I guess, you are already familiar with the much publicized Flash exploit in Microsoft Internet Explorer. The exploit had been confirmed to exist even in the upcoming Windows 8, earlier. Once it became known widely, Microsoft stated that it wouldn’t patch the bug before late October, about the same time as Windows 8’s release. Now, the company seems to have reconsidered its decision.
In Windows 8, Microsoft has built the Flash player right into Internet Explorer 10 (IE 10), thus putting it in the OS by default. This essentially means that the security of IE 10, including security patches for Flash vulnerabilities, have to be issued by Microsoft now, and not Adobe.
In fact, Adobe had already released the patches for the eight vulnerabilities recently discovered in Flash. The fixes had been rolled out as far back as August this year. But when Windows 8 RTM was released, it was not patched.
Recently, Microsoft has released a patch for the Flash bug, which will be available to Windows 8 Release Preview users for free and will also be provided to Windows 8 RTM.
In future, Microsoft personnel promise, they would be coordinating more closely with Adobe to fix such issues without delaying things.
In this regard, the director of Microsoft’s Trustworthy Computing team, Yunsun Wee, said, “On a quarterly basis when Adobe normally issues Flash Player updates, we will coordinate on disclosure and release timing. When the threat landscape requires action outside of Adobe’s normal update cadence, we will issue updates outside of our regular monthly security bulletin release.”
The security advisory for IE 10 flash player can be found at Microsoft Security TechCenter.
Courtesy: PC World