Right on cue, Microsoft has started to push a Windows Phone 7 security update. The update blocks fake SSL certificates, which could be used for spoofing, phishing and other nefarious activities. The update notification should arrive OTA and prompt you to perform the update via the Zune software. We’ve seen reports of updates seen on an assortment of devices. Our Samsung Focus, revision 1.3, has yet to receive the update.
Below is the changelong for Update 7.0.3292
Fix for fraudulent third-party digital certificates. This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users. This update moves the affected certificates to the “Untrusted Publishers” certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used.
Have you seen the update? Let us know in the comments or in our Windows Phone forums.