Microsoft issues first Windows Phone security update


4 May 2011

Microsoft on Tuesday released the first security update for Windows Phone 7, replicating for smartphone users a patch the company gave Windows desktop users six weeks ago.

When the update will actually reach users is unclear.

“At the time of release, the update is not available for all Windows Phone 7 customers,” Microsoft said in a security advisory. “Instead, customers will receive an on-device notification once the update is available for their phone.”

Tuesday’s update is designed to blacklist nine digital certificates acquired by a hacker in March from Comodo, one of many companies that issues SSL (secure socket layer) certificates.




“This update moves the affected certificates to the ‘Untrusted Publishers’ certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used,” Microsoft said in an explanation on its Windows Phone update history Web page.

Shortly after Comodo acknowledged the attack, an Iranian claimed responsibility for hacking into the company’s network and making off with the certificates.

Microsoft did not respond to questions Tuesday, including why the Windows Phone 7 update was released six weeks after the Windows desktop patch.

In a blog post, a Microsoft executive said the update would not reach all Windows Phone 7 users immediately.

“How you get 7392 depends on your mobile operator and what updates you’ve installed,” said Eric Hautala, general manager of Windows Phone 7’s customer experience engineering team.

According to Microsoft’s timetable , all U.S. users of Windows Phone 7-powered smartphones have already received the March update — dubbed ‘NoDo’ by the company — or are in the process of receiving that update, making it uncertain when they would get the certificate-related update.

Several HTC and LG smartphone owners reported on various Windows Phone 7 forums Tuesday that they had received the update, however.

But some who had used an unauthorised tool last month to get the NoDo update said that they were unable to install the patch .

After developer Chris Walsh released the tool in early April — and before Microsoft asked him to pull it — Hautala had claimed that users might not receive future updates , or could experience other problems if they used Walsh’s software.

Walsh had stepped in when Microsoft was unable to promptly deliver a pair of promised feature-related, non-security updates for Windows Phone 7. By late March, users were ranting online about the slow progress of those updates, which eventually prompted a mela culpa from Microsoft’s chief smartphone executive.

Read More:

Comments are closed.

Back to Top ↑