Microsoft advises that a cryptographic problem (http://technet.microsoft.com/en-us/security/advisory/2876146) in the PEAP-MS-CHAPv2 (http://technet.microsoft.com/en-us/library/cc779326(v=ws.10).aspx) protocol used in Windows Phone 8 to provide WPA2 authentication allows a victim's encrypted domain credentials to be collected by an attacker posing as a typical WiFi access point. Redmond further states that this problem cannot be patched, although a set of manually entered configuration changes involving root certificates on all WP8 phones and on WiFi access points will apparently address the issue. WP7.8 phones are likewise vulnerable."

http://mobile.slashdot.org/story/13/08/08/1313228/ms-windows-phone-8-wi-fi-vulnerable-cannot-be-patched