Microsoft has identified the root cause of an SMS bug in its Windows Phone software. The bug, reported to the company in December by Khaled Salameh, allows malicious SMS messages to force devices to shutdown and disable access to the messaging hub upon reboot. The flaw has not yet been publicly disclosed.
Microsoft is testing a fix for Windows Phone devices but is also investigating other products that could be affected. Salameh revealed to us that the following desktop applications can also crash during operation, if the same malicious string is used:
- Windows Live Messenger
- Windows Live Mail
- Silverlight based apps
- Visual Studio 2010
- Expressions Blend
- Windows Presentation Foundation based apps
The Windows Live Messenger crash prevents all your contacts from signing in to Messenger, if the text is used as a status message. Malicious users could effectively block their friends from signing into Windows Live Messenger as the desktop client will crash shortly after login. Despite the additional software affected, it's good to hear Microsoft has identified a fix on the Windows Phone side, and is currently in the testing phase.
Update: Microsoft's Greg Sullivan, senior product manager of Windows Phone, has confirmed that the company is working with device partners to issue a fix, but refused to reveal any timings for its release. "We are working on an update to address the issue and will work with our partners to coordinate its release," said Sullivan in a statement issued to us on Thursday.