Microsoft has released the first security update for Windows Phone 7, a similar security update that the company gave Windows desktop users six weeks ago.
The 1st Windows Phone 7 security update is designed to blacklist nine digital certificates acquired by a hacker in March from Comodo however it is unclear when the update will reach end users.
- Fix for fraudulent third-party digital certificates. This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users. This update moves the affected certificates to the “Untrusted Publishers” certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used. For more info, see Microsoft Security Advisory (2524375).
At the time of release, the update is not available for all Windows Phone 7 customers; instead, customers will receive an on-device notification once the update is available for their phone.
To learn more or to install the update, Windows Phone 7 customers will have to connect their phone to a computer and use the Zune PC client or Windows Phone 7 Connector (for Mac) to complete the update process.