Well, we’ve arrived at where we’ve been trying to get to for some time. That is to say that we now have the ability to release security advisories for Windows CE & Windows Mobile after working through the accepted responsible disclosure process with Microsoft. It hasn't been easy, with us initially reporting issues back in February 2006, but we’ve finally got here. This really marks a milestone for COTS mobile platforms even though we did achieve something similar back in 2003 with Nokia and their proprietary OS and recently with Palm OS, but getting vendor responses on mobile security issues (with maybe the exception of RIM) has historically been hard work.
A quick thanks to all those involved here at Symantec: Katie (before she left), Tyler, as well as the folks over in Microsoft’s community outreach, MSRC, and the Mobile and Embedded teams. Anyway, the advisories can be found on the Symantec Vulnerability Research site – a total of five will be released in this batch. For more details on the challenges of actually getting the patches deployed have a look at my recent blog on the subject.