NEWS
Alex Kochis, Microsoft's director of Genuine Windows, posted a blog late Thursday addressing the "leak of a special product key" of Windows 7 RTM (release to manufacturers). This confirmed the rumour on Tuesday that an ISO file of Windows 7 RTM sent to Lenovo that contains a master key - a number used to verify the authenticity of the software - was leaked to the internet.
According to the blog: "The key is for use with Windows 7 Ultimate RTM product that is meant to be preinstalled by the OEM [original equipment manufacturer] on new PCs to be shipped later this year. As such, the use of this key requires having a PC from the manufacturer it was issued to. We've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key."
This means the hacked key will still work, though it will likely be identified, presumably when the computer with this version of the hacked Windows 7 OS installed connects to download updates from Microsoft.
Kochis said Windows 7 includes an improved capability to detect activation exploits and it should be able to alert the customer when the leaked version or other hacks are used to install Windows 7 on a PC.
He added: "Our primary goal is to protect users from becoming unknowing victims, because customers who use pirated software are at greater risk of being exposed to malware as well as identity theft.
"Someone asked me recently - and I think it's worth noting here - whether we treat all exploits equally in responding to new ones we see. Our objective isn't to stop every 'mad scientist' that's out there from dabbling; our aim is to protect our customers from commercialised counterfeit software that impacts our customers' confidence in knowing they got what they paid for."
It's safe to say that we probably have to wait for a service pack of the operating system to be sure that this leak is fully addressed. In the meantime, this leaked key could still pose a big problem if the hackers are able to alter the ISO and sell it as counterfeit retailed package of the OS. In this case, customers will only find out that they don't have a genuine copy, if they ever do, when it's too late.
Comments
There is 1 comment. Join the discussion
1. anonymous
Amazing, isn't it, that the only true route to security is through vendor lock-in? Those sadly misguided open-source/free software people obviously don't know a thing about security.