Microsoft acknowledges Windows 7 activation leak

(Credit: Dong Ngo/CNET)

Alex Kochis, Microsoft's director of Genuine Windows, posted a blog late Thursday addressing the "leak of a special product key" of Windows 7 RTM (release to manufacturers). This confirmed the rumor on Tuesday that an ISO file of Windows 7 RTM sent to Lenovo that contains a master key--a number used to verify the authenticity of the software--was leaked to the Internet.

According to the blog, "The key is for use with Windows 7 Ultimate RTM product that is meant to be preinstalled by the OEM (original equipment manufacturer) on new PCs to be shipped later this year. As such, the use of this key requires having a PC from the manufacturer it was issued to. We've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key."

This means the hacked key will still work, though it will likely be identified, presumably when the computer with this version of the hacked Windows 7 OS installed connects to download updates from Microsoft.

Kochis said Windows 7 includes an improved capability to detect activation exploits and it should be able to alert the customer when the leaked version or other hacks are used to install Windows 7 on a PC.

He added, "Our primary goal is to protect users from becoming unknowing victims, because customers who use pirated software are at greater risk of being exposed to malware as well as identity theft. Someone asked me recently--and I think it's worth noting here--whether we treat all exploits equally in responding to new ones we see. Our objective isn't to stop every "mad scientist" that's out there from dabbling; our aim is to protect our customers from commercialized counterfeit software that impacts our customers' confidence in knowing they got what they paid for."

Personally, I don't see what Microsoft can do now that the key and the ISO is out in the wild, other than wait for a system installed with that copy of Windows 7 to connect to its update servers. In the meantime, it can issue another key to OEMs to make sure they don't use they leaked key and hope that consumers will buy its genuine product and, of course, pay the full price for it.

It's safe to say that we probably have to wait for a service pack of the operating system to be sure that this leak is fully addressed. In the meantime, this leaked key could still pose a big problem if the hackers are able to alter the ISO and sell it as counterfeit retailed package of the OS. In this case, customers will only find out that they don't have an genuine copy, if they ever do, when it's too late.

[holyreki]

Is this really worthy of having 3 articles written about? Every software product is hacked/cracked almost the instant it's out.

[tipoo_]

It wasnt a hack or a crack, just a leak.

[Vegaman_Dan]

It's a leak that is going to likely be strongly investigated since it came from an OEM and not Microsoft. There's some legal issues that would have to be addressed as a result. I don't think anyone really knows the result of this.

[Thranx]

Agree with tipoo_ ... bad writing. There's no hacking or cracking going on here, it's just the leak of a privilaged key that shouldn't have gotten out of lenovo's hands.

Additionally, they won't need a service pack to fix this release, they can simply make the key invalid for the licensing process. Unless they're going to use the box completely offline, that machine's going to check in every 6 months to validate... and it will become unactivated.

[jessiethe3rd]

Yeah CNET loves to create a bunch of hype... "Crack/Hacked, Microsoft" More fuel to the Microsoft hating fire.

[ballmerisanape]

As if Microsoft needed any more wrenches in it's "activation" process.

[monkeyfun14]

Its already been patched

http://www.istartedsomething.com/20090729/windows-7-activation-cracked-oem-exploit/

[snaphat]

It's not despite what they may have said.

[cohaver]

i am happy they leak it even if was A MISTAKE.if this leads to helping Microsoft find malware ,Trojans ,worms virus and spam . alureon type virus hide them self as certified windows software . If anti virus companies would act more like AVG and AVIRA they would find virus quicker and develop repair tools .IOBIT FILL IN GAP where Nortan fails
People will say linux that fine 70% of local IT shop work or repair is windows related virus's
most of repairs could been avoided if simple things were done by software companies in support of basic security freeware

[Thad Boyd]

Zero words in that comment made sense.

[PacGamer]

Um...what?

[shycelticwitch]

Those who know the value of perpetual workflow do not use MS. For those who do, I hope they fix this for you real soon.

[shycelticwitch]

Let me clarify. Those of you who choose to use the "leak" to get your software for free... I don't blame you. $149 bucks for a box of unstable code that runs lousy on less than quality hardware is ridiculous. However, like Adobe did when it came out with CS, you will find your hacked version rendered useless by MS the very first time you try to get support.

Still laughing at all the designers I know who bought hacked CS software from overseas vendors. Adobe shut them down the first time they launched the hacked software while actively connected to the web. Too funny.

[monkeyfun14]

Thats why Windows 7 runs fine on netbooks?

You lose try again tommorow.

[lvdel]

wont matter, once the oem machines are released/sold to the public, the oem key can easily be gotten from any machine, and will be used by " the hackers" to "counterfeit" windows anyways..

nonsense article, and ms should not bother waisting their time.

[cohaver]

point is if the master key is out a algorithm can be made to pass windows certification process if windows Defender cant find a Trojan virus that passes as certified driver or software what you think happens to windows 7 .run a encryption program on a virus hide it in a file in windows and see how many programs can find it

[kelmon]

I just wish Windows Activation and Windows Genuine Advantage would just go away as I am quite convinced that it does not stop piracy and simply inconveniences the legitimate user. I've had WGA throw a hissy fit on a couple of occasions for no good reason and then had to waste both my time and Microsoft's Customer Service people's getting a ridiculously long activation code. Serial Numbers were perfectly fine and no doubt are just as successful at preventing piracy as Windows Activation and bloody WGA.

[gggg sssss]

Mistake my foot. Lenovo = Govt of China. They are trying to destabilize the largest, most successful US software company. Say NO to computers made by the govt of China. Say NO to lenovo

[vken81]

Do "hackers" get paid or do they "hack" for the fun of it? Is it an "ego" thing?

[Vepar_S]

It is for bragging rights to show that they can outsmart "pro" software developers. Most do not get paid, except for when they sell to ignorant customer that buys the software thinking they are getting a deal.....

[Vepar_S]

After the not-so-successful launch of Vista and all the problems people say they had. MS should know to come out with a stable OS 2 years after making people pay $200-$300 for a shaky one would **** people off thus making them believe that they are entitled to a "Free" upgrade. I bought my laptop 3 months before the announcement of the upgrade deal........shame on me.