Users noticed that last week Microsoft developers disabled the offline activation method for Windows 11 and 10 via KMS38, which has been used by hackers around the world for years. However, the official release notes don’t mention these changes.
KMS38 was developed by enthusiasts from the Massgrave project ( MAS, Microsoft Activation Scripts ), known for its repository of unofficial tools for activating Windows and Office .
The essence of this activation method was to trick the system file GatherOSstate.exe ( a utility that determines whether the current system is eligible for an upgrade ), extending the Key Management Service ( KMS ) activation period from the usual 180 days to January 19, 2038 .
Setting a more distant date was prevented by the year 2038 (Y2K38) problem.
The fight against KMS38 began almost two years ago.
The first signs appeared in January 2024, when gatherosstate.exe disappeared from the Windows 26040 installation image. This meant that during major upgrades and reinstallations, the system would reset the activation grace period , forcing the user to reconnect to the KMS server.
However, the final blow to KMS38 came with the optional Windows 11 update KB5067036, released in October 2025. In this update, Microsoft completely removed the GatherOSstate feature, and after November’s Patch Tuesday (KB5068861 and KB5067112) , KMS38 finally stopped working.
Massgrave developers have confirmed that this method no longer works. In the latest version of MAS 3.8, KMS38 support has been completely removed.
Massgrave recommends users to use alternative methods: HWID (hardware ID) and TSforge, which also work.
It’s worth noting that in 2023, it emerged that Microsoft support engineers themselves sometimes resort to Massgrave’s Windows activation solutions.
Furthermore, it has been repeatedly emphasized that Massgrave’s tools are open source and that the project files have long been available on Microsoft’s GitHub . However, the company takes no action against crackers.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
