Microsoft’s week was all about mobile: patches, alliances and snafus.
On May 3, the company issued its first-ever security advisory for Windows Phone 7, related to fraudulent SSL (Secure Sockets Layer) certificates. Back in March, attackers requested nine digital certificates from Comodo, an entity that issues them, and managed to retrieve one before the account was shut down. At the time, Comodo said it noted no attempts to use the certificates, which could have been leveraged in phishing attacks, spoof content or to perform malicious “man in the middle” operations against Web-browser issues.
Microsoft had issued a security advisory over the fraudulent certificates March 23, originally targeting the patch at Windows users, before expanding it to mobile products: Windows Phone 7, Windows Mobile 6.x, Zune and Kin.
Microsoft had previously issued two major updates for Windows Phone 7, neither of which dealt with security. Following February’s minor infrastructure update, designed to “pave the way” for future software upgrades, the company issued its much-larger “NoDo” update with code tweaks and cut-and-paste functionality.
However, some users became frustrated at the slowness of those updates actually reaching their Windows Phone 7 devices, and took matters into their own hands with a homebrew solution that downloaded the updates ahead of their official push-out.
This week, those users encountered an issue related to this newest security patch.
“Despite the fact that many people have claimed that an unofficial update mechanism worked fine for them,” Brandon Watson, Microsoft’s director of developer experience for Windows Phone 7, wrote in a May 4 posting on The Windows Blog, “we cautioned that phones which were updated via this method were not going to be able to update past [NoDo].”
For those who used the homebrew method, he added, “the rubber meets the road today.” For those whose smartphones refuse to update, “you will most likely have to return to a store and submit your phone for a manufacturing return.”
Although Watson doesn’t mention the specific “unofficial update mechanism” by name, it’s almost certainly a reference to the ChevronWP7.Updater created at the beginning of April by developer Chris Walsh.
However ironically, three days after releasing ChevronWP7.Updater to the world, Walsh asked people to avoid using his program. “I was later informed by Microsoft that there were several problems with my tool and the manner in which it changes phones,” he wrote on his blog.
To his credit, Walsh became instantly proactive with this latest issue, asking in a May 4 blog post that users who’d “Walshed” their devices post their phone make and model, information from settings and their carrier. “Personally, Zune updated 3 -Walshed’ phones to [the security update] just fine this morning,” he wrote. “If you’ve posted below with your details … I will be in contact with you with a solution to fix it.”
Microsoft’s Watson, meanwhile, seemed open to the prospect of Walsh’s solution. “The creators of this tool are a clever bunch,” he wrote, “and wanted to get a timely fix created for customers who have put their phones into this state … we will work with them to validate their solution and applaud the team for taking responsibility to do this.”
On a more strategic level, though, Microsoft’s biggest news of the week came during Research In Motion’s BlackBerry World conference in Orlando, Fla., where Microsoft CEO Steve Ballmer took the stage to announce yet another partnership between the two companies.
“While Microsoft will support the top phone platforms with our cloud services,” he told the audience, “we’re going to invest uniquely in the BlackBerry platform in addition to our own Windows Phone platform.”
That means, apparently, that Bing will become the “preferred” search and maps application for BlackBerry. Closer to the end of 2011, Bing will be more deeply integrated on the BlackBerry operating-system level, making it a core component of RIM’s devices.
Microsoft and RIM already have an agreement to port the former’s cloud services, notably Office 365, onto BlackBerry and the new PlayBook tablet, with RIM’s BlackBerry Servers connecting “cloud to cloud” with Microsoft’s data centers to host Office 365 data on users’ servers.
With its RIM deal, Microsoft follows a pattern already established with companies like Yahoo and Nokia, both of which use a Microsoft platform (Bing in the former’s case, Windows Phone 7 in the latter’s future) to power some fundamental aspect of their business. Such deals allow Microsoft to gain many of the benefits of a merger at a fraction of the cost.
Ballmer’s appearance immediately set tongues wagging that Microsoft will attempt to acquire RIM. Such an idea has been floated before. However, RIM’s and Microsoft’s respective smartphone platforms remain in direct competition with one another, raising sticky questions about how-in the event it takes over RIM-Microsoft would even begin to digest its new assets.