Windows Phone Leaks, ASP.NET Vulnerability Marked Microsoft Week

Microsoft's week consisted of a patch for an ASP.NET vulnerability, and a blogosphere debate over how Windows Phone can gain market share.

The week between Christmas and New Year's, normally slow, was somewhat busy for Microsoft on the security front.

In the final days of 2011, Microsoft released a security update to patch an issue associated with Security Advisory 2659883. The vulnerability affects all versions of Microsoft's .NET Framework, and could allow a denial-of-service attack on servers for ASP.NET pages.

"The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision," reads the Security Advisory, published Dec. 28. "It is possible for the attacker to send a small number of specially crafted posts to an ASP.NET server, causing performance to degrade significantly enough to cause a denial-of-service condition."

The patch (MS11-100) is rated Critical for Microsoft. "We encourage affected customers to test and deploy the update as soon as possible," Dave Forstrom, director of Microsoft Trustworthy Computing, wrote in a Dec. 29 posting on the Microsoft Security Response Center blog, adding that "consumers are not vulnerable unless they are running a Web server from their computer."

Within the larger blogosphere, debate also erupted over Microsoft's Windows Phone and its chances against both Google Android and Apple's iOS, which currently dominate the mobility market.

That debate largely stemmed from a Dec. 26 blog posting by former Microsoft employee and Windows Phone evangelist Charlie Kindel, who dissected what he saw as the reasons behind Windows Phone's failure to conquer more of the smartphone market. "The device manufacturers, mobile operators, OS providers and end users operate in an overly complex virtuous cycle," he wrote. In other words, Microsoft is forced to "push hard" on carriers and other parties to produce and market the line-causing friction, and slowing overall adoption.

That posting immediately sparked discussion among analysts and pundits, including John Gruber and MG Siegler. At the same time, a leaked Windows Phone road map appeared online, purporting to trace the platform's evolution over the next year.

The road map was first posted Dec. 27 by the blog WMPoweruser, which declined to mention the source. Nonetheless, if taken at face value, the document suggests that Microsoft will follow up its recent Mango software update with additional versions aimed at the midmarket, business users and the higher-end "superphone" segment.

The second quarter of 2012, according to the road map, will see the arrival of an update labeled "Tango," which will feature "products with the best prices." This likely means Windows Phones aimed at the midmarket, with a possible stripped-down user interface to match the lower cost.

That will be followed in the fourth quarter of 2012 with "Apollo," for which the road map offers three bullet points: "increase overall volume," along with competitive "superphones" and "business." Based on that, one can infer that Microsoft intends the Windows Phone line to branch yet again, targeting both the superphone (i.e., high spec) and business markets. The "increase overall volume" could allude to Microsoft anticipating more Windows Phone units in users' hands by the end of 2012, or else the hope that smartphones loaded with some sort of Apollo software update will kick off a higher volume of sales.

Whether or not that road map proves accurate, 2012 will certainly prove a decisive year for Windows Phone.

Follow Nicholas Kolakowski on Twitter