Microsoft to patch Flash hole in Windows 8 "shortly"

Microsoft has confirmed that it will deliver a security update for the bundled version of Flash Player used by Internet Explorer 10 (IE10) sooner than previously planned. In a statement sent to ZDNet, Yunsun Wee, Trustworthy Computing Director at Microsoft, said that the company is working closely with Adobe on an updated version of the Flash plugin which "will be available shortly".

The forthcoming Windows 8 comes with Internet Explorer 10, which, in turn, includes its own version of Flash Player. This arrangement relies on Microsoft's automatic updates system, Windows Update, for updating the version of Flash included in the web browser.

While Windows 8 has yet to become "generally available" (GA), Microsoft has been offering the final version of the operating system to its MSDN and TechNet subscribers since mid-August. A 90-day trial of Windows 8 Enterprise has also been available for organisations.

However, the version of Flash Player currently used by IE10 is based on Adobe Flash 11.3.372.94 from 19 July 2012, which contained multiple security vulnerabilities including several critical holes. Adobe has since closed these holes with an update to the 11.3.x branch and the release of version 11.4.402.265 at the end of August.

Microsoft had previously stated that it would only issue an update "through Windows Update in the GA timeframe" to fix the problems, but appears to have revised its plans following criticism from users already running the upcoming Windows 8 release. "Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe's as possible," said Wee. Windows 8 is scheduled for official release on 26 October.

See also:

• Microsoft's September Patch Tuesday closes important XSS holes, a report from The H.

(crve)