Reviews:
 ·Zen Internet
| Security Advisory 2755801 addresses Adobe Flash Player issue Security Advisory 2755801 addresses Adobe Flash Player issues - MSRC - Site Home - TechNet Blogs: » blogs.technet.com/b/msrc/archive···ues.aspxToday we released Security Advisory 2755801 » technet.microsoft.com/en-us/secu···/2755801that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection. We recognize there has been some discussion about our update process as it relates to Adobe Flash Player. Microsoft is committed to taking the appropriate actions to help protect our customers and we are working closely with Adobe to deliver quality protections that are aligned with Adobe’s update process. With respect to Adobe Flash Player in Internet Explorer 10, customers can expect the following: * On a quarterly basis when Adobe normally issues Flash Player updates, we will coordinate on disclosure and release timing. * When the threat landscape requires action outside of Adobe’s normal update cadence, we will also work to align our release schedules. For example, this may mean that in some cases we will issue updates outside of our regular monthly security bulletin release. As always, we recommend customers visit the Advisory for more information and make sure the update is deployed as soon as possible to help ensure that they are protected. Yunsun Wee Director Microsoft Trustworthy Computing --
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
|
|
| Are the IE and Adobe Flash teams employing trained monkeys to write their code? You have to wonder with all the vulnerabilities popping up these days. Let's not even mention the disaster that is Java...
--
Mischel Internet Security - Developer of TrojanHunter |
|
| please be assured that the Microsoft security team work extremely hard in a very challenging environment
as do the security teams at adobe and Java |
|
| said by NICK ADSL UK:please be assured that the Microsoft security team work extremely hard in a very challenging environment
as do the security teams at adobe and Java
Hold the kids writing the original swiss-cheese code and their managers responsible and see what happens. Or better yet, roll back the laws that exempt these companies from liability for damage caused by their defective code.
It *is* possible to write software that doesn't require multiple updates/month to patch gaping security holes. These companies have just chosen not to do so, Adobe and Oracle in particular. |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
·CenturyLink
| reply to MagnusM
said by MagnusM:Are the IE and Adobe Flash teams employing trained monkeys to write their code?
An infinite number of untrained ones I believe.
They're also writing the complete works of Shakespeare.
--
Don't feed trolls--it only makes them grow! |
|
| reply to NICK ADSL UK
i think the OP should have been titled "IE 10 updated" (to account for IE 10's out-dated version of "flash player" )..
also, i wouldn't say it was a flash player issue.. it was a IE 10 issue, with its using an out-dated version of "flash player".. |
|
| reply to NICK ADSL UK
The problem at all of these companies is that they don't care. They just don't care. If there's a vulnerability it doesn't affect them personally. Responsibility gets diluted into the juggernaut that is the "development team". Memos get written on "code review practices". Seminars are held on "best practices". And then all it takes is a newly employed C++ coder who screws up a malloc() call and you have a zero-day exploit waiting for the next Chinese hacker to find and exploit it.
Either you choose to use a programming language that enforces type safety and range checking of buffers so that these kind of exploits cannot happen. Or you choose to use an unsafe language such as C/C++. But then you'd better make damn sure that every character you type into the editor window gets triple-checked for vulnerabilities and that there's responsibility associated with screwing up. Sadly, most of these companies completely disregard all three points.
--
Mischel Internet Security - Developer of TrojanHunter |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | That is all true. Another problem is that schedules are so tight these days that not enough testing (by the programmer or QA if that even exists) is done.
--
Don't feed trolls--it only makes them grow! |
|
 Woody79_00I run Linux am I still a PC?Premium
join:2004-07-08
united state | agreed
Last night i was finally fed up with Java and removed it all together, tonight im uninstalling Flash permanently. This is getting insane.
Youtube and Dailymotion have HTML5 video, outside of that Flash is used for annoying advertisements anyways...see Yahoo's homepage and their fullscreen garbage = flash.
Good job Adobe....you rushing around has turned you into the worst track record when it comes to security with Oracle not far behind.
I will give MS credit though, they have come a long way since 2004...Microsoft has improved by leaps and bounds and continues to do so in terms of security....still not perfect mind you, but they are alteast putting forth a concerted effort to do so and it shows. |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
| reply to StuartMW
said by StuartMW:That is all true. Another problem is that schedules are so tight these days that not enough testing (by the programmer or QA if that even exists) is done.
I wonder which software companies are doing the best these days.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
1 edit | reply to Woody79_00
said by Woody79_00:Last night i was finally fed up with Java and removed it all together, tonight im uninstalling Flash permanently woody, i hate to see you doing that to yourself, dumping "flash player".. i don't see why you think it is necessary to dump it..
i like using "flash player" and, if there are any updates for it, i don't mind installing them..
i can understand not using "java", not unless it is absolutely necessary.. |
|
 rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA | reply to NICK ADSL UK
Thnaks. This is why I come here.
--
It is easier for a camel to put on a bikini than an old man to thread a needle. |
|
 Cartel
join:2006-09-13
Chilliwack, BC
kudos:2
·TekSavvy DSL
·Shaw
·TELUS
| reply to NICK ADSL UK
|
|
scross
join:2002-09-13
Cordova, TN | reply to NICK ADSL UK
said by NICK ADSL UK:please be assured that the Microsoft security team work extremely hard in a very challenging environment
as do the security teams at adobe and Java
The Microsoft ecosystem is fundamentally flawed from a security and stability perspective. Always has been; always will be. The sooner we start abandoning it in large numbers, the better! |
|
 Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:2
1 edit | reply to NICK ADSL UK
null redacted |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10 | reply to Cartel
Re: Security Advisory 2755801 addresses Adobe Flash Player issue Wow. 
That is just awesome.  |
|
