Who Gets It and Who Doesn’t? (Windows Genuine Advantage and Security Updates)

Mando Picker

Dustin Childs

Security Program Manager

Protecting customers, working with security researchers, second Tuesdays, bourbon, mandolins

Using “It’s hard” as an excuse, quitting when it gets tough, banjos

One of the things I get to do in the Microsoft Security Response Center (MSRC) is talk to our customers and tell them about the process by which Microsoft identifies potential security vulnerabilities in its products, eliminates those vulnerabilities, and provides remediation and information to customers. In other words, I get to explain what I do for a living to anyone who will listen. I really enjoy doing this, because I find out first-hand what is most important to our customers as well as what questions they have about the Microsoft response process.

One of the questions I am often asked is regarding security updates for Windows systems that fail the Windows Genuine Advantage (WGA) check. In other words, who gets security updates? It’s an understandable question, and it has a very clear answer.

“Security updates are available to all systems.”

It is just that simple. If Microsoft has provided a security update, you can install it on your system. This is still true even if your system fails the WGA validation check. There are also no WGA checks for service packs, update rollups, and important reliability and application compatibility updates. Paul Cooke, a Director in the Windows Client group, also stated this last year in his Windows Security Blog. On Windows Vista and Windows 7, available security updates can be accessed through Windows Update in Control Panel. On Windows XP, systems that fail a WGA check can still access security updates through Automatic Updates.

Keeping all Windows systems current on their security updates is a big part of keeping a healthy Windows ecosystem. After all, Conficker and Blaster don’t check for WGA. If you don’t have the right security updates, they just compromise your system and then spread to other systems. While a large part of my job is responding to vulnerability reports, it is always better to have proactively helped users stay secure.

So if you have ever wondered, now you know. You can always get security updates regardless of WGA validation. We at the MSRC are completely committed to ensuring our security updates go out to as many of our users as possible. So install those security updates without fear, and if you happen to run into me at a conference and want to hear everything else I do, just let me know. It is a story I love to tell. Just make sure you have an hour or two to spare. :-]

– Dustin

*Postings are provided “AS IS” with no warranties, and confers no rights.*