SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Includes a Compromised Xbox Live Certificate
SecurityTracker Alert ID:  1034343
SecurityTracker URL:  http://securitytracker.com/id/1034343
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 9 2015
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1, 10; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows. A remote user may be able to conduct man-in-the-middle attacks.

The operating system includes an SSL/TLS certificate for *.xboxlive.com for which the private keys have been disclosed. The vulnerability is due to the compromised certificates and not the operating system itself.

A remote user can conduct a man-in-the-middle attack against Xbox Live users.

Windows Phone 8 and 8.1 and Windows 10 Mobile are also affected.

Impact:   A remote user can conduct a man-in-the-middle attack against Xbox Live users.
Solution:   The vendor has revoked the affected certificate.

Systems running Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows 10 Version 1511 and devices running Windows Phone 8, Windows Phone 8.1, and Windows 10 Mobile are automatically updated.

Other systems configured with the automatic updater of revoked certificates do not need to apply a fix.

The vendor's advisory is available at:

https://technet.microsoft.com/en-us/library/security/3123040

Vendor URL:  technet.microsoft.com/en-us/library/security/3123040 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC