Microsoft working on new Windows Phone 7 update to patch fraudulent SSL certificates

By Tom Warren, on 25th Mar 11 11:52 am with 9 Comments

Microsoft is currently working on a patch to block several fake SSL certificates that may affect Windows Phone 7 owners, WinRumors has learned.

The software giant warned of nine fraudulent digital certificates earlier this week. Certification authority Comodo issued the certificates in what the company calls a “politically motivated” attack. The certificates have been revoked by Comodo and Microsoft has issued an update for all supported desktop versions of Windows to help address the issue. Microsoft says the certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Microsoft is currently working on a Windows Phone 7 update to address the issue on its latest range of smartphones. The company confirmed to WinRumors that mobile devices, applications and servers accessing websites affected by the nine fraudulent certificates are potentially impacted. “Fraudulent digital certificates are not a Microsoft security vulnerability” explained Microsoft Trustworthy Computing manager Bruce Cowper. “We have been working to develop a mitigation update for Windows Phones,” added Cowper. Microsoft has not provided a specific time-line for the update saying it will provide “additional guidance as it comes available.”

The update could be the first over-the-air (OTA) test of Microsoft’s Windows Update feature for Windows Phone. The company has yet to issue any updates over-the-air and has started to push out larger significant updates via the company’s Zune software. Microsoft has previously promised that any security or emergency updates could be pushed out OTA.

  • Arne Helseth

    Hah, I specifically asked WinPhoneSupport about this on Twitter the other day and they said the WP7 browser was not affected (which, of course, I knew was complete hogwash – but still)…

    It’s good they are bringing out a fix though. Question is whether we’ll receive it this year or not :p

  • sarkis chamelian

    This is Great News, they are actually working on a patch for the Windows Phone environment !! People may criticize microsoft, but this is proof that they care and adamant to get a fix out. a bit of the topic , but to be honest if you look at andirod and iOS they constantly have updates…that tells you its not really a great OS, why fix something that isnt broke right….its so anyoing that you have to keep updating your device; on one hand you have great popular platforms but in the long run what would you rather have?, a device that doesnt bug you ALL the time with UPDATE ME ! or a device that just works and has hardly any problems which I actually like :D WP all the way :D

    • Anonymous


    • Pieter Kroon

      double LOL, what is this all about? Loads of nonsense… :P Ohh well, WP7 definitly has potential, even though it could use more updates :P

  • Frankotirador19

    Bueno de aqui a dos años esta actualización llegará, testing…Scheduling—-testing—Scheduling—–Testing—-Scheduling —-Loop eterno

  • Anonymous

    Hurray! Another update they’ll never release to the public. Great work Microsoft. This die hard fan is being KILLED by the recent crap Microsoft continues to pull. They don’t have the luxury of getting it right the 3rd and 4th time. The platform that I love is going to be extinct because they’re performing so horribly.

  • GP007

    Since this sorta patch probably just does a small tweak to IE security wise there’s no need to do a whole ROM flash like with the NoDo update etc, a OTA update like what apps do fits the best and also doesn’t get the carriers in the mix I bet.

  • Anonymous

    Hrmm.. If ATT blocks this patch it may very well be the thing i could use to void my contract with them and switch to a less crappy network.

  • Bobby Cannon

    Go leave your comments here. Let Microsoft know how you feel about the update status.