3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0

Posted on Tuesday December 08, 2015  |  security alerts

Revision Note: V1.0 (December 8, 2015): Advisory published.
Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. Read the bulletin here.