IE 10 Users on Windows 8 May Be at Risk from IE's Embedded Flash Security Flaws
According to a report from ZDNet, Internet Explorer 10 users in Windows 8 may be at risk due security vulnerabilities in the browser's embedded Flash player. Microsoft has not release software patches for these security flaws as the company has yet to officially launch its new Windows 8 operating system.
Just last month in August, Adobe released a number of security updates for its Flash Player. According to the company's security bulletin, these software patches will "...address the vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.". The bulletin went further to label Microsoft's Windows operating system with a Priority Rating of 1as the operating system has a high risk of being compromised if the flaws are left unattended.
Due to the tight coupling of Flash player with IE10, Windows 8 users are unable to install updated versions of Adobe Flash Player themselves anymore. They would have to wait for IE10 update packages that contain updates from Adobe. According to ZDNet who spoke to Microsoft about this security issue, the former's response was that upon general availability of Windows 8, which is on 26 October this year, the security update will be released through Windows Update.
The main gripe about this situation is Microsoft's lethargic response to this critical security update. Though the current user base of Windows 8 is not large, the Redmond software company should exercise due diligence in timely updates as part of its strategy to keep users of its software safe and secure. As a workaround, current users of Windows 8 can avoid Internet Explorer 10 and use Chrome as their default browser. Incidentally, Google's Chrome also has its own embedded Flash player; however, unlike IE10 in Windows 8, Google implemented Adobe's patches to the browser on August 21 and subsequently disseminated to Chrome users.