Microsoft Patches Windows Phone Against Comodo Hack

Microsoft is rolling out updates to devices and platforms, including Windows Phone 7, affected by the fraudulent SSL certificates issued by Comodo. It is nice to see Microsoft both willing and able to get updates out to its phone platform in a timely manner. After the delays of the February 2011 update and the March NoDo update, people were beginning to wonder.
Just this week Microsoft started rolling out NoDo to the HTC Surround on AT&T and to customers of Optus in Australia. Telestra customers are in the "scheduling" phase which means they should get the update in a few days. NoDo was released in March, so for some this is coming six weeks late. 
As a result of being forced to wait by some carriers that didn't take their customers' desire for copy and paste seriously, some people took a shortcut. There was a hack (by the same people that gave us Chevron7) that would download the update directly from Microsoft, bypassing the carrier entirely. Microsoft warned that this wasn't a smart thing to do. The consequences of this rogue update process may leave the phone in an unpredictable state and prevent further updates. Turns out Microsoft was right.
The Comodo issue involved,,,, and five other popular sites. While Comodo has added the bad certificates to its certificate revocation list, Microsoft decided to patch Windows Phone 7 as well as most of its supported desktop platforms. Windows Mobile 6.x, the Kin, and all Zune devices are affected as well, but no word yet on whether or not they will get updated. 
As Microsoft began releasing the new update, dubbed 7392, it discovered that phones that had the Chevron7/NoDo hack wouldn't take the update. Their response? "We told you so" about sums it up. Honestly, I see no other reasonable response for Microsoft to make. Why should they spend any resources customizing an update to work on a device that has been hacked and configured in an unexpected way?
That said, the creators of Chevron7 developed another fix to undo the mess they made and Microsoft worked with them to verify it put the devices back the way they were so 7392, and presumably future updates, would take.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: , ,


Post a Comment

Related Posts Plugin for WordPress, Blogger...