- We haven’t heard the words Patch Tuesday and Xbox in the same sentence for a while now.
- This month, however, the Redmond tech giant decided to patch a vulnerability that targets both.
- Rest assured that the Xbox Live Auth Manager elevation privilege vulnerability for Windows is gone.
- The fix was provided by Microsoft through the monthly Patch Tuesday security patch rollout.
All anyone can talk about these days is Microsoft’s new Patch Tuesday release which, as you know, happens every second Tuesday of every month.
Today, Mach 8 2022, the Redmond-based tech giant deployed a total of 71 CVEs, three of which were marked as critical, and we have the download links ready for you.
And among those 71 CVEs released this month, there was one that targeted Xbox gamers on the Windows operating system, but luckily Microsoft has already covered that (CVE-2022-21967).
Another vulnerability removed from the list by Microsoft
Indeed, this appears to be the first security patch specifically affecting Xbox, so we can understand all the raised eyebrows and confused coughs.
But that’s no joke, as Microsoft has acknowledged the potential damage this vulnerability could cause if exploited by malicious third parties.
Of course there was a advisory for an inadvertently leaked Xbox Live certificate that was released in 2015, but this appears to be the first security-specific update for the device itself.
Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com whose private keys were inadvertently leaked. The certificate could be used in attempted man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported versions of Microsoft Windows. Microsoft is not currently aware of any attacks related to this issue.
The tech giant even notes that other Windows operating systems are not even affected by this bug.
It is still unclear how cybercriminals could elevate privileges using this vulnerability, but the Auth Manager component is listed as affected.
This service handles interaction with the Xbox Live service, so if you know you depend on Xbox or Xbox Live, make sure this fix doesn’t go unnoticed.
So, there you have it, we can add another annoying bug to the list of issues that we hope to never have to deal with in the future.
Did you know about this vulnerability? Share your thoughts with us in the comments section below.
Start a conversation