So there’s been a lot of talk about OEM BIOS hacks to get around Vista activation. Microsoft responded to this on the Windows Genuine Advantage Blog back in April last year.

Now it appears that there’s a much easier work around, leveraging what seems to be a design choice in activation for some of the large OEM’s.

The article explaining this issue can be found on the Australian PC Mag website.

In short, it would appear Microsoft provided an offline activation mechanism dependent on:

It allows the “Royalty OEMs” to embed specific licensing information into the operating system which Vista can activate without having to go back to Microsoft for verification. The licensing components include the OEM’s hardware-embedded BIOS ACPI_SLIC (which has been signed by Microsoft), an XML certificate file which corresponds to this ACPI_SLIC and a specific OEM product key.

I agree with the author of the article, in that I really thought MS might have made some serious inroads into halting the widespread Windows piracy. However, by providing an offline solution, have they opened the stable door?

As usual it goes to show, that your security is only as strong as your weakest link ….