Microsoft is currently working on a patch to block several fake SSL certificates that may affect Windows Phone 7 owners, WinRumors has learned.
The software giant warned of nine fraudulent digital certificates earlier this week. Certification authority Comodo issued the certificates in what the company calls a “politically motivated” attack. The certificates have been revoked by Comodo and Microsoft has issued an update for all supported desktop versions of Windows to help address the issue. Microsoft says the certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
Microsoft is currently working on a Windows Phone 7 update to address the issue on its latest range of smartphones. The company confirmed to WinRumors that mobile devices, applications and servers accessing websites affected by the nine fraudulent certificates are potentially impacted. “Fraudulent digital certificates are not a Microsoft security vulnerability” explained Microsoft Trustworthy Computing manager Bruce Cowper. “We have been working to develop a mitigation update for Windows Phones,” added Cowper. Microsoft has not provided a specific time-line for the update saying it will provide “additional guidance as it comes available.”
The update could be the first over-the-air (OTA) test of Microsoft’s Windows Update feature for Windows Phone. The company has yet to issue any updates over-the-air and has started to push out larger significant updates via the company’s Zune software. Microsoft has previously promised that any security or emergency updates could be pushed out OTA.