Microsoft acknowledges Windows 7 activation leak

Alex Kochis, director of Genuine Windows, acknowledges that an activation key given to Lenovo for Windows 7 installs has been exposed, distributed on the Internet.

Dong Ngo SF Labs Manager, Editor / Reviews

CNET editor Dong Ngo has been involved with technology since 2000, starting with testing gadgets and writing code for CNET Labs' benchmarks. He now manages CNET San Francisco Labs, reviews 3D printers, networking/storage devices, and also writes about other topics from online security to new gadgets and how technology impacts the life of people around the world.

See full bio

Dong Ngo

July 31, 2009 12:17 p.m. PT

3 min read

Alex Kochis, Microsoft's director of Genuine Windows, posted a blog late Thursday addressing the "leak of a special product key" of Windows 7 RTM (release to manufacturers). This confirmed the rumor on Tuesday that an ISO file of Windows 7 RTM sent to Lenovo that contains a master key--a number used to verify the authenticity of the software--was leaked to the Internet.

According to the blog, "The key is for use with Windows 7 Ultimate RTM product that is meant to be preinstalled by the OEM (original equipment manufacturer) on new PCs to be shipped later this year. As such, the use of this key requires having a PC from the manufacturer it was issued to. We've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key."

This means the hacked key will still work, though it will likely be identified, presumably when the computer with this version of the hacked Windows 7 OS installed connects to download updates from Microsoft.

Kochis said Windows 7 includes an improved capability to detect activation exploits and it should be able to alert the customer when the leaked version or other hacks are used to install Windows 7 on a PC.

He added, "Our primary goal is to protect users from becoming unknowing victims, because customers who use pirated software are at greater risk of being exposed to malware as well as identity theft. Someone asked me recently--and I think it's worth noting here--whether we treat all exploits equally in responding to new ones we see. Our objective isn't to stop every "mad scientist" that's out there from dabbling; our aim is to protect our customers from commercialized counterfeit software that impacts our customers' confidence in knowing they got what they paid for."

Personally, I don't see what Microsoft can do now that the key and the ISO is out in the wild, other than wait for a system installed with that copy of Windows 7 to connect to its update servers. In the meantime, it can issue another key to OEMs to make sure they don't use they leaked key and hope that consumers will buy its genuine product and, of course, pay the full price for it.

It's safe to say that we probably have to wait for a service pack of the operating system to be sure that this leak is fully addressed. In the meantime, this leaked key could still pose a big problem if the hackers are able to alter the ISO and sell it as counterfeit retailed package of the OS. In this case, customers will only find out that they don't have an genuine copy, if they ever do, when it's too late.