Microsoft testing fix for Windows Phone SMS bug, desktop software not immune

Microsoft has found the root cause behind the SMS vulnerability in its Windows Phone operating system. The bug was reported earlier this month by Khaled Salameh, who found that the platform could be exploited via a malicious SMS message that forces a Windows Phone device to reboot and then disables its messaging hub.

Although it's good that Microsoft has found a fix for the bug in Windows Phone devices, the exploit may also affect its other applications. So far it's known to work not only through SMS messages but also through Facebook chat or Windows Live Messenger. The malicious code could be used to crash Windows Live Messenger in a way that would prevent all your contacts from signing in.

Microsoft is still investigating its other products that may be affected, including its desktop applications. Salameh revealed that the following applications are vulnerable to the SMS attack string: Windows Live Messenger, Windows Live Mail, Silverlight-based apps, Visual Studio 2010, Expressions Blend, and Windows Presentation Foundation-based apps.

[via The Verge]