WgaTray.exe opens security hole
It’s called Windows Genuine Advantage. I’ve received a couple Emails about the file WgaTray.exe which was part of this weeks Windows Update. Some questioned how this file was able to run on startup but isn’t listed by WinPatrol or other programs as an AutoStartup program.
Well, the answer is simple; this program is part of the Windows Operating system. After Windows starts it looks for this file in the system32 folder and runs it. Unfortunately, there’s a serious problem in with the way how Microsoft has implemented their anti-piracy system. The way Windows handles this file opens up a big security hole that most programs won’t plug. Any malicious program can delete the WgaTray.exe and replace it with its own malware using the same name. Windows does nothing to verify this program before running it the next time you reboot.
Microsoft describes this program as follows: "By using genuine Microsoft software, you can be confident that your software is legitimate and fully supported by Microsoft.” As if “you” didn’t already know. More information can be found at http://www.microsoft.com/genuine/default.mspx and http://www.microsoft.com/genuine/downloads/WhyValidate.aspx.
You can also find a discussion at Broadband Reports.com http://www.dslreports.com/forum/remark,15963038 The topic of the discussion is more about flaws in Windows piracy then security. If you have your system set for auto-updates the newest version of WgaTray.exe will have been downloaded this week.