Microsoft Almost Ready to Patch Dangerous Windows Phone Flaw

From DailyTech: While no known exploits are currently in the wild, Microsoft Corp.'s (MSFT) smartphone OS du jour, Windows Phone, reportedly has a whopper of a security flaw in its messaging hub application. The flaw allows a malicious attacker to use malformed messages to not only brick the phone, but to semi-permanently kill the messaging hub, even in a salvage scenario.

Microsoft was pretty proactive on this one, it appears. Within days of the story hitting the press, it had contacted the hacker/security-expert who discovered the flaw -- Khaled Salameh -- and set to work determining the extent of the problem and diagnosing it.

Now Mr. Salameh reports via Twitter that Microsoft let him know that they feel they have the problem fully understood and are testing a patch. By the sound of it, that patch could be just days away from going live.

It's nice to see Microsoft taking such a proactive approach, particularly for an exploit that's not even being actively attacked in the wild yet. But that's not exactly surprising -- unlike some companies that try to dupe their customers into a false sense of security, Microsoft has been leading the way in terms of pushing hard to respond quickly to threats and be honest in its threat disclosure policy.

View: Article @ Source Site