The Xbox Live Auth Manager for Windows vulnerability just got fixed
2 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- We haven't heard the words Patch Tuesday and Xbox in the same sentence for some time now.
- This month, however, the Redmond tech giant decided to fix a vulnerability that targets both.
- Rest assured the Xbox Live Auth Manager for Windows elevation privilege vulnerability is gone.
- The fix was provided by Microsoft through the monthly Patch Tuesday security fixes rollout.
Everything that everyone can talk about nowadays is Microsoft’s new Patch Tuesday release which, as you know, happens every second Tuesday of each month.
Today, Mach 8 2022, the Redmond-based tech giant rolled out a total of 71 CVEs, with three marked as Critical, and we have the download links ready for you.
And among those 71 CVEs released this month, is one that targetted Xbox players on the Windows operating system, but thankfully Microsoft already got that covered (CVE-2022-21967).
Another vulnerability scratched off the list by Microsoft
Indeed, this appears to be the first security patch impacting Xbox specifically, so we can understand all the raised eyebrows and confused coughing.
But this isn’t a joke, as Microsoft acknowledged the potential harm this vulnerability could do if it would be exploited by malicious third parties.
Obviously, there was an advisory for an inadvertently disclosed Xbox Live certificate that was released way back in 2015, but this seems to be the first security-specific update for the device itself.
Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
The tech giant even notes that other Windows operating systems are not even affected by this bug.
It still remains a bit unclear how cybercriminals could escalate privileges using this vulnerability, but the Auth Manager component is listed as affected.
This service handles interacting with the Xbox Live service, so if you know that you are reliant on Xbox or Xbox Live, make sure this patch doesn’t go unnoticed.
So, that’s that, we can add another annoying bug to the list of problems will hopefully never have to deal with again in the future.
Did you know about the existence of this vulnerability? Share your thoughts with us in the comments section below.
User forum
0 messages