Skip to main content

First Windows Phone 7 security update issued

Microsoft has issued the first security update for its latest mobile operating system.

Update 7.0.7392.0 fixes a flaw which, in the wrong hands, could allow nine known fraudulent security certificates, issued by a single untrusted root certificate authority, to spoof content, mount phishing or man-in-the-middle attacks against web browser users.

The update moves the dodgy certificates into the 'untrusted publishers' store on mobile devices preventing them from being accidentally used.

The certificates, which were issued by Comodo and were first reported on March 23rd, also affect all Windows, Windows Mobile 6, Zune and, erm, Kin devices and affect the following well-known and often-used web properties:

login.live.com
mail.google.com
www.google.com
login.yahoo.com (3 certificates)
login.skype.com
addons.mozilla.org
"Global Trustee"

Staggered updates will be pushed over-the-air to WP7 users and you can find out when your particular territory or handset is ready to rock here.