A security hole has been discovered in Microsoft’s product activation process that allows pirates to get a free legitimate activation of Windows 8 using the current Windows Media Center upgrade promotion. people have been having a harder time with Windows 8 because Microsoft no longer allows volume keys — each Windows 8 activation requires a unique key. However, a hole was discovered that involves using the KMS (Key Management System) , and then applying the freely available Windows Media Center upgrade on top of it.
Essentially, those who wish to get a free legitimate installation only need a key for the Windows Media Center upgrade, which is available directly from Microsoft. They simply use any Windows 8 key to reach the desktop during installation of a pirated copy of Windows 8, apply a KMS activation for their current version (to prevent piracy we will not be covering this step in detail), and then go on to use the Windows Media Center upgrade key they obtained from Microsoft themselves. Due to the fact that the WMC upgrade process does no checks for the validity of the activation, any activated copy of windows (even ones which were activated via KMS) are upgraded to a valid version of Windows 8 via the WMC upgrade. Uh oh!
A Key Management System activation allows your unlicensed copy of Windows to be fully usable for 180 days. It’s typically used to help Volume Licensing customers automate and manage the activation process, but pirates have found a way to take advantage of it. On top of that, Microsoft is simply handing out unlimited upgrade keys for Windows Media Center, providing a gateway to free activations.
Effectively, the upgrade key will replace the KMS activation, allowing you to be legitimately activated. Reddit user noveleven explains how we know that Microsoft will not again check for legitimacy after 180 days:
When you activate Windows via KMS, in the activation window it says “Windows is activated until…” and a date (so if you were to install it today, it would say it’s activated until May). After installing the upgrade, the window just says “Windows was activated on…” and the date of activation. That means the activation is permanent.
When you install the upgrade key, that replaces the existing product key; only the new upgrade key is used for future checks. Windows won’t check the key you used to install because it no longer has it.
The promotion period for the free upgrade ends in January, so the damage that could potentially be done by pirates within the next month and a half is probably minimal.