Last month, Microsoft rolled out a major OS update to Xbox One devices. This update aligns Xbox One with the core code of Windows 10. And, as we already know, Microsoft’s intent is to deliver this unified code to all its devices. On one hand, this seems like a positive move, allowing all devices to take advantage of a single app store and to be able to run the same code and apps across a multitude of gadgets and PCs. But, on the other hand, it means that anything running Windows 10 code will be susceptible to the same security vulnerabilities and will fall victim to the monthly Patch Tuesday.
Case in point, yesterday Microsoft released a security advisory and patch for an Inadvertently Disclosed Digital Certificate (Advisory 3123040). Here’s the description of this update:
The purpose of this advisory is to notify customers that the private keys for an SSL/TLS digital certificate for *xboxlive.com have been inadvertently disclosed. The SSL/TLS certificate could be used to perform man-in-the-middle attacks against Xbox Live customers.
Additionally, this issue affects all supported editions of Windows, including Windows 10 and Windows 10 Version 1511. And, while its not exactly a security flaw in the OS, it does mark an interesting discussion.
Xbox One users have been used to getting updates already. Microsoft updates the gaming system regularly. It’s been no big deal. But, that was before a major Windows 10 update. Now, that the Xbox One runs from the same core code, will it be affected by the same QC problems that Windows patches have been plagued with for the last several years? There is no WSUS for Xbox, so patches can’t be tested before rolling them out.
I was joking with someone yesterday that it would be interesting to be out running with the Microsoft Band version 3 (rumored to run Windows 10 code) and have to pause my workout to perform a cumulative update. Interesting is probably not the right word.