Microsoft has confirmed that a flaw that allows a malicious SMS to reboot the device and disable messaging services is legitimate. Greg Sullivan, Senior product manager for the Windows Phone division at Microsoft, indicated that Microsoft is already investigating:
“We are aware of the issue and our engineering teams are examining it now. Once we have more details, we will take appropriate action to help ensure customers are protected.”
There is no word on when a fix will be available and how it will be deployed (I expect it would be OTA though).