[source: team-xecuter.com (http://team-xecuter.com/how-ms-killed-the-xor-hack/)] With the new 15*** update, M$ has added a new key to their hash calculation for the rc4 key. It's basically just the first 16 bytes of the header, which include the version number, entrypoint, and size. These are all per-CB, per-version, so we cannot take a keystream from a 15*** CBB and use it to make a 14*** CB because the CBA on 14*** is unable to calculate the rc4 key no matter what we change.

http://www.eurasia.nu/modules.php?name=News&file=article&sid=3029