microsoft Inadvertently Disclosed Digital Certificate Could Allow Spoofing
Published: December 8, 2015
Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com
for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.