back to article Microsoft issues IE 10 Flash flaw fix for Windows 8

Hot on the heels of an update that fixed the recent zero-day flaw discovered in Internet Explorer versions 7, 8, and 9, Microsoft has released a separate patch that solves issues related to the Adobe Flash Player component of Internet Explorer 10. The current Flash vulnerabilities only affect IE 10 running on Windows 8 and …

COMMENTS

This topic is closed for new posts.
  1. nematoad
    FAIL

    Wonderful

    Given the past record of both IE and Flash regarding exploits I am sure that hackers are wetting themselves with excitement at this news.

    Two losers in the security game are teaming up to give you what? Built in vulnerabilities? Surely given the experience of Flash on OSX with late patches etc.people should be very wary of this.

    Time to ditch IE I think.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wonderful

      Problem is, some companies have a policy of only allowing IE to run on their machines. Not necessarily for the better...

      1. Tom 13
        Unhappy

        Re: only allowing IE to run on their machines.

        It's not the policies that bother me, it's the internally developed APPS that require IE in order to run properly that bother me.

        Our agency installs both IE and Firefox by default (no Chrome, but I expect that to change before the next 12 months are up), but certain critical apps are still only certified for IE. If they run in FF, great; but if you have a problem with FF, don't call their support line because it ain't supported.

  2. This post has been deleted by its author

  3. Alex Horrocks
    WTF?

    Great...

    I can understand them combining IE and Flash on Win8 but why the hell would anyone want flash sitting on a server? Yes you can probably disable it/remove IE but you can put any money on it being there by default.

    1. Malcolm 1

      Re: Great...

      The default server 2012 install has no UI components at all AFAIK (all administration tasks are performed remotely). However if you are setting up a terminal server or need to run a UI dependent service then UI services can be installed. Don't know if IE is mandatory in this circumstance however.

    2. RICHTO
      Mushroom

      Re: Great...

      IE isnt installed on 2012 Server by default.

  4. Anonymous Coward
    Anonymous Coward

    Good general purpose heuristic

    If you simply avoid using Internet Exploder altogether, you don't have to worry about a lot of these exploits.

    1. RICHTO
      Mushroom

      Re: Good general purpose heuristic

      But the main alternatives - Firefox, Safari, Chrome all have far more vulnerabilities than current IE versions! Are we to go without a browser?!

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Good general purpose heuristic

        On Saturday 22nd September at 20:16 RICHTO said, "But the main alternatives - Firefox, Safari, Chrome all have far more vulnerabilities than current IE versions! Are we to go without a browser?!"

        I know that historically Firefox (as an example) has, during certain time frames, had a larger number of bugs and vulnerabilities than say IE. Now, I am not saying that I don't believe you here 'RICHTO', but I would be interested to any data upon which this statement is based (assuming of course that any data has not been either sourced from, or sponsored by, Microsoft - either directly or indirectly).

        From figures I have seen previously, Microsoft's biggest past failure has been the time frame within which many issues were addressed. Again, I would be interested to see any independent data on this too.

        But your comment does hint at a valid point, and one that I see almost daily. That is, people saying things like, "Oh. I won't have any problems as I don't use IE any more". (Comments akin to this are also posted on The Register from time to time).

        IMO the IT community in general, with all it's whinging about IE, leads many to think that other browsers are safe and secure. There's a lot of Microsoft bashing that goes on - some valid, some not - but the IT community does both itself and others a disservice when it fails to equally address similar issues in other UA's.

        1. Anonymous Coward
          Anonymous Coward

          Re: Good general purpose heuristic

          Oh,'RICHTO' also stated "far more vulnerabilities than current IE versions!"

          Would you perhaps concede RICHTO that 'current IE versions' is part of the problem, in that it's plural! Surely Microsoft would be better placed and received if that were current version and also a single current version that was not so deeply hooked into the OS, and one that was actually backwards compatible with respect to OS's?

          1. Mort
            Facepalm

            Re: Good general purpose heuristic

            I don't see how Firefox is any better. Every "web browser market share" report I see has to list numerous versions of Firefox, so while the *latest* version might be safe from known exploits, there are still plenty of older versions still in-use that are exploitable.

            MS has been trying to get people to upgrade IE version for years, but it's the corporates that insist on IE6 because it's "easier/cheaper" to ignore unknown possible security threats than the known cost of having to do actual testing for their crappy internally written applications.

            On one hand, when MS "force" people to upgrade IE, everyone complains about MS being too controlling. When MS let people upgrade themselves, then MS gets blamed for all the crappy old versions still out there when people don't upgrade. Damned if they do, damned if they don't.

          2. Tom 13
            Joke

            Re: was not so deeply hooked into the OS

            but if they did that, Mozilla could take them back to court for damages related to perjury on the Netscape settlement.

  5. Mr Young
    WTF?

    Judging by the bug count I couldn't possibly say one way or the other...

    A gazillion lines of complex code or a total piece of shit? Probably both ;error handler required here

  6. Mikel
    Facepalm

    Trading Adobe's security for Microsoft's

    Ah, rest easy now then.

  7. Anonymous Coward
    Anonymous Coward

    Out of curiosity

    Can anybody recall a new version of windows that was not expliotable on its initial release, by that I mean a expliot known about from the time of going gold and the consumer release and having a day one install patch waiting for them.

    I'm thinking WFWG 3.11 and below mostly.

  8. johnwerneken
    Flame

    Don't want anything from adobe on any computer of mine. Any way to eliminate Flash or flash-like components from IE 10?

  9. Andrew Baines Silver badge
    Stop

    WSUS

    Shame that WSUS before server 2012 won't patch Windows 8.

    Download that hot fix.

    1. This post has been deleted by its author

    2. Mort
      Thumb Up

      Re: WSUS

      You mean an update for WSUS like this one that let's you patch Win8/2012?

      http://support.microsoft.com/kb/2734608

This topic is closed for new posts.

Other stories you might like