A vulnerability in Microsoft’s Windows Mobile operating system could allow a remote attacker to compromise your phone or other devices.
Read More , Microsoft released a security advisory Wednesday for vulnerabilities related to Windows Phone 8 and Windows Phone 9.
The issue is present in Windows Phone 7.5, 7.6, 7, 8, and 8.1.
The most notable issue is the “Mobile Device Administrator” feature.
By using this feature, a user can remotely access the phone’s “Phone Manager” function and install a malicious app.
That’s because when a user opens the Phone Manager app, the “Secure Mobile Device Administrator Password” is stored in the user’s clipboard.
If an attacker can gain remote access to the clipboard, the attacker could install the malicious app by opening the application in a web browser on the device, then visiting the “PhoneManager” app’s “Downloads” page.
This is then followed by the malicious code running on the phone.
The malicious code can then execute commands on the compromised phone’s internal memory and perform actions that can cause the phone to crash.
Microsoft said in a blog post that the Mobile Device Administration feature was implemented to protect users against possible attacks by a malicious application that could exploit a weakness in the operating system.
Microsoft said it’s “actively investigating” the issue and has notified affected users.
While Microsoft is aware of the vulnerability, it recommends that users update to Windows 10 and the Windows Phone Store before updating their phones.