Serious Windows 8 RTM Flash flaw finally patched

Testing Windows 8 RTM? Great news! You won’t have to live with an unplugged security hole for the next four weeks. PC World reports that Microsoft has finally patched a Flash vulnerability in Internet Explorer 10. Good thing, too, because malicious hackers have reportedly been able to harness the flaw to take control of affected systems.

Adobe issued a fix for the vulnerability over a month ago, on August 21. However, Internet Explorer 10 users weren’t able to upgrade. That’s because only Microsoft can deliver updates for the version of Flash built into IE10. Microsoft stated earlier this month that it had no plans to offer such updates until Windows 8’s retail release on October 26, which would have left users vulnerable for more than two months.

Thankfully, the company changed its mind. The patch went out on Windows Update last Friday.

Windows 8 RTM, short for release-to-manufacturing, has been publicly available since mid-August. Microsoft allows users to download it, free of charge, from its MSDN Evaluation Center even if they lack an MSDN subscription. The only catch is that only evaluation licenses are available right now, and those licenses are only good for 90 days. Once the 90 days are up, users must re-install Windows 8 using a different license key.

Comments closed
    • moog
    • 7 years ago

    Woohoo! Microsoft rocks!

    • Shouefref
    • 7 years ago

    Gartner says W8 is risky business.

    • Horshu
    • 7 years ago

    That’s what they (and we) get for putting Adobe’s crap source into their own product. Flash has been buggy as hell for more than 10 years, so why on earth would anyone put faith in them to EVER learn how to release quality code?

    • oldDummy
    • 7 years ago

    Glad it was fixed.

    Back to windows 8…still not that impressed.

    • chµck
    • 7 years ago

    I read articles such as this and think to myself “Is anyone reading TR capable of exploiting this, or is it scary FUD to most/all of us?”

      • Bauxite
      • 7 years ago

      I see this BS on a daily basis, or at least M-F, its real.

      When you see a brand new IE exploit deployed the day [i<]after[/i<] patch tuesday, you know there are some crafty ****ers out there.

        • chµck
        • 7 years ago

        what’s your line of work?

      • Forge
      • 7 years ago

      Hi! Sploit sploit sploit.

      It’s lucky for you that the black fedora I loved sold out before I could get one. I had to get it in brown, which I think corresponds to grey-hat status.

    • travbrad
    • 7 years ago

    Flash IS the flaw.

      • HisDivineOrder
      • 7 years ago

      Okay, Steve Jobs.

      For the rest of us, we know that when Adobe has already released an update to patch the hole, that it’s the company dragging its heels that’s the problem. And this time, that wasn’t Adobe. It was Microsoft. If they want to integrate Flash into IE, that’s great, but they need to fully accept the responsibilities of that decision.

      And that means updating as rapidly as Adobe does. Otherwise, just let the user do it. Or they could just give the user the option while doing their own due diligence at the same time.

      • Bauxite
      • 7 years ago

      And PDF = EXE

    • Krogoth
    • 7 years ago

    Using Flash

    => 2012

    Enough said

      • MadManOriginal
      • 7 years ago

      So, trying to interpret this comment and I can come up with the following:

      1) Using Flash is ‘greater than or equal to’ 2012 (I’m not sure how Flash can be quantified, maybe it’s some of that ‘new math’)

      2) Using Flash makes a supersmiley, 2012! (like a Japanese commercial?)

      3) Krogoth is not impressed.

        • derFunkenstein
        • 7 years ago

        I think it’s an arrow. Like Flash is some sort of archery master and 2012 is about to die.

        • Krogoth
        • 7 years ago

        It is part of a stupid meme.

        => is an arrow pointing to the “2012” for emphasis.

        The joke is that flash is incredibly dated. Web developers have been trying to move away from it. Calling a security concern within it is laughable at best. The whole thing reeks of a massive PR stunt on MS’s part. I do suppose that MS wants to avoid taking the heat if they decided bury the issue under the rug and it later bites them in the butt.

          • sweatshopking
          • 7 years ago

          great PR! massive security issue that gets your system hacked!!
          MAJOR ISSUE = PROFIT FOR MS

            • derFunkenstein
            • 7 years ago

            Yeah, that’s gotta be the dumbest thing I’ve heard today.

          • derFunkenstein
          • 7 years ago

          Well you got the stupid part right.

          • Yeats
          • 7 years ago

          It appears that The Tech Report is not impressed.

          • BIF
          • 7 years ago

          [quote<]The joke is that flash is incredibly dated. [/quote<] Well, why didn't you say that to begin with? The best jokes are the ones that don't require explanation. 🙂

            • willmore
            • 7 years ago

            The joke isn’t bad just because you didn’t get it.

          • sschaem
          • 7 years ago

          Outdated ? Can you backup your claim ?

      • PixelArmy
      • 7 years ago

      Borderlands 2, ’nuff said.

      • no51
      • 7 years ago

      >2012
      >Krogoth failing at memes
      shiggitydiggitydoo

Pin It on Pinterest

Share This