Microsoft leaks Xboxlive SSL server cert

Patch Tuesday not over yet

8 Reg comments Got Tips?

Redmond is scrambling to propagate a new certificate for the *.xboxlive.com domain, having “inadvertently disclosed” the certificate's contents.

In its advisory, Microsoft says the accidental disclosure of the cert's private keys could expose customers to man-in-the-middle attacks, although the cert “cannot be used to issue other certificates, impersonate other domains, or sign code”.

Redmond doesn't say how many people may have seen the certificate.

All supported releases of Microsoft Windows carry the Xboxlive certificate, but revocation – which the company has in hand, it says – should propagate to everybody automatically.

If you're using anything from Windows 8 onwards, the process will be automatic. Users of Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 will be covered if they use the automatic certificate updater, which Microsoft points to here.

If you're not covered by the automatic update, Microsoft says you should add this to your untrusted certificates, using the Certificates MMC snap-in.

It's unlikely that the leak has been used in any active attacks. The certificate slip is in addition to Microsoft's mammoth 71-bug salute to Patch Tuesday. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Skype for Windows 10 and Skype for Desktop duke it out: Only Electron left standing

Updated I just can't quit you, Skype. Oh maybe I can... they've tweaked the close function

Microsoft sprinkles a little Skype Meet Now integration on Windows 10 for Insiders

Plus: Annoying chat show host asks 'What the hell happened to Skype?' and users cry out: Let my People go... or at least banish it from Start

Not one to be outdone by Microsoft, Apple's cloud fell over too. Unlike Microsoft, it hasn't said what happened

Apple TV, iCloud Mail, iWork for iCloud, App Store and more go TITSUP*

Indonesia starts taxing Minecraft, Skype, Zoom and Twitter

Regional video streaming companies added to list of entities required to pay Digital Services Tax

Official: Microsoft will take an axe to Skype for Business Online. Teams is your new normal

Blade to swing in 2021, but 'onboarding' for new Office 365ers starts in September

Friends, it's fine. Don't worry about randomers listening to your Skype convos. Microsoft has tweaked an FAQ a bit

'Automated and manual' data processing – so humans, yeah?

Leaked benchmarks from developer kit for Apple's home-baked silicon appear to give Microsoft a run for its money

Before you get too excited 1) They're benchmarks 2) New consumer Arm-based Macs might use something else

Microsoft sides with Epic over Apple developer ban, supports motion for temporary restraining order

'Apple’s discontinuation of Epic’s ability to develop and support Unreal Engine for iOS or macOS will harm game creators and gamers,' says Microsoft

Biting the hand that feeds IT © 1998–2020