Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Updating IE10 Flash in Windows 8 a “Good Move”

Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”

Microsoft has reversed its earlier stance and promised an update to Flash for Windows 8 users “shortly.”

Microsoft Windows 8 Flash UpdateLast month, Adobe patched two serious vulnerabilities in its Flash Player for Windows. Since Flash Player is built in to Windows 8 much like the way Google decided to integrate the technology into its Chrome Web browser, the ball was in Microsoft’s court to fix the issues. However, Microsoft originally said that Windows 8’s official launch date was Oct. 26, and there were no plans to update the software until after launch.

This meant users who had already downloaded and installed the Windows 8 preview was vulnerable to attack. Microsoft appears to have reconsidered its decision on Tuesday.

“In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers,” Yunsun Wee, director of the Trustworthy Computing Group, said in an emailed statement. Wee did not commit to a timeline, just saying it would be available “shortly.”

Paul Henry, a security and forensic analyst at Lumension, told SecurityWeek that Microsoft’s reversing its earlier decision was “a good move.” Henry said Microsoft likely didn’t want to release the operating system and then immediately have to deal with users being affected by a known third-party issue.

“Kudos to Microsoft for rolling out a patch for a product that really has no adoption yet,” Henry said.

For the most part, users currently running Windows 8 are either early adopters or volume license customers using the operating system for testing and deployment purposes. The release to manufacturing (RTM) version of Windows 8 was released last month.

“You have to respect Microsoft quickly rolling this out while other vendors, like Apple, do nothing,” Henry said, referring to the fact that some Java vulnerabilities are still unpatched in some versions of Mac OS X. Apple users are “under the mistaken assumption” that the patch fixed both Java vulnerabilities, instead of just one, Henry added.

It’s not clear at this time if Microsoft and Adobe will be shifting their current update schedules in order to release patches closer together. Google currently pushes out its updates a day before Adobe, who usually has scheduled Flash updates on the third Tuesday of the month. Microsoft’s Patch Tuesday falls on the second Tuesday.

Advertisement. Scroll to continue reading.

“Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible,” Wee said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.