zddgame
/
Game Information
/
Microsoft Accidentally Leaks Xbox Live Keys, User Data at Risk of Man-in-the-Middle Attacks
Microsoft Accidentally Leaks Xbox Live Keys, User Data at Risk of Man-in-the-Middle Attacks-October 2024
Oct 22, 2024 7:40 PM

  Private security keys securing Xbox Live accounts have been "inadvertently disclosed," after which Microsoft was forced to update its Certificate Trust List (CTL) for all the supported releases of Microsoft Windows.

  

Xbox Live at the risk of MitM attacks:

Encryption keys that secure Xbox Live accounts are designed to confirm the authenticity of a digital certificate when a user connects to xboxlive.com domain. Since these private keys were leaked by Microsoft, connections made to the site may not be secure. There is no information about how this leak happened, however, to remedy the problem, Microsoft has updated its CTL for all the releases of Microsoft Windows.

  This leak means an attacker could intercept the data being transmitted between a user and Microsoft's servers by impersonating the xboxlive.com domains in a typical man-in-the-middle (MitM) attack fashion. Essentially meaning that the impersonation can trick an Xbox user into handing over their username and password, which means even further attacks.

  The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. - Security Advisory

  Microsoft says it's not aware of any attacks and that the users should be safe after installing all the recommended updates. Patrick Hilt, CTO Miracle commented to SCMagazine that this is not a solution but "just mitigation. Older versions of Windows don't automatically update the CTL unless CTL updater service is manually installed, which will leave some machines open to a MITM attack." However, John Gunn of Vasco Data Security commented to the same report that large-scale attacks, placing significant numbers of Xbox Live users at risk "are simply not going to happen." He further added, "the leak does open the door to possible man-in-the-middle attacks, but hacking organisations with the potential to inflict serious damage have other methods of attack that will yield better results than this could."

  While "this type of disclosure can prove attractive to attackers looking to fool or trick users into giving over private or sensitive information," Josh Goldfarb, CTO at FireEye told BBC News, "the risk is relatively easy to remediate by updating the list of trusted certificates."

  Whatever the extent of attacks, users are strongly advised to download and install all the recommended update for Windows, updating the lists of trusted certificates on their systems.

  You can find more details and recommendations in the advisory note.

Previous Article:The Division Alpha Leaked Screenshots Look Promisingly Stunning Next Article:Gearbox Software Also Opening New Studio in Canada
Comments
Welcome to zddgame comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Game Information
Divinity: Original Sin 2 Expanded With Free DLC and a Graphical Novel
Mega Man Battle Network-Inspired One Step From Eden Gets Surprise PS4 Launch
Indie Soulslike Mortal Shell Looks Gorgeous in New Gameplay Videos
PlayStation 5 To Feature A “Complete Rearchitecting Of The User Interface”; Console Design Is Customizable In Ways Previous Gens Weren’t
Latest Articles
XCOM 2 Review – A Matter of Performance
Ark Survival Of The Fittest Isn’t PS4 Exclusive & Will Release On XO; Release On PS4 Is For Testing
Windows 10 Gaming Engagement Increases By 50% Due To Xbox One Titles
GoW 4 Devs Don’t Want to Segment the Audience in Multiplayer, Would Love to Be Successful in eSports
Shooter Game LawBreakers Public Alpha Confirmed, New Trailer Released
Battlefleet Gothic: Armada Review – Glacial Space
DC Universe Online Coming to Xbox One Really Soon, But It Won’t Have Cross-Play
Amazing The Witcher 3: Blood and Wine Screenshots Released by CDPR
Latest Articles
DOOM PC Advanced Settings Revealed, Inside Look At idTech 6 Engine Architecture And More Coming Soon
[UPDATED] Untitled Spiderman PlayStation 4 Title Revealed By Online Resume
3D Isometric RPG Seven, Made by Former CDPR Developers, Gets Video Reveal
Microsoft Reports Xbox Hardware Revenue Decline For Q3 2016
[UPDATE – New Screenshots Now Out] The Witcher 3 Blood and Wine Back Cover Surfaces Online, New Screenshots Coming Today
Amazon Is Now Blocking Non-Prime Members from Buying Certain Games
MXGP2 Review – Digging in the Dirt
Lichdom Battlemage Runs At 1080P On PS4/XO But Is One Of The Worst Console Ports Ever
About
Terms and Conditions Privacy policy Cookie Settings Contact Us
Services
Login register
zddgame Entertainment News Gaming News Game Information Game Library Codes Puzzle Games
Links
zpostcode Recruit weather mreligion Yellowpages sport constellation shopping name game directory literature Word tour furnish Lottery tftnews lyrics News digital car dir Edu Finance
Copyright 2023-2024 - www.zddgame.com All Rights Reserved