Remember that Windows Phone messaging flaw that we reported on before Christmas? I’m sure you do if you’re a Windows Phone user. The good news is that Microsoft has reportedly now identified the root cause of the issue and it’s working on a fix to eliminate it. The bad news is it can’t tell us when that fix will be available, and it appears a number of its desktop applications are also at risk.
The bug allows an attacker to disable certain features — such as the Messaging Hub on a Windows Phone device — simply by sending a message to the handset or computer. Thankfully, the flaw has not been publicly disclosed, so it’s unlikely you’ll become a victim anytime soon. But it still needs to be fixed promptly.
Microsoft has now identified the root cause of the issue, and its senior product manager for Windows Phone, Greg Sullivan, confirmed in a statement to The Verge that it is working with hardware partners to issue a fix:
“We are working on an update to address the issue and will work with our partners to coordinate its release.”
Unfortunately the company has refused to provide any information on when the release might be available, and it is claimed that Windows Phone apps aren’t exclusively at risk from attack. Microsoft’s desktop apps are also affected, according to The Verge:
Microsoft is testing a fix for Windows Phone devices but is also investigating other products that could be affected. Salameh revealed to us that the following desktop applications can also crash during operation, if the same malicious string is used:
- Windows Live Messenger
- Windows Live Mail
- Silverlight based apps
- Visual Studio 2010
- Expressions Blend
- Windows Presentation Foundation based apps
As an example of how serious the bug can be, the report claims that if an attacker uses the malicious message as a status in Windows Live Messenger, then all of their contacts are blocked from signing into the service, and their desktop client will crash shortly after login.
It’s worrying to find that so many Microsoft applications are affected, and that a simple text string can cause so many issues. It’s reassuring, however, to hear that Microsoft is hard at work on a fix.
Are you worried that your Microsoft apps are at risk?
[via The Verge]