There is an inherit flaw in logic of Microsoft's Windows Genuine Advantage program to allow customers to download security patches only after authentication that their copy of Windows (XP) is authentic.

The flaw is that check it not being performed at the time of patching the system but at the time of downloading. This presents some interesting but very real and practical situations. Supposedly one could download the patches from a genuine Windows system and then apply the patch on a system with pirated copy of Windows XP. There is no software check stopping the customer from doing so.

This type of scenario would be ideal in a SME in countries like India and China, wherein the rate of piracy has dropped but not completely vanished. In this scenario a company or individual would have few genuine copies and many pirated one.

Although, Microsoft has used the check at the time of installing in past like in Service Pack 2 (SP2). But then that was a huge pack and Microsoft could actually do that in such a huge pack. The trick would be to implement this in a normal patches of 200 ~ 700 KB sizes. Till then piraters are one step ahead of Microsoft on this issue.

P.S: Microsoft has started using actively the Windows Genuine Advatage program recently. And to implement this has switched to version 6 (v6) of the Windows Update site.