Hack Is No Game: Microsoft Patches Xbox Bug

Microsoft quietly fixed an Xbox 360 bug that allowed a user to bypass security and run their own applications or operating systems on the console.
Researchers have found a flaw in Xbox 360 that enables users to run their own applications or other operating systems on the gaming console.

The good news it that Microsoft quietly fixed the flaw with a patch that came out in January.

The patch, which was released on Jan. 7, fixes a problem in a security mechanism that allows hackers to break through the barrier and run their own software with full access and privileges. The privilege escalation vulnerability was classified as "critical" in a BugTraq advisory posting. The advisory was posted by an anonymous hacker.

"Can an Internet-connected games console be an interesting addition to the available systems for a botnet?" asks Arrigo Triulzi, a handler at the SAN's Internet Storm Center, in a blog post. "Difficult question to answer trivially: there are many parameters to the game On the one side you have low-latency, high-speed DSL lines favored by gamers, but on the other side you have a totally novel operating system which you have to develop for, not to mention the connection time of these systems. What are the chances of a games console being left on 24-by-7 compared to a home PC on a DSL link? So we are probably back to the old story of 'return on investment.' Is it worth my while to develop a new engine and virus to go after the Xbox 360s? Probably not. There are still plenty of Windows systems which will do just fine."

The update was pushed out via Xbox Live, Microsoft's online gaming service. It also can be downloaded off the Xbox Web site.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Terry White, Associate Chief Analyst, Omdia
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer