Microsoft's Windows Phone 7's First-Ever Security Update

 
 
By Nicholas Kolakowski  |  Posted 2011-05-04 Email Print this article Print
 
 
 
 
 
 
 

Microsoft has issued its first-ever security update for Windows Phone 7, an expansion of a security advisory for Windows.

Microsoft has issued a first-ever security update for Windows Phone 7.

Back in March, attackers requested nine valid digital certificates from Comodo, an entity that issues SSL (Secure Sockets Layer) certificates, and managed to receive one before the account was shut down. Comodo said it noted no attempts to use the certificates, which could have been used to perform phishing attacks, spoof content or perform malicious "man in the middle" operations against Web browser users.

Considering how one of the certificates affected the login.live.com property owned by Microsoft, Redmond executives issued a security advisory March 23. At the time, Microsoft targeted the update at Windows users, but is now expanding beyond desktop and laptop software to its mobile products: Windows Phone 7, Windows Mobile 6.x, Zune and Kin.

"An update to help address this issue is available for all supported releases of Windows and is beginning to be delivered to Windows Phone 7 customers," reads Microsoft's security advisory, updated May 3. "Customers will receive an on-device notification once the update is available for their phone." In order to install the update, Windows Phone 7 users will need to connect their device to a PC or Mac.

Bad players can use fraudulent certificates to a number of ends, including redirecting users to malicious Websites. Once a user is "snagged" on those sites, they could be manipulated into downloading Trojans or key-loggers, or have arbitrary code injected into the browser. The domains targeted in the original Comodo attack-which included Websites owned by Google, Yahoo and Skype-could also be used by a government attempting surveillance on dissidents.  

Microsoft had previously issued two major updates for Windows Phone 7, neither having to deal with security. In February, the company rolled out a minor infrastructure update designed to pave the way for future software upgrades. However, a number of users reported the update stalled their smartphones, kicking off a week of damage control on Microsoft's part.

In the wake of that, Microsoft proceeded more cautiously with its larger "NoDo" update, which included faster application-loading and cut-and-paste functionality. It issued charts detailing the update status for Windows Phone 7 smartphones in the United States and around the world, the right executives gave the inevitable mea culpas, and the second go-round seemed to proceed a little more smoothly-except for some Samsung device owners continuing to report issues.   

Although Microsoft is pouring hundreds of millions of dollars into its smartphone efforts, it could face an uphill battle in terms of consumer adoption, at least according to new data from The Nielsen Company.

According to a recent Nielsen survey, for the period between January and March, some 31 percent of consumers indicated they wanted an Android smartphone as their next device; Apple's iOS scored 30 percent, and RIM's BlackBerry came in third with 11 percent. Windows Mobile/Windows Phone 7, however, trailed with 6 percent-a downtick from the 7 percent reported in Nielsen's last survey, which took place between July and September 2010.

 


 
 
 
 
Nicholas Kolakowski is a staff editor at eWEEK, covering Microsoft and other companies in the enterprise space, as well as evolving technology such as tablet PCs. His work has appeared in The Washington Post, Playboy, WebMD, AARP the Magazine, AutoWeek, Washington City Paper, Trader Monthly, and Private Air. He lives in Brooklyn, New York.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel