However, according to Microsoft, the certificate couldn’t be used to issue other certificates, impersonate other domains, or sign code.
Advertisement
Microsoft’s security staff has detected an issue with one of the company’s SSL certificates issued for the *.xboxlive.com domain and has chose to revoke it and avoid exposing customers to MitM (Man in the Middle) attacks. Armed with Xbox website’s SSL/TLS digital certificates, hackers can prompt users to re-enter usernames and passwords on an insecure network.
Private security keys securing Xbox Live accounts have been “inadvertently disclosed”, after which Microsoft was forced to update its Certificate Trust List (CTL) for all the supported releases of Microsoft Windows.
Microsoft says it’s not aware of any attacks and that the users should be safe after installing all the recommended updates.
John Gunn, vice president at Vasco Data Security told SCMagazineUK.com that a large-scale attack that would place significant numbers of XboxLive users at risk “are simply not going to happen”. Eight of these updates are rated as critical and two in particular were classified as vulnerabilities already known to be subject to attacks. In response, I would point you to the increasingly annoying near-daily pop-ups now urging me to “UPGRADE TO WINDOWS 10 NOW” before my computer lights on fire/the Earth explodes/I show up to work with no pants/the government kills my family/an old ex-girlfriend calls me up to break up with me a second time/Adam Sandler gets to make another movie. The official Xbox Live status page lists all services working as intended, so if you want to play your digital collection of games, you can do so now.
You can find more details and recommendations in the advisory note.
Microsoft obviously does not want to witness the same issue.
Advertisement
However at launch it seemed that Microsoft was intent on promoting Windows 10, so much so that support for the device was only available for Windows 10 PCs.
