As reported earlier, Microsoft has begun to push out a Windows Phone 7 security update. The security patch blocks a number of fraudulent third-party digital certificates. Update 7.0.3292 provides the following:
This update includes a critical fix to an industry-wide issue with nine untrusted digital certificates that were issued by one root certificate authority. These third-party digital certificates are used to access popular websites and email portals. Although this is not a Microsoft security vulnerability, these untrusted certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browser users. This update moves the affected certificates to the “Untrusted Publishers” certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used.
Users will receive an OTA notification but will need to sync with the Zune client software to receive the security update.