Microsoft issues first security patch for Windows Phone 7

Microsoft has issued its first security update for Windows Phone 7, designed to protect against attacks following the nine digital certificates that were stolen from SSL certification firm Comodo.

Microsoft explained in a Security Advisory that Windows, Windows Mobile 6.x, Windows Phone 7, Microsoft Kin and Zune devices are all affected by the theft which could be used to generate a number of different attacks.

"Comodo advised Microsoft on March 16 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity," the company said.

"These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users including users of Internet Explorer."

Microsoft's update page for Windows Phone 7 explained that the patch will prevent users visiting sites associated with the fraudulent certificates.

"This update includes a critical fix to an industry-wide issue. These third-party digital certificates are used to access popular web sites and email portals," the firm said.

"This update moves the affected certificates to the 'Untrusted Publishers' certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used."

No specific dates were given on when the update might be available, but a Windows Phone 7 device in the V3.co.uk offices does not say that it needs updating at present.

Microsoft will be hoping that the patch does not cause any issues after earlier updates designed to prepare phones for the first notable update, NoDo, caused some devices to brick.