Advertisement

Xbox certificate leaked, Microsoft warns of potential attacks

by Eric Frederiksen | December 9, 2015

In a recent group of patches and security updates, Microsoft warned that encryption keys for  the certificate for the Xboxlive.com domain had been inadvertently disclosed in what ArsTechnica calls “a security fumble by Microsoft’s internal IT team.”

The wildcard SSL/TLS security certificate is used to secure connections to the Xboxlive.com domain, and anyone with the keys could potentially use them to perform a “man-in-the-middle” attack to get Xbox Live user information. This leak affects all supported versions of Windows and could even affect Xbox systems if they’re contacting the Xbox Live domain.

The certificate has been revoked at this point, so only out of date systems would be vulnerable to this attack. Because of that, the keys are unlikely to get much, if any, use. Even so, making sure your OS and console are both up to date isn’t a bad idea.

It’s unclear how exactly the keys were disclosed, but it sounds like it accidentally shared with a partner, so the key may not even be in the wild. It never hurts to be on the safe side and make sure your systems are up to date, however, just to be safe.

Ars Technica

Advertisement


Eric Frederiksen

Eric Frederiksen has been a gamer since someone made the mistake of letting him play their Nintendo many years ago, pushing him to beg for his own,...Eric Frederiksen has been a gamer since someone made the mistake of letting him play their Nintendo many years ago, pushing him to beg for his own,...


Advertisement