Wednesday, November 21, 2012

Windows 8 Pro hole allows activation with Windows Media Center installation

For now -- until it's patched -- those who want to jump through a slight number of hoops can get Windows 8 Pro activated for free. In addition, the exploit being used to produce the final "product" is Microsoft's own.

Microsoft is currently offering the Windows 8 Media Center (WMC) Pack for free. The offer was launched on Oct. 26 and is scheduled to run until Jan. 13, 2013. Users only have to register with a valid email address (and solve a CAPTCHA) and they will receive a valid product key which they can use to upgrade.

The hole involves using a key generated by Microsoft's KMS (Key Management System), and then applying the free Windows Media Center upgrade on top of it.

KMS removed the ability of pirates to use volume licenses en masse. Instead, enterprises with a Microsoft volume license agreement activate new Windows installations using a KMS server located on their network.

The activation is temporary and has to be renewed every 180 days, but that is done seamlessly for the end user. In this case, it seems that after applying the free WMC upgrade with the supplied Microsoft key, the temporary KMS activation becomes permanent.

This applies whether the activation is legitimate or rogue. Pirates have been using rogue KMS servers to activate their copies; with the newly found hole, they can now activate their Pro copies permanently.

Reddit user noveleven explained how the hack works:
When you activate Windows via KMS, in the activation window it says "Windows is activated until..." and a date (so if you were to install it today, it would say it's activated until May). After installing the upgrade, the window just says "Windows was activated on..." and the date of activation.

That means the activation is permanent. When you install the upgrade key, that replaces the existing product key; only the new upgrade key is used for future checks. Windows won't check the key you used to install because it no longer has it.
noveleven did not provide instructions on how to obtain a pirated copy of Windows 8 and activate it using a rogue KMS server. It should be obvious, though, that those wanted to do this can easily discover the information using Google or Bing or a number of hacker forums.

No comments: