The Xbox Live Auth Manager for Windows vulnerability just got fixed

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • We haven't heard the words Patch Tuesday and Xbox in the same sentence for some time now.
  • This month, however, the Redmond tech giant decided to fix a vulnerability that targets both.
  • Rest assured the Xbox Live Auth Manager for Windows elevation privilege vulnerability is gone.
  • The fix was provided by Microsoft through the monthly Patch Tuesday security fixes rollout.
xbox patch tuesday

Everything that everyone can talk about nowadays is Microsoft’s new Patch Tuesday release which, as you know, happens every second Tuesday of each month.

Today, Mach 8 2022, the Redmond-based tech giant rolled out a total of 71 CVEs, with three marked as Critical, and we have the download links ready for you.

And among those 71 CVEs released this month, is one that targetted Xbox players on the Windows operating system, but thankfully Microsoft already got that covered (CVE-2022-21967).

Another vulnerability scratched off the list by Microsoft

Indeed, this appears to be the first security patch impacting Xbox specifically, so we can understand all the raised eyebrows and confused coughing.

But this isn’t a joke, as Microsoft acknowledged the potential harm this vulnerability could do if it would be exploited by malicious third parties.

Obviously, there was an advisory for an inadvertently disclosed Xbox Live certificate that was released way back in 2015, but this seems to be the first security-specific update for the device itself.

Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

The tech giant even notes that other Windows operating systems are not even affected by this bug.

It still remains a bit unclear how cybercriminals could escalate privileges using this vulnerability, but the Auth Manager component is listed as affected.

This service handles interacting with the Xbox Live service, so if you know that you are reliant on Xbox or Xbox Live, make sure this patch doesn’t go unnoticed.

So, that’s that, we can add another annoying bug to the list of problems will hopefully never have to deal with again in the future.

Did you know about the existence of this vulnerability? Share your thoughts with us in the comments section below.

This article covers:Topics: