Early Windows 8 Users to Remain Vulnerable to Flash Exploits Until October
Contributed by: Email on 09/10/2012 03:39 PM [ Comments ]
While Windows 8 wont officially be released until Oct. 26, according to reports over the weekend, the operating system already has a handful of Flash holes that could open the system up to exploits by attackers. The problem stems from the systems browser, Internet Explorer 10, that's coming with its own integrated version of Adobes Flash Player which hasnt been updated since it was initially shipped.
That means the operating system didnt receive Adobes update last month that patched a critical vulnerability in Flash Player and a subsequent update that fixed six other bugs in the software.
According to a report in ZDNet last week, Microsoft isnt planning on patching the bug until late October, to coincide with the operating systems release. The release is being delayed until Microsoft releases Windows 8 to the public, even though it will mark a lapse of almost two months since Adobes update.
"The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe, according to a Microsoft spokesperson.
Microsoft has assumed responsibility for pushing out patches for Flash going forward since the platform is coming baked-in to the latest iteration of IE. The Flash Player guide (.PDF) for Windows 8 reminds users they cant uninstall Flash Player since its part of the browser and that patches can only be distributed through Windows Update.
While Windows 8 isnt being used on a widespread basis yet, the system is being used by members of Microsoft Developer Network (MSDN) and TechNet subscribers. A 90-day trial copy of the enterprise edition of Windows 8 RTM (release to manufacturing) was also posted online for "IT professionals interested in trying Windows 8 Enterprise on behalf of their organization" last month.
Microsoft last patched Windows 8 in July when it addressed flaws in its Consumer Preview and Release Preview of the system on Intel-based PCs.
It was discovered last week that some of those Flash flaws, in particular the CVE-2012-1535 vulnerability, have been used by the so-called Elderwood gang in a series of attack campaigns as of late.
That means the operating system didnt receive Adobes update last month that patched a critical vulnerability in Flash Player and a subsequent update that fixed six other bugs in the software.
According to a report in ZDNet last week, Microsoft isnt planning on patching the bug until late October, to coincide with the operating systems release. The release is being delayed until Microsoft releases Windows 8 to the public, even though it will mark a lapse of almost two months since Adobes update.
"The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe, according to a Microsoft spokesperson.
Microsoft has assumed responsibility for pushing out patches for Flash going forward since the platform is coming baked-in to the latest iteration of IE. The Flash Player guide (.PDF) for Windows 8 reminds users they cant uninstall Flash Player since its part of the browser and that patches can only be distributed through Windows Update.
While Windows 8 isnt being used on a widespread basis yet, the system is being used by members of Microsoft Developer Network (MSDN) and TechNet subscribers. A 90-day trial copy of the enterprise edition of Windows 8 RTM (release to manufacturing) was also posted online for "IT professionals interested in trying Windows 8 Enterprise on behalf of their organization" last month.
Microsoft last patched Windows 8 in July when it addressed flaws in its Consumer Preview and Release Preview of the system on Intel-based PCs.
It was discovered last week that some of those Flash flaws, in particular the CVE-2012-1535 vulnerability, have been used by the so-called Elderwood gang in a series of attack campaigns as of late.
Comments