB949810 — is the one associated with the OGA notification update, and was how WSUS labeled the update in its listings.

Source: ComputerWorld Security


April 20, 2008 - Posted by | Alerts, Downloads, Friends, News, Recommended External Security Related Links, Uncategorized | , , , , , , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: