Yesterday we were alerted to reports of a leak of a special product key issued to an OEM partner of ours. The key is for use with Windows 7 Ultimate RTM product that is meant to be pre-installed by the OEM on new PCs to be shipped later this year. As such, the use of this key requires having a PC from the manufacturer it was issued to. We've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key.
Windows 7 already includes an improved ability to detect hacks, also known as activation exploits, and alert customers who are using a pirated copy. There is a hack that is said to enable, when paired with the leaked key, a system to install and use a copy of Windows 7 Ultimate. Both the hack and the key are indications that a copy of Windows may not be genuine. The Windows Activation Technologies included in Windows 7 are designed to handle situations such as this one, and customers using these tools and methods should expect Windows to detect them.
Our primary goal is to protect users from becoming unknowing victims, because customers who use pirated software are at greater risk of being exposed to malware as well as identity theft. Someone asked me recently - and I think it's worth noting here -- whether we treat all exploits equally in responding to new ones we see. Our objective isn't to stop every "mad scientist" that's out there from dabbling; our aim is to protect our customers from commercialized counterfeit software that impacts our customers' confidence in knowing they got what they paid for. That will continue to be our focus as we continue to evolve our anti-piracy platforms, and respond to new threats that we see emerge in the future.
So in short: Lenovo gets a new key, the 22TKD-... key will not go into production and will be blacklisted with the next WGA update.
We basically need a new OEM key that has been used on a sufficiently large amount of OEM machines so that blacklisting it is no longer possible.