Xbox Hypervisor Security Protection Hacked

ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well." From Bugtraq "We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access."

Re:That's Because...

[TubeSteak]

Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
Patch Development Time (In Days): 6

Does MS force updates for things like this?

How Useless.

[Rdickinson]

"Bug was fixed in version 4552 (released Jan 09, 2007 - not a
Patch Tuesday)."

Fixed already for most people , anyone who's connected to xbox live.

I'm not sure why there still protecting the system like they are though, 'backup' games are already rife due to hacked DVD rom firmware (which they seem to be unable to back fix), so why not let it run arbitary code, didnt hurt the xbox 1?

Timelines for Vulnerability Fixes

[lmnfrs]

Timeline:
..
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
..
Patch Development Time (In Days): 6

Interesting to compare timelines affecting Microsoft's users to timelines affecting Microsoft's control schemes.