The good news it that Microsoft quietly fixed the flaw with a patch that came out in January.
The patch, which was released on Jan. 7, fixes a problem in a security mechanism that allows hackers to break through the barrier and run their own software with full access and privileges. The privilege escalation vulnerability was classified as "critical" in a BugTraq advisory posting. The advisory was posted by an anonymous hacker.
"Can an Internet-connected games console be an interesting addition to the available systems for a botnet?" asks Arrigo Triulzi, a handler at the SAN's Internet Storm Center, in a blog post. "Difficult question to answer trivially: there are many parameters to the game On the one side you have low-latency, high-speed DSL lines favored by gamers, but on the other side you have a totally novel operating system which you have to develop for, not to mention the connection time of these systems. What are the chances of a games console being left on 24-by-7 compared to a home PC on a DSL link? So we are probably back to the old story of 'return on investment.' Is it worth my while to develop a new engine and virus to go after the Xbox 360s? Probably not. There are still plenty of Windows systems which will do just fine."
The update was pushed out via Xbox Live, Microsoft's online gaming service. It also can be downloaded off the Xbox Web site.