In one of the forums I was scanning this morning, there was a question brought up: assuming the attack were successful (and this hasn't been confirmed yet), what would happen if a key that was hit upon was also the same key in use by a legitimate customer? Really, this would boil down to a customer service issue and we would work to make sure that our customers are taken care of. Having said this personally I think it's unlikely that this would happen as our product activation servers perform a more rigorous analysis of the keys that are sent up for activation than the local key logic does. For this reason producing keys that will ultimately activate is less likely than just hitting upon one that will pass the local logic. But if anyone does hear of a report of a legit customer being refused a product activation on a genuine key please let us know.
We're looking more deeply into this issue now and I'll post more info soon.