Windows 8 will get IE10 Flash security fix two months late

by Mark Tyson on 6 September 2012, 15:45

Tags: Windows 8, Adobe (NASDAQ:ADBE), Symantec (NASDAQ:SYMC), McAfee (NASDAQ:INTC)

Quick Link: HEXUS.net/qablyf

Add to My Vault: x

Early Windows 8 adopters are exposing their soft underbellies to browser based malware attacks which exploit known Flash plugin vulnerabilities. Ed Bott, writing on ZDNet says that Microsoft is yet to release a Flash update for Internet Explorer 10, which must come through Windows Update. Adobe updated its Flash player on 21st August because of “Priority 1” vulnerabilities and recommended users updated their systems within 72 hours.

With IE10 on Windows 8, Microsoft decided to build Flash player into the browser as a component thus enabling Flash content playback within a “box fresh” browser. Google does the same with Chrome and Flash updates are handled by the automatic browser updates. But it seems like, in Windows 8, Microsoft just hasn’t turned on the tap yet.

Mr Bott asked Microsoft about the availability of an update for the currently vulnerable IE10 and got the following response: “Security is of course important to us, and we are working directly with Adobe to ensure that Windows 8 customers stay secure. We will update Flash in Windows 8 via Windows Update as needed. The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe.” GA refers to general availability meaning 26th October. The ZDNet article notes that when using the Modern UI version of IE10 “Flash is completely blocked from all but a handful of whitelisted sites. But the desktop version of IE 10 is wide open”.  So if you are a Windows 8 pioneer it’s best to disable the built-in Flash player for now through the Manage Add-ons menu options.

More Windows 8 security titbits

Symantec yesterday released new versions of Norton AntiVirus, Norton Internet Security and Norton 360 optimised for the Windows 8 desktop environment. These new apps will be followed up with “Modern” style apps in late October. The Modern apps will be available from the Windows Store around the time of Windows 8 general availability, initially for free.

Talking to Greg Keiser of PCAdvisor the Symantec senior director of product management, Gerry Egan, said there are a lot of myths going around about how secure Windows 8 is. “We're just not seeing any significant improvements in Windows 8 security ... it doesn't move the needle much” he continued to explain, “It's partially true that Windows 8 is more secure, but underneath is a traditional Windows-Intel desktop, which is backward compatible with both the good code and the bad.” Mr Egan said the new Norton security products add much more value above and beyond the built in Windows Defender.

Win 8 Ripoff System

You might not be surprised that, even before GA, malware writers are already targeting Windows 8 users. McAfee recently came across a fake antivirus tool called “Win 8 Security System” which looks for payment for fixing problems that, in reality, don’t exist. It’s an old ploy on a new OS.



HEXUS Forums :: 11 Comments

Login with Forum Account

Don't have an account? Register today!
Might as well blocked flash in windows 8…..they probably will on the mobile version that is the main driving force.
All passengers should be advised; the Windows 8 flight is encountering more turbulence. Captain Microsoft is checking the altimeter - because this is beginning to look like an October crash landing!
What a non story.

Its not released yet, only RTM, its not ment for anything beyound evaluation on the license I have.

If your in Metro, most sites can't access flash anyway.

The people criticising the security in windows 8, are the same firm which complained against 64bit security measures in Longhorn. I mean their credability is null.

Meanwhile, people in the Java world running on ‘supported’ versions of OSX are two months behind on a flaw that is exploited in the wild.
Agreed TheAnimus - until GA I think we should cut MS a break - after all it's only out there for testing purposes in effect. There have been no updates for it as yet and the help isn't finished either..
I'd rather have a virus over Norton.