Level Up Your Life

Subscribe

Private Keys For Microsoft Xbox Live Website Leaked

spandaslui Avatar
spandaslui

Microsoft has updated its Certificate Trust List (CTL) in response to the private key for xboxlive.com being leaked online through a SSL/TLS digital certificate. The CTL has been updated for all supported releases of the Windows operating system.

While Microsoft has not provided details on how the leak occurred (the company only noted that the certificate for *xboxlive.com was “inadvertently disclosed”), it has revealed the compromised certificate could potentially be used by attackers to perform man-in-the-middle attacks against Xbox Live customers.

This issue affects all Windows operation systems that are still supported by Microsoft including Windows 10, Windows Server and Windows Phone. You can see the full list of affected operating systems on Microsoft’s Security Advisory 3123040.

According to Microsoft:

“To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate.”

Users of the following Windows operating systems will have their certificate trust lists updated automatically:

  • Windows 8.1, Windows RT
  • Windows RT 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 10
  • Windows 10 Version 1511
  • Windows Phone 8
  • Windows Phone 8.1
  • Windows 10 Mobile.

“For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of certificate trust lists (see Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action as these systems will be automatically protected.”

Microsoft has not provided recommendations on what to do if you run on other affected Windows operating systems.

Yesterday, Microsoft also released a dozen security patches, most of which were for “critical” vulnerabilities on Windows operating systems.

[Via Microsoft Security Advisory]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments

One response to “Private Keys For Microsoft Xbox Live Website Leaked”

READ THE COMMENTS