Microsoft has released Update 7.0.7392.0 for its Windows Phone 7 users. While its delivery is being phased out, at different times in different regions, I received the update notification today, when I connected my Windows Phone to my laptop.
This update is a fix for fraudulent third-party digital certificates. This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority.
These third-party digital certificates are used to access popular websites and email portals.
Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users.
This update moves the affected certificates to the “Untrusted Publishers” certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used.
For more details about this WP7 security update, go here.