Redmond is scrambling to propagate a new certificate for the *.xboxlive.com domain, having “inadvertently disclosed” the certificate’s contents. In its advisory, Microsoft says the accidental disclosure of the cert’s private keys could expose customers to man-in-the-middle attacks, although the cert “cannot be used to issue other certificates, impersonate other domains, or sign code”.
Redmond doesn’t say how many people may have seen the certificate.
View full story
ORIGINAL SOURCE: The Register