After Comodo issued nine fraudulent certificates affecting several domains last week, Microsoft has updated its computer platform to fix the vulnerability and is currently working on a patch for Windows Phone 7 addressing the same issues.
The information was handed out to WinRumors and Redmond confirmed that its mobile devices are vulnerable too, similar to applications and servers accessing websites affected. “Fraudulent digital certificates are not a Microsoft security vulnerability” said Bruce Cowper, Microsoft Trustworthy Computing manager. Redmond is reportedly working on a “mitigation update for Windows Phones” but no time frame for the roll-out has been mentioned.
In addition, this might be the first ever over-the-air update for Windows Phones (Redmond powered smartphones can also update OTA in addition to Zune). The Pre-NoDo and NoDo updates are being delivered via the software because of their weight but a small security patch could easily be rolled-out directly over-the-air.