Microsoft patches security vulnerability of Xbox 360s… but no-one knew about it?
Everyone who uses Windows OS is familiar with patching his system for security vulnerabilities, but it seems the Xbox 360 is in need of one as well. Microsoft has recently released a fix for a security vulnerability that could let Xbox 360 owners or those who can get into your system run their own applications or operating systems on the console.
The Problem: Despite this, Microsoft has decided not to call the System Update 01-2007 a security fix but an OS upgrade. Some people have expressed their outrage at this, saying that Microsoft is covering up their mistake. They are stating that the release of this patch was done too discretely and that a lot of owners should learn about this problem.
In addition, if you are one of the 6 million users who have connected their system to XBox Live and have made an account, your system may have been patched without you knowing. If it’s fine that Microsoft can modify your system remotely without you knowing about it, then it’s no problem. However, more people feel this is unfair and have openly shown their displeasure at this decision by Microsoft.
Should you choose to patch your system with Xbox 360 OS Update 01-2007: If you have Xbox Live, then it should have updated immediately. If your Xbox 360 is not connected to the internet, then you can download it via the link we’ve provided below and burn the program to a CD or DVD (it should be in the main partition of the CD/DVD). Place it in your Xbox 360, and it will automatically update. Reboot your system and you’re done.
Download: Xbox 360 OS Update 01-2007
Click on the full article to read more.
Everyone who uses Windows OS is familiar with patching his system for security vulnerabilities, but it seems the Xbox 360 is in need of one as well. Microsoft has recently released a fix for a security vulnerability that could let Xbox 360 owners or those who can get into your system run their own applications or operating systems on the console.
The Problem: Despite this, Microsoft has decided not to call the System Update 01-2007 a security fix but an OS upgrade. Some people have expressed their outrage at this, saying that Microsoft is covering up their mistake. They are stating that the release of this patch was done too discretely and that a lot of owners should learn about this problem.
In addition, if you are one of the 6 million users who have connected their system to XBox Live and have made an account, your system may have been patched without you knowing. If it’s fine that Microsoft can modify your system remotely without you knowing about it, then it’s no problem. However, more people feel this is unfair and have openly shown their displeasure at this decision by Microsoft.
Security Vulnerability: The tamper protection mechanism that was installed on the Xbox 360 was not enough to stop hackers from breaking through and running their own software, including operating systems such as Linux. This could be a problem considering over 10 million units have been sold.
While the patch was recently released last January, it seems that the flaw was discovered last November 2006 and fixed this January. The flaw which as described by the hacker in a popular security listing reads:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.
This basically means that if someone could get access to your system, he could bump up his privilege and allow that person access to your programs or worse, run one of his own. Microsoft has released a statement on this last Friday. “Microsoft has worked with the party that reported this issue and has already distributed a fix across our distribution methods, both online and offline.” In addition to this, a representative stated that “The update was pushed out via Xbox Live, Microsoft’s online gaming service. Any game coming out after February 20 will ship with the fix, which is also available for download on the Xbox Web site.”
Should you choose to patch your system with Xbox 360 OS Update 01-2007: If you have Xbox Live, then it should have updated immediately. If your Xbox 360 is not connected to the internet, then you can download it via the link we’ve provided below and burn the program to a CD or DVD (it should be in the main partition of the CD/DVD). Place it in your Xbox 360, and it will automatically update. Reboot your system and you’re done.
Download: Xbox 360 OS Update 01-2007