from Xbox-Scene News:

This was posted moments ago on Security Focus’ BugTraq list and looks like a follow-up to the anonymous 23C3 Hacker Congress presentation held end december. Looks like some huge news (Unsigned Code Execution in Hypervisor Mode) even if it’s already patched by Microsoft in the latest kernel release:
[QUOTE]
Security Advisory: Xbox 360 Hypervisor Privilege Escalation Vulnerability

Release Date:: February 28, 2007

Author: Anonymous Hacker

Timeline:
* Oct 31, 2006 – release of 4532 kernel, which is the first version
containing the bug
* Nov 16, 2006 – proof of concept completed; unsigned code running in
hypervisor context
* Nov 30, 2006 – release of 4548 kernel, bug still not fixed
* Dec 15, 2006 – first attempt to contact vendor to report bug
* Dec 30, 2006 – public demonstration
* Jan 03, 2007 – vendor contact established, full details disclosed
* Jan 09, 2007 – vendor releases patch
* Feb 28, 2007 – full public release
Patch Development Time (In Days): 6

Severity: Critical (Unsigned Code Execution in Hypervisor Mode)

Vendor: Microsoft

Systems Affected: All Xbox 360 systems with a kernel version of 4532 (released Oct 31, 2006) and 4548 (released Nov 30, 2006). Versions prior to 4532 are not affected. Bug was fixed in version 4552 (released Jan 09, 2007 – not a Patch Tuesday).

Overview:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.