Share this article

Improve this guide

The Xbox Live Auth Manager for Windows vulnerability just got fixed

2 min. read

Published onMarch 8, 2022

published onMarch 8, 2022

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Everything that everyone can talk about nowadays is Microsoft’s new Patch Tuesday release which, as you know, happens every second Tuesday of each month.

Today, Mach 8 2022, the Redmond-based tech giant rolled out a total of71 CVEs, with three marked as Critical, and we have thedownload linksready for you.

And among those 71 CVEs released this month, is one that targetted Xbox players on the Windows operating system, but thankfully Microsoft already got that covered (CVE-2022-21967).

Another vulnerability scratched off the list by Microsoft

Another vulnerability scratched off the list by Microsoft

Indeed, this appears to be the first security patch impacting Xbox specifically, so we can understand all the raised eyebrows and confused coughing.

But this isn’t a joke, as Microsoft acknowledged the potential harm this vulnerability could do if it would be exploited by malicious third parties.

Obviously, there was anadvisoryfor an inadvertently disclosed Xbox Live certificate that was released way back in 2015, but this seems to be the first security-specific update for the device itself.

Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

The tech giant even notes that other Windows operating systems are not even affected by this bug.

It still remains a bit unclear how cybercriminals could escalate privileges using this vulnerability, but the Auth Manager component is listed as affected.

This service handles interacting with the Xbox Live service, so if you know that you are reliant on Xbox or Xbox Live, make sure this patch doesn’t go unnoticed.

So, that’s that, we can add another annoying bug to the list of problems will hopefully never have to deal with again in the future.

Did you know about the existence of this vulnerability? Share your thoughts with us in the comments section below.

More about the topics:patch tuesday

Alexandru Poloboc

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.

A certified gadget freak, he always feels the need to surround himself with next-generation electronics.

When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Alexandru Poloboc

Tech Journalist

With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.