Jump to content

Adobe confirms Windows 8 users vulnerable to active Flash exploits


Recommended Posts



Adobe confirms Windows 8 users vulnerable to active Flash exploits

Baked-in Flash Player in Windows 8's IE10 won't be updated until late October, says Microsoft

By Gregg Keizer

September 8, 2012 09:56 AM ET

Microsoft announced that move in late May when it launched the last public sneak-peak of Windows 8, or "Release Preview."

At the time, Dean Hachamovitch, the company's lead executive for IE, said, "By updating Flash through Windows Update, like IE, we make security more convenient for customers."

Chrome was the first -- and until Microsoft's move, the only -- browser maker to integrate Flash Player rather than rely on an external plug-in. Google has been providing updated versions of Flash Player with Chrome for more than two years, and usually refreshes its browser with Flash patches the same day that Adobe issues them to the public. In some instances, Google has actually beaten Adobe to the patch punch.

Not so with Microsoft in the case of Windows 8 RTM, or "release to manufacturing," the Aug. 1 milestone that gave the go-ahead for computer makers to start preparing new PCs and for some customers to download, install and start using the upgrade.

Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.

In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday.

Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.

Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago.

On an
, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

It was unclear what Campbell meant by "the update channel is not active," as Microsoft has patched Windows 8, most recently in July when it issued fixes to both Windows 8's Consumer Preview and Release Preview through Windows Update.


Internet Explorer 10 on Windows 8 desktop relies on a baked-in version of Flash that hasn't been updated to account for some critical bugs, including one hackers have been exploiting for weeks.

Microsoft support engineers have known of the Flash problem on Windows 8 since at least Aug. 25.

Even though users noticed last month that IE10's Flash had fallen behind Adobe's version, it wasn't until this week that ZDNet blogger Ed Bott first reported that Windows 8 users were vulnerable to attack.

This is Page One of a Two page article:



Next page

SOURCE: http://www.computerw..._Flash_exploits


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.