Posted by: Ed Tittel
Last week, as is my usual wont, I fired up Secunia PSI (Personal Software Inspector) for all of my machines. In a discovery that caused no excitement whatsoever when I first ran the utility, I got a display that looked like this:
“Oh well,” I thought to myself, “time to update Flash.” This occurs pretty frequently, so I figured I’d download a new ActiveX component, install it, and be done with the situation in a minute or two. Man, was I wrong — and man, did the root cause for my error cause quite a flap. It turns out that Flash is now integrated into Internet Explorer 10 (the version that ships with Windows 8) and thus updates to Flash can come only from Windows Update.
When I tried to install and update and failed, I jumped up to the PSI discussion forums and realized that not only was it not possible to install an update, it’s also impossible to uninstall Flash in Windows 8 as a quick-n-dirty method for preventing inadvertent security exposures an unpatched version can occasion. Right now, the only method of self-protection is to dig into IE 10, and disable Flash altogether. Later on, Microsoft fanned the flames of ire and outrage by announcing that although it was aware that Flash needed updating it didn’t plan to push any more updates for Windows 8 until the October 26 General Availability (GA) date hits.
Yesterday, probably in response to countless rants, raves, and appeals for clemency or consideration, Microsoft changed its plans. As reported in PC Magazine yesterday, Microsoft’s Directory of Trustworthy Computing, Yunsun Wee, indicated that “In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers.” This will apparently be the first time Microsoft releases a patch for an RTM version of a new OS, instead of waiting for the GA date to push a first round of updates and patches. And it’s supposed to be available “shortly,” whatever that means (I’m guessing that means “as soon as we can push a solid, vetted patched version out the door”).
All I can say is “Good for Microsoft, but better still for those already using Windows 8, especially in production!” I know of numerous hardy and adventurous souls who are doing that very thing, but I am NOT one of them…