Windows 8 is vulnerable to the current Flash-exploits

Posted: September 10, 2012 in Vulnerability News
Tags: , ,

Adobe FlashInternet Explorer 10 in Windows 8 is the second browser after Chrome, for which Flash Player is included in the browser automatically updates.

In theory, this should improve the safety of the users, if one of the most sensitive programs in the system will be updated automatically. But in practice, things are somewhat different.

14 and August 21, Adobe released two update for Flash Player, which cover eight vulnerabilities, some of which have a maximum risk status (“1” in the classification of Adobe). One of the vulnerabilities described in the bulletin APSB12-19, for almost two years, being exploited as effectively exploit 0-day.

A few days ago, Adobe explained that released August 14 update Flash Player does not include a patch for CVE-2012-1535, it was released on August 21. At the same time, the IE10 of Windows 8 RTM installed Flash Player version 11.3.372.94, that is, with a patch on August 14, but not on August 21. The latest version of Windows should have a number 11.4.402.265. Microsoft has simply not had rolled forward from the last patch before sending partners final release of Windows 8.

Now Adobe and Microsoft have confirmed that they can not release a patch for Flash Player IE10 until October 26, when it starts selling the new Windows 8. This is due to organizational problems: because the operating system is not yet officially released, Adobe just can not distribute the patch to users, so that it will be made after the start of sales of Windows 8.

As already mentioned, Flash Player is enabled by default in the browser IE10, so that all users of Windows 8, set itself the operating system with the new browser, will automatically become vulnerable to existing exploits, which have long been used on the Internet. The first thing you will need to make Windows 8 users – to update Flash Player. Probably, Microsoft instantly initiates the update mechanism via Windows Update. But the situation is exacerbated by the fact that Microsoft has already started trial version Windows 8 RTM on their channels, while Flash Player update will come before October 26.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s