September 12, 2012
First Flash Patch for Windows 8 to Arrive Sooner Rather Than Later
Michael Harper for redOrbit.com — Your Universe Online
Though October 26th is several weeks away, many have already begun to use Windows 8, Microsoft´s latest desktop and tablet operating system, ahead of its official public release. As is always the case in the techno-sphere, early adopters, though often respected by their peers, are also usually the group to bear the burden of bugs and glitches.
In an emailed statement to Ed Bott at ZDNet, Microsoft´s Director of Trustworthy Computing Yunsun Wee said, “In light of Adobe´s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly. Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe´s as possible.”
Though Microsoft could make this situation right “shortly,” there remains a question about how these Flash updates will be rolled out in the future.
As pointed out by Ars Technica, Adobe and Microsoft already have scheduled days on which they traditionally release patches to their software. The problem is that these days do not line up.
Adobe traditionally ships their patches on the third or fourth Tuesday of each month, while Microsoft ships their software updates on the second Tuesday of each month. Going forward, this means that Internet Explorer users could be left wide open and vulnerable to exploits for up to 2 weeks at a time, presenting a very predictable window of opportunity for cyber ne´erdowells.
"You would have thought that Microsoft would have had this all planned out previously," said Andrew Storms, director of security operations at nCircle Security. Speaking with Gregg Keizer of Computerworld, Storms later said, "Now, it's like an afterthought."
"It's almost as if it was an entirely different team from the security group that made this — or forgot — this arrangement.”
Of course, Adobe could simply give Microsoft an advance on their Flash patches, giving Redmond the ability to bundle these patches in their updates which precede Adobe´s by as much as 2 weeks. On the other hand, Adobe could also release one patch to all the major browsers–Chrome, Firefox, Safari or otherwise– at the same time, giving all Flash users the same level of protection.
It´s worth mentioning that Google´s Chrome browser also ships with a built-in version of Flash much like Internet Explorer. To their credit, Chrome has never had an issue with keeping Flash up-to-date. In fact, they´ve even been ahead of the Flash curve on a few occasions. If Chrome can do it, perhaps Microsoft should be able to as well?