Pirates have found a loophole in the Windows 8 activation chain
The most difficult part of installing and using a pirated copy of Windows 8, apart from making sure that it does not contain any hidden malware, is getting it activated. Each Windows 8 installation requires a unique key, which is different from previous versions of Windows where so called Volume Keys were available and widely distributed.
A loophole has recently been discovered that can activate pirated versions of Windows 8 permanently. The loophole takes advantage of Microsoft's ongoing Windows Media Center promotion that is giving away free keys for the upgrade to Windows 8 Pro users. So, after installation of Windows 8 Pro on a PC and the activation via KMS, entering the Windows Media Center promo key is all it takes to get the system activated for good.
The Media Center keys are given away for free by Microsoft until January 31, 2013 after which they will be offered for a price. To enter the code in Windows 8 Pro, you search for add features using the new Charms Bar search. A click on Add features to Windows 8, the selection of I already have a product key, and the entering of the product key that Microsoft sent to you is all it takes to activate Windows 8 permanently.
This works because there is no check for the legitimacy of the underlying operating system when the new key is verified and the system turned into Windows 8 Pro with Media Center. The key that is entered in the process is the new product key that Windows uses for activation checks in the future and not the key that was originally entered during installation of the system.
The system is permanently activated after the procedure, which you can verify by opening the activation window which should read "Windows is activated" and no longer "Windows is activated until".
Below is a screenshot of Windows Activation of a legit Windows 8 Pro system. It also shows the "add features" button.
The big issue for Microsoft is the missing check of the underlying operating system key when the upgrade is being processed. Coupled with an anonymous process to get a key for the Windows Media Center upgrade - all that you need is to enter an email address, any email address - it is almost certain that the method willÂ be exploited heavily in the coming weeks.
Microsoft could prevent that from happening by adding a check for the product key of the underlying system to the upgrade process. (via Reddit, thanks Ilev)