Windows 7 Ultimate cracked and activated with OEM master key

Windows 7 has yet to even be released officially to the general public, and already the dodgy folk on the Internet have fully cracked and activated the Ultimate version, with help from a leaked Lenovo OEM DVD .ISO file.

The news comes from various Chinese forums who state that you can already pass Windows Genuine Advantage validation offline, OEM style.

The leaked .ISO was originally posted on a Chinese forum, which was then downloaded in order for people to get hold of the boot.wim, and in turn retrieving the OEM-SLP key, plus the OEM activation certificate. Microsoft uses the same digitally signed OEM certificate, which has an .xrm-ms extension, as that in Windows Vista. Another point to note is that the key is a master one, which can be used to activate other OEM branded installations, like ones from Dell, HP or indeed Lenovo.

This is quite concerning; as mentioned, Windows 7 has yet to even be released, and it can be fully activated. This demonstrates the risk such a huge company as Microsoft takes when distributing a product as significant as an operating system, but this was essentially inevitable, regardless. It's interesting that a product can be pirated and activated before it's properly released to customers.

Microsoft was not available for comment at the time of writing.

Updated: A Microsoft spokesperson has confirmed to Neowin: "we are aware of reports of activation exploits that attempt to circumvent activation & validation in Windows 7, and we can assure customers that Microsoft is committed to protecting them from counterfeit and pirated software. Microsoft strongly advises customers not to download Windows 7 from unauthorized sources. Downloading Windows 7 from peer-to-peer Web sites is piracy, and exposes users to increased risks – such as viruses, Trojans and other malware and malicious code—that usually accompany counterfeit software."

Update 2: Microsoft has confirmed that they will be blacklisting the key. According to Alex Kochis, Director of Genuine Windows at Microsoft: "we've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key."

Report a problem with article
Previous Story

Twitter changes homepage to focus on search

Next Story

iPhone bug to hijack phone by SMS will be revealed tomorrow

255 Comments - Add comment