Friday, February 24, 2012

Preventing Product Key Disclosure attacks

If you are not already familiar with Windows Product Key Tools, there are an abundance of them available such as Magical Jelly Bean Keyfinder and many others.

Of course, any user with administrative privileges on a workstation or a server can then execute this tool and they will suddenly have your supposedly secret Product Key!  If you do not currently have a volume licensing agreement for a KMS (Key Management Service) server and a KMS key, you will most likely have to resort to using a MAK (Multiple Activation Key).  While the KMS keys require re-activation with a KMS Server on a periodic basis (such as every 6 months), MAK keys do not have that same imposed limitation and restriction.  Therefore, this places your MAK keys at a very high risk of being disclosed and re-used elsewhere without proper permission and authorization.

Fortunately, the folks at Microsoft have a solution to workaround this problem.  Starting with Windows Vista/Server 2008, you can now run a Windows Command Line command to prevent Product Key Disclosure attacks.  This command essentially clears out the product key information from the registry thereby preventing Product Key discovery tools from functioning properly.

The command that you can run in a command prompt window is: slmgr /cpky

Interestingly enough, after you run this command and then attempt to run one of these Key Finder or Product Key tools, you will still be able to view a Windows Product Key, however, the product key is completely incorrect!  Many times it will simply return a series of a single character such as all B's.

Now you can protect your coveted Windows Product Keys with the peace of mind that it will not be easily revealed and re-used elsewhere (such as on a home PC) by any of your standard corporate users.

No comments:

Post a Comment