Indian security consultant Debasis Mohanty has published a workaround that allows users of illegal copies of Windows to circumvent the software's copy protection technology.
Microsoft is currently experimenting with a technology dubbed Windows Genuine Advantage (WGA) which gives users access to patches only after they have proved that they run a legitimately licensed copy of Windows.
The technology deploys an application to the user's system that validates the software's authenticity, and provides an authentication code that unlocks access to the download section. The code has to be entered only once.
But users can use the authentication code on several machines, unlocking access to downloads on systems that did not pass the authenticity check.
A spokesman for Microsoft confirmed to vnunet.com that the method can be used to circumvent WGA.
"However, it is entirely unscalable. The code generated by the validation tool expires quite quickly," he said.
After a few hours the code becomes useless, making it unlikely for it to end up on websites that publish cracks. But the method does allow for the code to be used inside the user's home on a second machine or among friends.
Microsoft does not plan to change WGA as a result of the workaround, according to the spokesman.
"Microsoft has to balance the need to make downloads easily available for all customers while safeguarding our intellectual property," he said. "In this case we are going to defer to helping our customers stay secure."
He stressed that this is not a security vulnerability and that users are not at risk.
Microsoft currently uses WGA on a trial basis to offer access to some of its patches, such as updates for Microsoft Office. When the copyright enforcement technology goes live later this summer, it will be required for patches and the Windows Update feature.
The software giant confirmed that it will make security updates available to all users, regardless of the status of their licence.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away