The Xbox Live Auth Manager for Windows vulnerability just got fixed

News » Security » Patch Tuesday

Reading time icon 2 min. read

Calendar icon Published on

by Alexandru Poloboc 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • We haven't heard the words Patch Tuesday and Xbox in the same sentence for some time now.
  • This month, however, the Redmond tech giant decided to fix a vulnerability that targets both.
  • Rest assured the Xbox Live Auth Manager for Windows elevation privilege vulnerability is gone.
  • The fix was provided by Microsoft through the monthly Patch Tuesday security fixes rollout.
xbox patch tuesday

Everything that everyone can talk about nowadays is Microsoft’s new Patch Tuesday release which, as you know, happens every second Tuesday of each month.

Today, Mach 8 2022, the Redmond-based tech giant rolled out a total of 71 CVEs, with three marked as Critical, and we have the download links ready for you.

And among those 71 CVEs released this month, is one that targetted Xbox players on the Windows operating system, but thankfully Microsoft already got that covered (CVE-2022-21967).

Another vulnerability scratched off the list by Microsoft

Indeed, this appears to be the first security patch impacting Xbox specifically, so we can understand all the raised eyebrows and confused coughing.

But this isn’t a joke, as Microsoft acknowledged the potential harm this vulnerability could do if it would be exploited by malicious third parties.

Obviously, there was an advisory for an inadvertently disclosed Xbox Live certificate that was released way back in 2015, but this seems to be the first security-specific update for the device itself.

Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

The tech giant even notes that other Windows operating systems are not even affected by this bug.

It still remains a bit unclear how cybercriminals could escalate privileges using this vulnerability, but the Auth Manager component is listed as affected.

This service handles interacting with the Xbox Live service, so if you know that you are reliant on Xbox or Xbox Live, make sure this patch doesn’t go unnoticed.

So, that’s that, we can add another annoying bug to the list of problems will hopefully never have to deal with again in the future.

Did you know about the existence of this vulnerability? Share your thoughts with us in the comments section below.

More about the topics: patch tuesday

Alexandru Poloboc

Alexandru Poloboc Shield

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget freak, he always feels the need to surround himself with next-generation electronics. When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.