A "critical" vulnerability in Microsoft's Xbox 360 video game console could let an attacker run unauthorized software on machines that haven't been fixed, assuming the individual has physical access to the machine. A Wednesday report says the flaw was disclosed to Microsoft on January 3 and the company released a fix for the problem on January 9, which would have been downloaded over the internet to affected systems connected to Microsoft's Xbox Live network. People without access to the Xbox Live online network can download the patch to a computer and burn it on to a DVD or CD. The flaw is in a piece of the Xbox's security software known as the hypervisor, which controls access to the system's memory and manages encryption and decryption functions.
"Microsoft has completed the investigation into the public claims of a vulnerability in Xbox 360 ... and has already distributed a fix across our distribution methods, both online and offline," said John Rodman, senior product manager for the Xbox global platform team.
News source: CBC News
10 Comments - Add comment