Microsoft Working On Patches For Fraudulent SSL Cerifificates on WP7

Earlier this week Microsoft warned of  fraudulent SSL cerifificates issued by certification authority Comodo. Since then the certificates have been revoked and Microsoft let us in on which domains were affes The SSL certificates can be used in a few ways to virtually attack the user including phishing scams. In turn this could be in fact WP7’s first Over the Air update as this is a security concern and should be a very small patch.

‘Microsoft is currently working on a Windows Phone 7 update to address the issue on its latest range of smartphones. The company confirmed to WinRumors that mobile devices, applications and servers accessing websites affected by the nine fraudulent certificates are potentially impacted. “Fraudulent digital certificates are not a Microsoft security vulnerability” explained Microsoft Trustworthy Computing manager Bruce Cowper. “We have been working to develop a mitigation update for Windows Phones,” added Cowper. Microsoft has not provided a specific time-line for the update saying it will provide “additional guidance as it comes available.”’

It’s good to hear that Microsoft is already working on a patch. Hopefully bigger updates will get the same treatment in the future.

Source: WinRumors