Microsoft released the first security update for Windows Phone 7, replicating for smartphone users a patch the company gave Windows desktop users six weeks ago. When the update will actually reach users is unclear.

"At the time of release, the update is not available for all Windows Phone 7 customers," Microsoft said in a security advisory . "Instead, customers will receive an on-device notification once the update is available for their phone."

The update is designed to blacklist nine digital certificates acquired by a hacker in March from Comodo, one of many companies that issues SSL (secure socket layer) certificates.

"This update moves the affected certificates to the 'Untrusted Publishers' certificate store on Windows Phone, which helps ensure that these fraudulent certificates are not inadvertently used," Microsoft said in an explanation on its Windows Phone update history Web page.

Shortly after Comodo acknowledged the attack, an Iranian claimed responsibility for hacking into the company's network and making off with the certificates.

On March 23, Microsoft updated Windows XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 to add the stolen certificates to each operating system's blacklist. Google and Mozilla had updated their Chrome and Firefox browsers earlier.

Microsoft did not respond to questions, including why the Windows Phone 7 update was released six weeks after the Windows desktop patch.

In a blog post, a Microsoft executive said the update would not reach all Windows Phone 7 users immediately, ComputerWorld reported.