Windows 8 RTM vulnerable to Flash flaw

Running the RTM (or release-to-manufacturing) version of Windows 8? You just might be, given that Microsoft made it publicly available last month. Perhaps you should hold off on your trailblazing for a little while, though.

As ZDNet's Ed Bott reports, the version of Adobe Flash built into Internet Explorer 10 suffers from a serious security vulnerability. The vulnerability "could cause a crash and potentially allow an attacker to take control of the affected system," according to Adobe.

That wouldn't be a problem with past versions of IE, because you could just grab the latest Flash plug-in and be on your way. However, Flash is built right into IE10. Only Microsoft can deliver updates, and it doesn't seem to be doing that right now. Here's what the company told Bott:

Security is of course important to us, and we are working directly with Adobe to ensure that Windows 8 customers stay secure. We will update Flash in Windows 8 via Windows Update as needed. The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe.

"GA" means "general availability," which is shorthand for Windows 8's October 26 release date. In other words, don't expect IE10's Flash hole to be plugged until then.

Now, Bott rightfully points out that the version of Windows 8 RTM available from Microsoft's MSDN Evaluation Center is for testing purposes only. You're not supposed to install it on production hardware, and the license key has an expiration date, anyway. That said, it seems a little strange that Microsoft is leaving testers and developers vulnerable to a serious security issue—one Adobe has already patched, to boot.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.