Security researchers from MASSGRAVE have unveiled TSforge, a groundbreaking tool exploiting vulnerabilities in Microsoft’s Software Protection Platform (SPP) to activate every version of Windows from Windows 7 onward, including Office suites and add-ons. As Windows 10’s 2025 end-of-life approaches, this exploit could reshape enterprise licensing strategies, forcing Microsoft to rethink activation security from the ground up. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This exploit marks the first successful direct attack against SPP’s core cryptographic defenses since its introduction in Windows Vista. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Researchers at MassGrave identified that modifying these trusted stores with forged activation data—while bypassing RSA-2048/AES-CBC encryption—could trick SPP into accepting permanent licenses. The exploit hinges on extracting SPP’s production RSA private key, which Microsoft uses to sign activation blobs. The tool’s impact is amplified by its cross-version compatibility—it manipulates Windows 7’s spsys.sys driver architecture and Windows 10’s unified sppsvc.exe equally effectively. Microsoft has yet to comment, but enterprise clients using KMS should audit their activation logs for 0xC004F200 spoofed status codes. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 25 Feb 2025 10:15:23 +0000