Microsoft quietly issued a patch designed to fix the flaw in its Software Protection Platform (SPP) technology late last month. Criticized by some when it was initially announced in the autumn of 2006, SPP is an updated and more aggressive version of the Windows Genuine Advantage anti-piracy tools found in XP.
But because of the bug, SPP may suddenly demand that a copy of Vista be "activated" even though the user and/or the computer maker did so earlier.
"You may be prompted to activate Windows Vista on a computer on which Windows Vista activation was not previously required," Microsoft said in a support document last updated Feb. 15. "Although this problem rarely occurs, it may occur during typical use of a Windows Vista-based computer.
For example, this problem may occur under one or more of the following conditions: You install a device driver, you install a program, you run a new program, or you remove a program."
One Vista user commenting on Microsoft's Windows Vista Validation Issues support forum reported that he ran into the bug after he had updated his PC's BIOS.
Vista must be activated within 30 days of its first use, or else it drops into what Microsoft calls a "reduced functionality" mode -- a crippled condition in which only the operating system's Web browser works, and then for only an hour at a time.
Unless a PC's hardware is substantially changed, activating Vista should be a once-only action. Many hardware vendors activate the operating system for users before their machines leave the factory. But if users are asked to reactivate Vista, they only have a grace period of three days, not 30, to get everything on their systems shipshape.
Microsoft said the reactivation flaw crops up when a program running with administrative credentials removes a system setting. That in turn can trigger the failure of a BIOS validation check, which is part of the activation process.
For example, running Intuit's QuickBooks 2007 software can bring up the reactivation demand, Microsoft added. But, it said, "This problem may also infrequently occur when you install other programs or device drivers."
Microsoft acknowledged there was a bug in the operating system. "This problem does not occur because of an issue in the installed program or device driver," the company said in the support document. "This … is caused by a system problem in Windows Vista."
According to Microsoft, the fix for the bug has been labelled as a "recommended" update. A Microsoft spokeswoman confirmed that the patch was placed in the company's Windows Update pipeline at the end of January. "If customers didn't receive it via Windows Update, the update can be downloaded," she said.
Microsoft has posted 32-bit and 64-bit versions of the patch on its Web site. Ironically, the patches can only be retrieved by PCs that pass another check to determine if their operating systems are legitimate.
Microsoft didn't immediately respond to e-mails seeking information on the number of users who have been affected by the bug.