Wednesday, May 04, 2011

Microsoft rolls out security update 7.0.7392.0 to Windows Phones.

I woke up this morning with my HTC Mozart displaying a new update notification for Windows Phone. Since I blogged about this a while ago, I knew instantly that it was about the announced security update to fix an issue caused by one root certificate authority who issued nine untrusted certificates. That can lead to spoofing and phishing. Note that this is an industry-wide issue, not just one affecting Windows Phone. So whatever phone, desktop OS or browser you're using, making sure you have the latest update installed. 



These certificates affect the following Web properties:
login.live.com
mail.google.com
www.google.com
login.yahoo.com (3 certificates)
login.skype.com
addons.mozilla.org
"Global Trustee"


Update 7.0.7392.0

Fix for fraudulent third-party digital certificates. This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users. This update moves the affected certificates to the "Untrusted Publishers" certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used.


No comments:

Post a Comment