Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Windows 8 users open to Flash exploits

Posted on 10 September 2012.

Users who have downloaded and are using the "Release To Manufacturing" version of Windows 8 or the 90-day trial version of Windows 8 Enterprise should be aware that the Adobe Flash Player version integrated in Internet Explorer 10 hasn't been automatically updated by Microsoft and makes them vulnerable to code execution attacks due to four separate security flaws.

Microsoft, who has integrated Flash Player into IE10, is responsible for pushing out the update but hasn't done it the last two times for this version and, according to a Microsoft spokesperson, will not be doing it until Windows 8 becomes generally available to the public on 26 October.

These Adobe's two patches issued last month have closed eight vulnerabilities. Some of them are considered highly critical and have been spotted being misused in a number of attacks in the wild, reports H-Online.

One of them - CVE-2012-1535 - has been exploited by the Elderwood gang - a hacker group whose activities have been recently exposed by Symantec researchers.

Unfortunately, there is not much the users can do except stop using the aforementioned Windows 8 version. Before, when the Flash Player plugin was not integrated with the browsers, users could update it themselves, but with Windows 8 that option is non-existent.