Internet Explorer 10’s bundled Flash leaves users exploitable

Topic

New Reply

The included version is out-of-date, but can’t be fixed with Adobe’s updater.

Bruce

Reply | Quote

Replies

… also discussed here:

Microsoft puts Windows 8 users at risk with missing Flash update

Bruce

Reply | Quote

We’ll have to wait and see what MS and Adobe do to fix this lapse. It could be 2 or 3 weeks between the issue of Flash updates and the WU to issue these fixes. I was wondering about this myself. Waiting until Oct. 26th for MS to issue changes to this procedure does seem dangerous.

Reply | Quote

The article from ZDNet discusses a couple work arounds until MS and Adobe get their act together.

Reply | Quote

In addition to ActiveX filtering, if you click More Information under Shockwave Flash Object and then Remove all sites, you will be prompted to allow the first request from any site.

Bruce

Reply | Quote

MS has promised to patch Flash shortly. No timetable given.

Reply | Quote

Flash for IE10/64 is now available via MU

Reply | Quote

After WU of Flash, installed version is 11.3.374.7

FileHippo.com Update Checker shows Flash (For IE) version S.B. 11.4.402.278

Not sure why. I do not know what the Flash version was before this WU.

Reply | Quote

11.4 was at the time in Beta. Now Windows 8/IE 10 is still using Flash Player 11.3.375, which is reasonably secure. Chrome for Windows 8 is up to Flash Player 11.4 (Pepper Flash). Guess which browser I’m using in Win 8!

-- rc primak

Reply | Quote

11.4 was at the time in Beta.

11.4 had been non-Beta since 8/21/2012, a month before the first update for IE10.

Bruce

Reply | Quote

11.4 had been non-Beta since 8/21/2012, a month before the first update for IE10.

Bruce

All the more reason to use Chrome for most Windows 8 web browsing. Microsoft really needs to get on track about this.

-- rc primak

Reply | Quote