Microsoft issues IE 10 Flash flaw fix for Windows 8
Hot on the heels of an update that fixed the recent zero-day flaw discovered in Internet Explorer versions 7, 8, and 9, Microsoft has released a separate patch that solves issues related to the Adobe Flash Player component of Internet Explorer 10. The current Flash vulnerabilities only affect IE 10 running on Windows 8 and …
This topic is closed for new posts.
Wonderful
Given the past record of both IE and Flash regarding exploits I am sure that hackers are wetting themselves with excitement at this news.
Two losers in the security game are teaming up to give you what? Built in vulnerabilities? Surely given the experience of Flash on OSX with late patches etc.people should be very wary of this.
Time to ditch IE I think.
Re: Wonderful
Problem is, some companies have a policy of only allowing IE to run on their machines. Not necessarily for the better...
Re: only allowing IE to run on their machines.
It's not the policies that bother me, it's the internally developed APPS that require IE in order to run properly that bother me.
Our agency installs both IE and Firefox by default (no Chrome, but I expect that to change before the next 12 months are up), but certain critical apps are still only certified for IE. If they run in FF, great; but if you have a problem with FF, don't call their support line because it ain't supported.
Flash? Yet *another* reason to avoid Win8 like the plague! Win8, IE, Flash - treble ghastly!
Great...
I can understand them combining IE and Flash on Win8 but why the hell would anyone want flash sitting on a server? Yes you can probably disable it/remove IE but you can put any money on it being there by default.
Re: Great...
The default server 2012 install has no UI components at all AFAIK (all administration tasks are performed remotely). However if you are setting up a terminal server or need to run a UI dependent service then UI services can be installed. Don't know if IE is mandatory in this circumstance however.
Re: Great...
IE isnt installed on 2012 Server by default.
Good general purpose heuristic
If you simply avoid using Internet Exploder altogether, you don't have to worry about a lot of these exploits.
Re: Good general purpose heuristic
But the main alternatives - Firefox, Safari, Chrome all have far more vulnerabilities than current IE versions! Are we to go without a browser?!
Re: Good general purpose heuristic
On Saturday 22nd September at 20:16 RICHTO said, "But the main alternatives - Firefox, Safari, Chrome all have far more vulnerabilities than current IE versions! Are we to go without a browser?!"
I know that historically Firefox (as an example) has, during certain time frames, had a larger number of bugs and vulnerabilities than say IE. Now, I am not saying that I don't believe you here 'RICHTO', but I would be interested to any data upon which this statement is based (assuming of course that any data has not been either sourced from, or sponsored by, Microsoft - either directly or indirectly).
From figures I have seen previously, Microsoft's biggest past failure has been the time frame within which many issues were addressed. Again, I would be interested to see any independent data on this too.
But your comment does hint at a valid point, and one that I see almost daily. That is, people saying things like, "Oh. I won't have any problems as I don't use IE any more". (Comments akin to this are also posted on The Register from time to time).
IMO the IT community in general, with all it's whinging about IE, leads many to think that other browsers are safe and secure. There's a lot of Microsoft bashing that goes on - some valid, some not - but the IT community does both itself and others a disservice when it fails to equally address similar issues in other UA's.
Re: Good general purpose heuristic
Oh,'RICHTO' also stated "far more vulnerabilities than current IE versions!"
Would you perhaps concede RICHTO that 'current IE versions' is part of the problem, in that it's plural! Surely Microsoft would be better placed and received if that were current version and also a single current version that was not so deeply hooked into the OS, and one that was actually backwards compatible with respect to OS's?
Re: Good general purpose heuristic
I don't see how Firefox is any better. Every "web browser market share" report I see has to list numerous versions of Firefox, so while the *latest* version might be safe from known exploits, there are still plenty of older versions still in-use that are exploitable.
MS has been trying to get people to upgrade IE version for years, but it's the corporates that insist on IE6 because it's "easier/cheaper" to ignore unknown possible security threats than the known cost of having to do actual testing for their crappy internally written applications.
On one hand, when MS "force" people to upgrade IE, everyone complains about MS being too controlling. When MS let people upgrade themselves, then MS gets blamed for all the crappy old versions still out there when people don't upgrade. Damned if they do, damned if they don't.
Re: was not so deeply hooked into the OS
but if they did that, Mozilla could take them back to court for damages related to perjury on the Netscape settlement.
Judging by the bug count I couldn't possibly say one way or the other...
A gazillion lines of complex code or a total piece of shit? Probably both ;error handler required here
Trading Adobe's security for Microsoft's
Ah, rest easy now then.
Out of curiosity
Can anybody recall a new version of windows that was not expliotable on its initial release, by that I mean a expliot known about from the time of going gold and the consumer release and having a day one install patch waiting for them.
I'm thinking WFWG 3.11 and below mostly.
Don't want anything from adobe on any computer of mine. Any way to eliminate Flash or flash-like components from IE 10?
WSUS
Shame that WSUS before server 2012 won't patch Windows 8.
Download that hot fix.
Re: WSUS
You mean an update for WSUS like this one that let's you patch Win8/2012?
http://support.microsoft.com/kb/2734608
This topic is closed for new posts.
