1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft updates trust list after private key for Xbox Live leaks

Discussion in 'CSO' started by RSS, Dec 8, 2015.

  1. RSS

    RSS New Member Member

    On Tuesday, Microsoft updated their Certificate Trust List (CTL) after the private key for xboxlive.com was leaked to the Web. The company didn't explain how the leak happened, but the exposed certificates were immediately revoked and replaced.

    "Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks," the software giant explained in their advisory.

    "To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate."

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page