Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”
Last month, Adobe patched two serious vulnerabilities in its Flash Player for Windows. Since Flash Player is built in to Windows 8 much like the way Google decided to integrate the technology into its Chrome Web browser, the ball was in Microsoft’s court to fix the issues. However, Microsoft originally said that Windows 8’s official launch date was Oct. 26, and there were no plans to update the software until after launch.
This meant users who had already downloaded and installed the Windows 8 preview was vulnerable to attack. Microsoft appears to have reconsidered its decision on Tuesday.
“In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers,” Yunsun Wee, director of the Trustworthy Computing Group, said in an emailed statement. Wee did not commit to a timeline, just saying it would be available “shortly.”
Paul Henry, a security and forensic analyst at Lumension, told SecurityWeek that Microsoft’s reversing its earlier decision was “a good move.” Henry said Microsoft likely didn’t want to release the operating system and then immediately have to deal with users being affected by a known third-party issue.
“Kudos to Microsoft for rolling out a patch for a product that really has no adoption yet,” Henry said.
For the most part, users currently running Windows 8 are either early adopters or volume license customers using the operating system for testing and deployment purposes. The release to manufacturing (RTM) version of Windows 8 was released last month.
“You have to respect Microsoft quickly rolling this out while other vendors, like Apple, do nothing,” Henry said, referring to the fact that some Java vulnerabilities are still unpatched in some versions of Mac OS X. Apple users are “under the mistaken assumption” that the patch fixed both Java vulnerabilities, instead of just one, Henry added.
It’s not clear at this time if Microsoft and Adobe will be shifting their current update schedules in order to release patches closer together. Google currently pushes out its updates a day before Adobe, who usually has scheduled Flash updates on the third Tuesday of the month. Microsoft’s Patch Tuesday falls on the second Tuesday.
“Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible,” Wee said.
More from Fahmida Y. Rashid
- Emissary Panda Hackers Get Selective in Data Heists
- Financial Firms Embrace Cloud With Encryption, Tokenization: Report
- United Airlines Hack Highlights Need for Improved Information Sharing
- CISOs Challenged in C-Suite: Report
- Cyber Attack on Power Grid Could Top $1 Trillion in Damage: Report
- Dyre Malware Gang Targets Spanish Banks
- Ex-employees Have “Easy” Access to Corporate Data: Survey
- Leaked Government Credentials Abundant on Public Web
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
