dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1857
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

2 recommendations

Microsoft to deliver Flash update to Windows 8 shortly

Microsoft to deliver Flash update to Windows 8 users 'shortly'
Microsoft has reversed course on a decision it announced last week. According to an official statement, Windows 8 users will receive critical security updates for Flash Player "shortly." But larger questions remain.

quote:
In an e-mailed statement I received late last night, Yunsun Wee, Director of Microsoft Trustworthy Computing, said:

In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly. Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe’s as possible.
»www.zdnet.com/microsoft-to-deliv···0004039/
--
Gladiator Security Forum: www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

Windows 8 testers using Microsoft's Internet Explorer 10 browser risk running afoul of security exploits, as critical vulnerabilities in Adobe's Flash remain unresolved. Microsoft's decision to bake Flash directly into Internet Explorer 10 leaves the browser at risk: Adobe closed the security hole with a patch in August, but the browser will remain susceptible until Microsoft releases an update of their own. The flaw could cause Flash to crash, and allow an attacker to take control of a user's system. Fortunately, sidestepping it is simple: use another browser, or disable Flash. The company told ZDNet that Windows 8 won't be receiving that update until the operating system is available to the general public on October 26th.

--
siljaline

Here at Mountain View Chocolate, we’re committed to transparency and choice


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

said by siljaline:

Windows 8 testers using Microsoft's Internet Explorer 10 browser risk running afoul of security exploits, as critical vulnerabilities in Adobe's Flash remain unresolved. Microsoft's decision to bake Flash directly into Internet Explorer 10 leaves the browser at risk: Adobe closed the security hole with a patch in August, but the browser will remain susceptible until Microsoft releases an update of their own. The flaw could cause Flash to crash, and allow an attacker to take control of a user's system. Fortunately, sidestepping it is simple: use another browser, or disable Flash. The company told ZDNet that Windows 8 won't be receiving that update until the operating system is available to the general public on October 26th.

quote:
As of late last night, that decision is officially reversed.
WOW.
Up until last night it was fine for Microsoft to make the decision to just wait until Windows 8's general release date on October 26th 2012 for a patch. So did Microsoft just wake up last night deciding security was obviously important? The whole concept of Adobe allowing Microsoft to update and release Flash updates for IE10 when it wants is an absolute joke.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


FF4m3

@bhn.net

said by Dustyn:

The whole concept of Adobe allowing Microsoft to update and release Flash updates for IE10 when it wants is an absolute joke.

Adobe didn't 'allow' this. Adobe has no say in the matter. It was MS' sole decision (and still is).


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

reply to Dustyn

Protect yourself from Flash attacks in Internet Explorer

Ed Bott explains. Flash LSO's will now be delivered to you via MS with IE 10 RTM


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to FF4m3

Show me the money



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to siljaline

said by siljaline:

Protect yourself from Flash attacks in Internet Explorer

Ed Bott explains. Flash LSO's will now be delivered to you via MS with IE 10 RTM

I hope this isn't the case for IE10 on Windows 7.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


therube

join:2004-11-11
Randallstown, MD
reply to siljaline

> Flash LSO's will now be delivered to you via MS with IE 10 RTM

I don't understand?
How do LSO's play into this?
LSO's are part & parcel of Flash, whether updated or not, whether from MS or Adobe.



FF4m3

@bhn.net
reply to chachazz

Microsoft to patch Windows 8 Flash bug before OS is released:

Microsoft is now responsible [not Adobe] for releasing patches at the same time as Adobe to avoid exposing customers to attack.

Paul Henry, security and forensic analyst at Lumension, said releasing the patch before Windows 8 is on store shelves was a good precautionary move. "They're just getting ready to crank things up on that operating system and the last thing they want is to release it, have large adoption in the enterprise, and then be immediately hit with a problem due to a known third party issue," Henry said.

Another security expert bristled over Microsoft not giving an exact date for the patch release. "It's not very useful to say the patch will be out 'soon,'" said Andrew Storms, director of security operations at nCircle. "Soon could mean anything from next week to next quarter. It seems like this whole release was an unplanned after-thought; it takes me back to the bad old days when vendors didn't communicate clearly about security releases."

Microsoft said late last week that it would patch the Flash bug in IE10 when the operating system hits retail and when Windows 8-based PCs are in stores. That's set to happen Oct. 26.

Not patching beforehand meant Windows 8 would be vulnerable to attack immediately after it was generally available. In addition, systems currently running pre-release versions of the operating system were also at risk. Adobe had patched the Flash flaws in late August.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to FF4m3

said by FF4m3 :

said by Dustyn:

The whole concept of Adobe allowing Microsoft to update and release Flash updates for IE10 when it wants is an absolute joke.

Adobe didn't 'allow' this. Adobe has no say in the matter. It was MS' sole decision (and still is).

That may be... but I don't support the idea of a third party AKA: "Microsoft" only allowing users to install "Microsoft Flash" updates for Adobe Flash software. Baking Flash directly into IE10 is the dumbest idea I've ever heard of. While Microsoft is at it, why not "BAKE" in Oracle Java 7 Update 7 and have Microsoft only release updates for their shitty security riddled JRE. The updates should be allowed to be installed directly from the author/source, in this case: Adobe. Period.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


FF4m3

@bhn.net
reply to siljaline

You got it...

Microsoft confirms patch for Flash in IE10 coming soon:

Adobe responds quickly to patch identified vulnerabilities, and most Windows users are conditioned to apply security updates as they’re released, but Microsoft is responsible for updating Flash in its Web browser.

Microsoft Changes Mind; Will Patch Flash on IE 10 Before Windows 8 Ships:

Microsoft, not Adobe is responsible for security updates and must sync its updates with Adobe's to avoid exposing customers to additional risk.

Microsoft, Adobe Working to Secure Flash in IE 10:

The only way to update Flash in Windows 8 is through Windows Update. That means the job of making sure those updates get to users falls to Microsoft, which so far has not delivered.

Adobe: Flash exploits leave Windows 8 users vulnerable:

Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser.

Internet Explorer 10 to get Flash fixes after all

That left current users of the yet-to-be-officially-released OS with few alternatives; in a move borrowed from Google Chrome, Microsoft fully integrated Flash into IE10, and the browser can now only be updated by Microsoft, not Adobe.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to Dustyn

Well see how this fleshes out when IE10 goes RTM, Win 8 or Win 7. If Flash is baked in, I won't be in any huge rush to run IE 10.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to therube

LSO's are part and parcel of Adobe aka Flash, granted.
From the Ed Bott article, they will be delivered to you via MS in IE 10.

Expand your moderator at work

dfalbe

join:2007-03-11
Belleville, IL
reply to chachazz

Re: Microsoft to deliver Flash update to Windows 8 shortly

How is this any different than what Google is doing with Chrome?



FF4m3

@bhn.net

said by dfalbe:

How is this any different than what Google is doing with Chrome?

Chrome automagically pushes Flash updates to its users ASAP insuring that users have the newest version.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit
reply to dfalbe

said by dfalbe:

How is this any different than what Google is doing with Chrome?

I had the same thought but since I don't use either (or plan to) it isn't an issue for me.

IMO the practice of integrating Flash etc into the browser will be an increasing trend. Ordinary users just want their browser to work without the necessity of knowing about plug-in/extensions etc. Google started it and MS is just following IMO.
--
Don't feed trolls--it only makes them grow!


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to FF4m3

said by FF4m3 :

said by dfalbe:

How is this any different than what Google is doing with Chrome?

Chrome automagically pushes Flash updates to its users ASAP insuring that users have the newest version.

The thing with Chrome is that they do release updates for Flash very fast, if not the same day as Adobes published release date. I swear I've even seen Flash updates for Chrome that have not yet been officially released by Adobe. I can not see Microsoft doing the same here as we are all required to wait until patch Tuesday for security updates. Feel like waiting 30 days for Microsoft to update IE10 Flash after a serious vulnerability has been documented? Even though Adobe has already corrected and issued a fix for said vulnerability in every other supported browser?
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


FF4m3

@bhn.net

said by Dustyn:

said by FF4m3 :

said by dfalbe:

How is this any different than what Google is doing with Chrome?

Chrome automagically pushes Flash updates to its users ASAP insuring that users have the newest version.

The thing with Chrome is that they do release updates for Flash very fast, if not the same day as Adobes published release date.

That's a good thing.
said by Dustyn:

I can not see Microsoft doing the same here as we are all required to wait until patch Tuesday for security updates.

That's not a good thing.


kickass69

join:2002-06-03
Lake Hopatcong, NJ

1 recommendation

reply to siljaline

There's no way I'd want to use a browser with Flash baked in regardless of what it is. Convenience over security is just not how I operate.



FF4m3

@bhn.net

said by kickass69:

There's no way I'd want to use a browser with Flash baked in regardless of what it is. Convenience over security is just not how I operate.

Understandably valid concerns.

The theory is to minimize the browser's Flash vulnerability exposure by insuring that users are automatically running the newest Flash version. Flash is also integrated into the browser's native sandboxing system.

From Google:

Adobe Flash Player is directly integrated with Google Chrome and enabled by default. Available updates for Adobe Flash Player are automatically included in Chrome system updates.