Connect with us

Hi, what are you looking for?



Microsoft Updating IE10 Flash in Windows 8 a “Good Move”

Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”

Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”

Microsoft Windows 8 Flash UpdateLast month, Adobe patched two serious vulnerabilities in its Flash Player for Windows. Since Flash Player is built in to Windows 8 much like the way Google decided to integrate the technology into its Chrome Web browser, the ball was in Microsoft’s court to fix the issues. However, Microsoft originally said that Windows 8’s official launch date was Oct. 26, and there were no plans to update the software until after launch.

This meant users who had already downloaded and installed the Windows 8 preview was vulnerable to attack. Microsoft appears to have reconsidered its decision on Tuesday.

“In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers,” Yunsun Wee, director of the Trustworthy Computing Group, said in an emailed statement. Wee did not commit to a timeline, just saying it would be available “shortly.”

Paul Henry, a security and forensic analyst at Lumension, told SecurityWeek that Microsoft’s reversing its earlier decision was “a good move.” Henry said Microsoft likely didn’t want to release the operating system and then immediately have to deal with users being affected by a known third-party issue.

“Kudos to Microsoft for rolling out a patch for a product that really has no adoption yet,” Henry said.

For the most part, users currently running Windows 8 are either early adopters or volume license customers using the operating system for testing and deployment purposes. The release to manufacturing (RTM) version of Windows 8 was released last month.

“You have to respect Microsoft quickly rolling this out while other vendors, like Apple, do nothing,” Henry said, referring to the fact that some Java vulnerabilities are still unpatched in some versions of Mac OS X. Apple users are “under the mistaken assumption” that the patch fixed both Java vulnerabilities, instead of just one, Henry added.

Advertisement. Scroll to continue reading.

It’s not clear at this time if Microsoft and Adobe will be shifting their current update schedules in order to release patches closer together. Google currently pushes out its updates a day before Adobe, who usually has scheduled Flash updates on the third Tuesday of the month. Microsoft’s Patch Tuesday falls on the second Tuesday.

“Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible,” Wee said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.