Xbox Certificate Leaked, Hacker Attacks on Xbox Live Possible

The small dongle sits in your USB port and allows you to use up to eight Xbox One controllers with your computer of choice. The leaked digital certificate can not be used to impersonate domains, create new certificates or sign code.

Microsoft reports that it “inadvertently disclosed” the private keys for sensitive security certificates, which hackers can use to acquire Xbox LIVE account information from Windows users.

More details about this security issue are available at Microsoft’s website.

Tricked Xbox users might then hand over their username and password, potentially leading to yet more attacks on the user.

Microsoft’s security staff has detected an issue with one of the company’s SSL certificates issued for the *.xboxlive.com domain and has chose to revoke it and avoid exposing customers to MitM (Man in the Middle) attacks.

Though Microsoft isn’t now aware of attacks related to the certificate fumble, it says that the issue affects all supported releases of Microsoft Windows. “We’ll update you as soon as we know more”, Microsoft wrote on Xbox Live’s support page quoted by Attack of the Fanboy.

Major Nelson announced via Twitter that the Xbox One Wireless Adapter, which previously was only compatible with Windows 10, is now capable of working with PC’s running Windows 7 and 8.1.

As part of Tuesday’s monthly set of updates, the company issued 12 bulletins fixing dozens of vulnerabilities in Windows, Windows Server, Internet Explorer, and Office, and other products. This means that cyberattackers could duplicate an Xbox Live website without triggering any of the warnings you would get for browsing a site with faulty certificates. Once binded to a wireless Xbox One controller, users can enjoy the same gaming experience on their PC as they do their console, including in-game chat.