The company is removing the trust of certificate from all of its products and services.
Advertisement
Microsoft on Wednesday announced the leak of private keys for Xbox Live that could lead to a potential hack. It is though, a leak that could have potentially put their users at risk. What this means is that attackers can imitate Xbox Live website pages to trick Xbox users into providing confidential information to carry out “man-in-the-middle” attacks.
“Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed”, reads the security warning.
To protect yourself from a potential hack, Microsoft recommends setting up the automatic updates for all supported releases of Microsoft Windows. The source of the disclosure was not explained by Microsoft, but the company did note no attacks from the leak have been detected.
The certificate has been revoked at this point, so only out of date systems would be vulnerable to this attack. The massive database and confidential details of Xbox Live users make the website a good target for hackers.
One of the bigger issues, affecting all users of Windows, fixes a series of graphics memory corruption flaws, which can allow an attacker to install programs, view and delete data, and create new accounts with full user rights. So it is not only the fact that this information could be intercepted, but also the trust we have in the company.
Microsoft held its annual meeting with shareholders December 2, and as is usually the case at these events, a number of important issues came to the fore during the Q&A session. And we’ve already seen a digital assault capture the credit-card numbers, email addresses, and passwords from approximately 77 million people as the result of a cyberattack on Sony’s PlayStation Network.
Advertisement
Microsoft obviously does not want to witness the same issue.
