Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Updating IE10 Flash in Windows 8 a “Good Move”

Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”

Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”

Microsoft Windows 8 Flash UpdateLast month, Adobe patched two serious vulnerabilities in its Flash Player for Windows. Since Flash Player is built in to Windows 8 much like the way Google decided to integrate the technology into its Chrome Web browser, the ball was in Microsoft’s court to fix the issues. However, Microsoft originally said that Windows 8’s official launch date was Oct. 26, and there were no plans to update the software until after launch.

This meant users who had already downloaded and installed the Windows 8 preview was vulnerable to attack. Microsoft appears to have reconsidered its decision on Tuesday.

“In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers,” Yunsun Wee, director of the Trustworthy Computing Group, said in an emailed statement. Wee did not commit to a timeline, just saying it would be available “shortly.”

Paul Henry, a security and forensic analyst at Lumension, told SecurityWeek that Microsoft’s reversing its earlier decision was “a good move.” Henry said Microsoft likely didn’t want to release the operating system and then immediately have to deal with users being affected by a known third-party issue.

“Kudos to Microsoft for rolling out a patch for a product that really has no adoption yet,” Henry said.

For the most part, users currently running Windows 8 are either early adopters or volume license customers using the operating system for testing and deployment purposes. The release to manufacturing (RTM) version of Windows 8 was released last month.

“You have to respect Microsoft quickly rolling this out while other vendors, like Apple, do nothing,” Henry said, referring to the fact that some Java vulnerabilities are still unpatched in some versions of Mac OS X. Apple users are “under the mistaken assumption” that the patch fixed both Java vulnerabilities, instead of just one, Henry added.

It’s not clear at this time if Microsoft and Adobe will be shifting their current update schedules in order to release patches closer together. Google currently pushes out its updates a day before Adobe, who usually has scheduled Flash updates on the third Tuesday of the month. Microsoft’s Patch Tuesday falls on the second Tuesday.

Advertisement. Scroll to continue reading.

“Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible,” Wee said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.