As our sources confirmed back in April, Microsoft has indeed started today rolling-out its security update for Windows Phone 7. The firmware update 7.0.7392.0 is the expected fix for fraudulent third-party digital certificates. This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users.
Today's Microsoft Windows Phone 7 updates moves the affected certificates to the "Untrusted Publishers" certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used.
Interesting enough, Deutsche Telekom has already incorporated the latest update into its NoDo update which it has started rolling-out today to its HTC 7 Mozart devices. All other Windows Phone 7 users are expected to receive a separate update notification on their device.Cheers ~ Arne