Microsoft on Tuesday began distributing the expected Windows Phone 7 security update. The patch will address security concerns stemming from fraudulent SSL certificates. As outlined previously, users will get an over-the-air notification that will prompt them to sync their handsets using the Zune client on their computers in order to obtain the actual update.
Build 7.0.3292 of Windows Phone 7 contains the critical fix for the nine untrusted digital certificates first found in late March. The update will move the nine certificates in question to the untrusted publishers certificate store on Windows Phone, ensuring they are not used.
The vulnerability could lead to phishing attacks, content spoofing or performing other attacks against all browsers, Microsoft warns.
