Microsoft sews XBox privilege vulnerability

By Dan Kaplan on Mar 7, 2007 12:42 AM
Filed under Applications

Microsoft has silently patched a privilege-escalation flaw in Xbox 360 that would have let users run operating systems and other programs on the popular gaming console.

The software giant fixed the vulnerability on 7 January, according to an anonymous security advisoryrecently posted on SecurityFocus. The bug can grant privileged access to a state known as hypervisory mode. Hypervisor is software that runs on a hardware machine and manages one or more operating systems.

According to the advisory, all games and applications on Xbox normally run in non-privileged mode.

Security experts wondered if this opens the door for more gaming console hacks.

"Can an internet-connected games console be an interesting addition to the available systems for a botnet?" SANS Internet Storm Center handler Arrigo Triulzi asked readers today on the organisation’s blog.

"…Is it worth my while to develop a new engine and virus to go after the Xbox 360s? Probably not, there are still plenty of Windows systems which will do just fine."
Keywords
microsoft, sews, xbox, privilege, vulnerability
Related

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register
comments powered by Disqus
Sign up to receive SC Magazine email newsletters
   FOLLOW US...
Most Read