Internet Explorer 10's bundled Flash leaves users exploitable

Ink · Sep 6, 2012

Early users of Windows 8's built-in Internet Explorer may find themselves at risk of exploitation via the Flash plugin, as the version included with Windows 8 is out of date. Adobe patched Flash on August 21 to resolve known security flaws, but the patch can't be applied to Internet Explorer 10.

Internet Explorer 10 bundles Adobe Flash, with Microsoft taking on responsibility for shipping updates to the integrated plugin. One repercussion of this arrangement is that Adobe's patches and autoupdate mechanism can't be used; they can update the standalone version used by Firefox, but not the embedded version in Internet Explorer. The same is true of Chrome; it includes an embedded version of Flash, and the only way to update that is with a Chrome update. Adobe's updater can't touch it.

There has been some chatter on Twitter about this issue since Adobe shipped its most recent patch. Ed Bott at ZDNet asked Microsoft about the issue, and was told:

We will update Flash in Windows 8 via Windows Update as needed. The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe.

"GA" means general availability; it refers to the October 26th date when Windows 8 will go on sale through retail channels. There is a contradiction implicit in this statement; Flash in Windows 8 needs an update now, so plainly Microsoft is not updating it "as needed."

Source

They should have made Adobe Flash Player for IE10 available from the Windows Store. Quite disappoint to say the least, but most would switch to their preferred browser, hopefully.

HeffeD · Sep 6, 2012

Yes, that is more than a little disconcerting...

samit · Sep 6, 2012

Only metro version of IE10 comes with inbuilt Adobe Flash Player....but for desktop version of IE10, Adobe Flash Player should be installed separately right!!!......correct me if I am wrong....

madyrocksin · Sep 8, 2012

New things will always have holes to exploit !!

InternetChicken · Sep 8, 2012

Nice , Windows 8's built-in Internet Explorer , holes already, Microsoft lol ,
Why am I not surprised by this .

WinAndLinuxTutorials · Sep 8, 2012

samit said:
Only metro version of IE10 comes with inbuilt Adobe Flash Player....but for desktop version of IE10, Adobe Flash Player should be installed separately right!!!......correct me if I am wrong....

No, it wasnt allowing me to install it on the desktop version either.
Microsoft seems to be a security risk by itself.

HeffeD · Sep 8, 2012

madyrocksin said:
New things will always have holes to exploit !!

It's not so much that its new, it's the fact that Microsoft doesn't see the need to update it that is concerning... :s

InternetChicken · Sep 8, 2012

HeffeD is right Microsoft as usual have their head in the clouds again,
and the best interests of windows user's at heart , again .....

Ink · Sep 9, 2012

I always forget about that. IE10 Metro has Enhanced Protection Mode enabled too, should that prevent anything?

samit said:
Only metro version of IE10 comes with inbuilt Adobe Flash Player.

DeadDrop · Sep 9, 2012

Why does everything come with flash these days? Flash in IE10 = so many holes like swiss cheese.

Search

Internet Explorer 10's bundled Flash leaves users exploitable

Ink

Administrator

HeffeD

Level 1

samit

Level 12

madyrocksin

New Member

InternetChicken

New Member

WinAndLinuxTutorials

Level 4

HeffeD

Level 1

InternetChicken

New Member

Ink

Administrator

DeadDrop

New Member

Similar threads