Windows 7 OEM Product Key Leak


Yesterday we were alerted to reports of a leak of a special product key issued to an OEM partner of ours. The key is for use with Windows 7 Ultimate RTM product that is meant to be pre-installed by the OEM on new PCs to be shipped later this year. As such, the use of this key requires having a PC from the manufacturer it was issued to. We’ve worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It’s important to note that no PCs will be sold that will use this key.


Windows 7 already includes an improved ability to detect hacks, also known as activation exploits, and alert customers who are using a pirated copy.  There is a hack that is said to enable, when paired with the leaked key, a system to install and use a copy of Windows 7 Ultimate. Both the hack and the key are indications that a copy of Windows may not be genuine. The Windows Activation Technologies included in Windows 7 are designed to handle situations such as this one, and customers using these tools and methods should expect Windows to detect them. 


Our primary goal is to protect users from becoming unknowing victims, because customers who use pirated software are at greater risk of being exposed to malware as well as identity theft. Someone asked me recently – and I think it’s worth noting here — whether we treat all exploits equally in responding to new ones we see. Our objective isn’t to stop every “mad scientist” that’s out there from dabbling; our aim is to protect our customers from commercialized counterfeit software that impacts our customers’ confidence in knowing they got what they paid for. That will continue to be our focus as we continue to evolve our anti-piracy platforms, and respond to new threats that we see emerge in the future.


Comments (27)

  1. kimsland says:

    I’ve missed the point of the article

    Are you saying that Windows 7 won’t be hacked, like EVERY other Windows version ever released ??

    Keep your customers happy then.

    But don’t post "shocking" news that is going to be "old news" the day (or likely before) Windows 7 is released

    MS does not control the Net 😉

  2. Anonymuos says:

    So this will only prevent online validation? Until SP1 updates the OS validation to block this key, people can use it?

  3. johnick says:

    Oh, really? You lazy boys.

    You should had been quite familar with what had been goin’ on with the OEM SLP activation ever since the public release of Windows Vista, but you did nothing to effectively stop it. People had been editing SLIC tablesin  BIOS chips and even came up with a more secure plan of modifying BIOS chips in Ethernet adapters to activate Vista.

    I’m talking about hard flashing chips here. And in here, your plan for OEM factory activation had totally become a nightmare, against which there is no way to fight. You cannot even tell accurately which machine SLP information is fake or not.  

    After this long a time, you guys didn’t even make any change in Windows 7. What a joke. You guys still call it reliable? OMG, Com’n, boys. Replacing a master key for a specific vendor could realy solve the problem?

    You had your mechanism completely leaked to the public. Even a monkey knows how the OEM SLP activation works, thus how to defeat it.

    Sooner or later, consumers will know all the master keys from various vendors, and use it on any computer they wish.

    Change the mechanism, instead of just replacing keys. What do you say?

  4. MSDN Archive says:

    The purpose of the post was to acknowledge what had happened and to reiterate our position that we will focus our efforts on what we can do that reduces the risk of any given hack or method of circumventing activation from creating victims out of well-meaning paying customers.

    I would also like to remind readers that our program is effective at this goal and we aim to keep it effective. The way in which we will respond to this particular issue will be designed to reduce the likelyhood that someone could manufacture and sell our software or a PC pre-loaded with software that uses this hack. I think in time we’ll see that we are effective at achieving that goal.

  5. Good afternoon, I have time using genuine Windows because I like to buy my operating system, but to see so many leaks in the new Internet operating system and a few bought our system, and another group are not pirated in any way, but nothing is so law, those making the law also makes the trap so I buy my operating system Windows 7 to be able to work well, but if there are still many things to correct such memory consumption, which is faster when searching for music the players, and would be more stable.

    regarding the price of the ultimate version is still very high in my country we are talking about a very high amount in local currency, and indeed there will be very few people buy it, which is why Microsoft has to find a solution to that everybody can buy operating systems and in many countries cost more than the actual value of a product more easily and give end-users, so you do not have as many leaks

  6. hch says:

    The point is that there will always be hacks.  If you want to use software and not pay for it then MS says go ahead and hack away.  They weren’t going to get your sale anyway.

    What they don’t want is for people to pay for MS software and not get the real thing.

    It’s in bold text above if you really can’t be bothered to read the whole post.

  7. monkeybagel says:

    johnick-

    If you want to continue to steal your software, go ahead.  We all look up to you so much, and all want to be like you.  That is my goal in life, and I am sure that’s Alex’s goal too.  If we could somehow figure out how to steal a copy of Windows 7 we would have all of the women in the world we would ever want.  You are SO cool.  Just think when you get old enough to drive how much fun life will be.  Can we go for a ride?

  8. While others buy a pirating groups, such as mine I bought my operating system, while others take the easy way, many like to violate the laws and international agreements, not me, I like to buy all my products to have rights to claim, I am not like others, I do not like to steal anything, he who steals what caught sooner or later.

  9. atabrk says:

    the first commend…

    🙂

    it’s the best i’ve ever met 🙂

    "Does microsoft rule the internet?"

  10. Breach says:

    monkeybagel — you are apparently missing the point. This is not about pirates vs. legitimate users – it’s about the fact that the Windows’ activation scheme has been defeated since Vista SP0 and Windows 7 apparently doesn’t change a thing about it. Simply because the current activation model with OEMs is critically flawed be design. Also if I understand correctly blacklisting this key is an exercise in futility, so ultimately it’s not worth the blog space…

    "The Windows Activation Technologies included in Windows 7 are designed to handle situations such as this one, and customers using these tools and methods should expect Windows to detect them." — apparently this fails to work too.

  11. monkeybagel says:

    Breach — I understand the point.  My point is there will always be piracy.  There is no sense of the OP to brag about it and criticize Microsoft calling them “lazy boys” on their own forum.  There may be hacks and the like, but what Microsoft is trying to stop is "casual piracy" and widespread use.  This has obviously come under scrutiny since the Windows XP VL hole was closed – people are looking for alternate ways.  If someone is going to modify their BIOS to circumvent activation – let them.  I really don’t think Microsoft cares that much.  It is not an open door as the Windows XP Volume License media/key was, and that was Microsoft’s goal – to close that door.  It has been closed, except for a few enthusiasts and the like.

    Most PCs are licensed with Windows – someone might be able to pay less for a lower SKU and circumvent the upgrade license, but these people are not going to pay for Windows anyway.  The people mainly exploiting this are the people that build white box computers with motherboards that don’t have SLP, and are taking a great risk while doing so.  I would hate to ruin a perfectly good ThinkPad T42p by trying to rip off Microsoft by installing a non-approved BIOS.

    And it is because of users like the one above that causes us to deal with activation in Microsoft Office 2010.  That VL door has been closed as well.  And for us that do run corporate networks and are responsible with proper licensing – that stuff just makes our jobs more difficult.

    My point – the more that Microsoft does to enforce activation, the more difficult my job with be as a System Administrator.  People are always going to steal software.  Those people are not paying customers, so Microsoft does not “lose” money by them stealing it.  There will always be “mad scientists” that experiment and tinker.  Who really cares about that?

    Microsoft’s bulk revenue is through OEM licensing through new PCs, Enterprise/SA and Office licenses.  I don’t think a 12 year old that stays on IRC all day long passing digital certificates around is really what they are worried about here.

  12. YooBlu says:

    Its always the same old story over and over again… Microsoft releases a product and it gets cracked, this is what happened with Vista and now Windows 7, I am sick of this and I don’t understand how the developers are not smart enough to fully test this type of cracks/hacks on Windows 7 before they send the product out.

    Microsoft will never win this battle as much as you try.

  13. ok, very good response, which is why we must help those who make this system because it is a very tedious and very tired, that’s where the pirates do not understand, because if one does something, it takes time and Many hours of work and something that if you certify to the authorities is to take your patent and pay their taxes, I will always be piracy existed, but we can do that we acquired our original system, guard against these malicious and non – let them come into our computers.

    another thing is the price that many people still find very high, at least to me, I have appeared many people who want to have the new operating system and that his main complaint is that this very expensive, and I say that it costs because it is a lot of work to be finished in time for a product such

  14. TSS_Killer says:

    “Our primary goal is to protect users from becoming unknowing victims, because customers who use pirated software are at greater risk of being exposed to malware as well as identity theft.”

    Sorry…it’s time for Microsoft to wake up and realize that people with Genuine Microsoft products still get malware and identity theft. As a technician, all of my clients have genuine copies of XP and Vista for example. They still have some sort of malware on their machines because of the various holes in Windows and Internet Explorer (and yes, they have automatic updates turned on). If Microsoft actually coded more efficiently and not releasing unstable operating systems as “RTM” or “Final”, we wouldn’t have this problem.  

    Word to the wise where they need it the most.

  15. johnick says:

    monkeybagel,

    Although your first comment is based nowhere, I quite agree with you on your second.

    I got seriously misunderstood by you, friend. Misunderstanding is terrible, and concluding from these imaginations hurts.

    Tens of thousands of people are using pirated software and they know what they are doing. Persuading these ignorants to respect software makers is an impossible task. I kinda wish Microsoft could employ much tighter policy fighting piracy, at least just don’t let them get their way that easily.

    However, your sayings are right. There will always be those guys who would like to exploit…

    My respect for you, monkeybagel.

    And my greatest wishes for Microsoft. Hope that this time, you guys could finally get the long due good luck for family NT 6.

  16. YooBlu says:

    Why you didn’t post my reply?

    Ho ya, I forgot you people never accept the truth behind you faults!!

  17. MSDN Archive says:

    Just a reminder for everyone, I have to individually approve each comment for posting. I do this in part because of issues we had with people posting very inapropriate content (but that was quite a while ago) and also because of issues with spam being posted as comments.

    So far I have posted EVERY comment that has been made in respone to this post. I’m not trying to censor anyone but just a reminder that comments that include excessive inapropriate language or threats (legal or personal) won’t be posted.

    Oh, and sometimes it can take me a few hours or even a day to get back to the blog to review comments and approve so if your comment isn’t posted right away don’t worry, I’ll get to it.

    Thanks everyone!

  18. Good afternoon one more thing, I tried to send a computer virus to destroy my pc, but thanks to the installed antivirus quue not have been possible that Microsoft could do about it to create a virus that is competent against those who seek to harm the computers of users of Microsoft, and even more emails I was sending as the ip dectectar can this person not to harm me, because I have valuable information on where I work and I do not want to destroy me the information I have.

    thank you very much

  19. bigcheese48 says:

    My four year old desktop computer, purchased new from Dell is now telling me CONSTANTLY that I have an unlicensed version of Windows.  Do you suppose someone broke into my house last night and maliciously substituted my operating system for a counterfeit one?  I don’t think so.  What the devil is going on here and how do I resolve it?  Please help me someone.

    spackler@hotmail.com

  20. monkeybagel says:

    johnick-

    I apologize for misunderstanding your original post.

    A few things to note here-

    Just like any type of security, the more security – the more inconveniences are stemmed from it.  Just like the lock on your car or your home.  The more security employed, the more inconvenient it is.  It’s the same with WPA and WGA.  Microsoft is trying meet in the middle.  They understand that IT Professionals have needs and try their best not to cause too much inconvenience but yet want to protect themselves.  Can you image what rampant piracy would take place if Windows 7 were wide open like Windows 2000 or Windows 98 in this day in age where everyone has very fast Internet connections?  It would be passed around the office to everyone to make a copy.

    I think Microsoft is doing a good job at stopping the majority of piracy but yet not making the people that do license the software go through too many hoops to keep it working.

    As for the stealing of software, it will always take place in the US and more so in other Asian countries – it is impossible to stop.

    Also, people need to keep in mind the scope of Microsoft software.  It is installed on millions of computers worldwide in many different countries.  No matter how hard they try, they CANNOT keep this type of software, meant to be used on all of the worlds desktop computers, under lock and key.  A Microsoft employee once said, if you are going to pirate software, we hope you pirate our software.  That is a good point.  If people do pirate the software, they use it and become accustomed to it and may become paying customers one day.  If they do not use it and use an alternative, the chances of them becoming paying customers are not as likely.

    Windows 7 is the best Windows product to come out of Microsoft in a long time.  Instead of them spending time implementing more restrictive technologies to prevent people from stealing it, the spent time making a superb product, and that they did.  It has very much restored my confidence in Microsoft software after Windows Vista did not quite become what I had hoped for.

    TSS_Killer – What exactly are your clients doing to obtain malware and identity theft?  The original Microsoft bits do not send this data to Microsoft or any other entity.  Microsoft is stating that if you obtain products from alternate sources, it could be slipstreamed with a virus or malware.  It is very easy to create bootable media and insert your own code into it.  If one is running a questionable OS from the start, all bets are off with security.  No OS is completely secure, so your clients have obtained malware through malicious web sites or other means and installed it.

    I can’t believe how people will go out and pay $60.00 USD for a game and a monthly subscription, and do this several times per year, but will not pay for their operating system.  The operating system is the most crucial part of the functioning of their computer, yet people skimp on that.  It also has more lines of code and much more development time invested.   What Microsoft asks for their operating system software is a very small amount considering the development time and investment they have placed in their product.  And, they service this product for TEN YEARS for business operating systems.  The asking price is a very small price to pay IMO.

  21. MSDN Archive says:

    Thanks monkeybagel. We are trying to balance much of what you describe and I agree with your closing comments as well.

    For the record I was a Sys Admin myself years ago and I understand how challenging new product requirements can be particularly when they relate to either deployment or licensing. We have tried our best to balance reducing the exposure of the product to piracy through Volume Activation while also keeping to a minimum the additional requirements for the ITPro. We’re always open to feedback on things like that though.

    Thanks again for your comments.

    -Alex

  22. DarkKIRA says:

    Is it a game for leakers/hackers/crackers (as you want) or a challenge?

    well, i just think people like piracy.

    as longer as games will not run under linux os, windows will be hack, ever.

    that what I think. why the reason for people to buy an OS which can defeat as easely and every time?

    Why Microsoft use the same activation rules, keys?

    bye.

  23. agathos says:

    People who cheat on MS do that as some kind of punishment.

    Microsoft has proved to be a greedy company,choking small or smaller companies, selling Betta software and selling it at too high prices.

    Lotus-Netscape etc are small examples.

    It is also a game for the youngsters to use cracked MS products.

    People would spend $100 to crack that pay $50 for legit.

    Agathos

  24. ioniancat21 says:

    This post went all over the place and back but in the end, we can only go by the facts:

    Any and every Microsoft activation scheme has been cracked and broken, such is the software business where practically every popular application on the market has a keygen or crack and a torrent out there on the web for you to download. Microsoft and the WGA crew shouldn’t take it too hard when the concept of them never achieving the goal of creating a crack-proof activation system becomes realized.

    Until then, paying customers must bear the inconvenience of having to prove they purchased their product. I am not as positive about the job that the WGA Team is doing unlike others in the forum here like Monkeybagel for example because they’ve never been successful ever so why should things now be different?

    I too am a paying customer and get most of my licenses for software from my employer being that I’m in the technology field. I have beta tested the Windows 7 RC and I too also liked the product……..but I also understand that Windows 7 is already cracked using similar activation techniques employed with Vista. So, Microsoft will change the key but anyone purposely cracking Windows 7 will also be aware of this action and simply disable Windows Updates until someone posts another valid OEM license key so this Cat and Mouse game will end shortly.

    The original premise of this article was to simply point out that Microsoft has blacklisted the key, regardless of this useless time wasting action, users will still be able to crack Windows 7 anyway so there was absolutely no reason to even bother blacklisting the key.

    Microsoft only has three possible ways they can handle this, any other plan will fail:

    1. Go back to the former licensing method as used in the Windows 98 days and totally trash WGA since it never was or will be successful. The money saved by not wasting precious resources creating activation methods that never worked or will work will be the benefit. Then Microsoft can simply disband the WGA Team and transfer them to other departments in Microsoft where they can finally have the opportunity to create something that actually works rather than giving them the impossible task of securing Windows from activation hacks, which will be impossible being that Windows is installed on your local hard drive. Once a user has full control of both his hardware and software, cracking it

    2. Create the next version of Windows to be a thin client based operating system with most of the OS online and offer it as a subscription based plan. The way it would work is that the user would have a limited set of files on his local PC that only perform the function of connecting you to Microsoft’s servers. At this point a cracker would have to get someones online username and password. In this kind of security model, it would be difficult to give away your credentials because Microsoft would have a much easier time weeding out pirates.

    3. Use a Microsoft CA certificate for activation as spoofing those would be difficult. The problem here is whether or not Microsoft can make the process of activation using these resources user friendly.

    Of course, the hurdle of convincing users to trust your new methods and of course creating such a system so in short, it will be a while until piracy can be stopped for Windows.

  25. Canada Immigration says:

    Does it mean that one who are using the legal product have some problem?

  26. MyscrewSoft says:

    @YooBlu :"Microsoft releases a product and it gets cracked, this is what happened with Vista and now Windows 7, I am sick of this and I don’t understand how the developers are not smart enough to fully test this type of cracks/hacks on Windows 7 before they send the product out."

    Remember that every HERO needs a VILLAIN! When ur POPULAR, u need a really BAD enemy. C’est la vie! That’s a good marketing strategy from MyscrewSoft!

  27. sandeep says:

    worst team of windows 7