Microsoft Releases First Security Update For Windows 7 Phones
In addition to Microsoft's ongoing updates related to the "copy and paste" support of the new Windows phones, Microsoft this week also begun the distribution a small new security update for phones.
Its sole purpose is to fix nine fraudulent third-party digital certificates. Once installed, youll see "OS version: 7.0.7392.0" when you tap Settings>About>More Info on your phone.
This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users. This update moves the affected certificates to the "Untrusted Publishers" certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used. You can read more about 7392 on Microsoft's Update History page.
How you get 7392 depends on your mobile operator and what updates youve installed. Users with Deutsche Telekom and Optus, for example, will receive 7392 and the March update together. If youve already installed the March update, youll receive 7392 as a standalone download or bundled with a future update.
Microsoft added that owners pf Windows phone 7 that had previously updated their phones using any unofficial mechanisms may not be able to update past build 7390. "Unfortunately for those customers out there who acted on information from sources outside of Microsoft, the rubber meets the road today, " the company said.
With Windows Phone update build 7392 going out to phones via the official update mechanism, those people who have used the unsupported method of forcing 7390 onto their phones will find that their phones will not update to 7392, Microsoft said. With the official update process there is a requirement that the package on the phone also be official in order to update itself.
This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users. This update moves the affected certificates to the "Untrusted Publishers" certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used. You can read more about 7392 on Microsoft's Update History page.
How you get 7392 depends on your mobile operator and what updates youve installed. Users with Deutsche Telekom and Optus, for example, will receive 7392 and the March update together. If youve already installed the March update, youll receive 7392 as a standalone download or bundled with a future update.
Microsoft added that owners pf Windows phone 7 that had previously updated their phones using any unofficial mechanisms may not be able to update past build 7390. "Unfortunately for those customers out there who acted on information from sources outside of Microsoft, the rubber meets the road today, " the company said.
With Windows Phone update build 7392 going out to phones via the official update mechanism, those people who have used the unsupported method of forcing 7390 onto their phones will find that their phones will not update to 7392, Microsoft said. With the official update process there is a requirement that the package on the phone also be official in order to update itself.