Saturday, September 22, 2012

Flash Vulnerability in IE10 on Windows 8

Today, Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerability in Adobe
Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.  Technology mitigation is listed as:
  • In a web-based attack scenario where the user is using Internet Explorer 10 for the desktop, an attacker could host a website that contains a web page that is used to exploit any of these vulnerabilities.
  • Internet Explorer 10 in the Windows 8-style UI will only play Flash content from sites listed on the Compatibility View (CV) list. This restriction requires an attacker to first compromise a website already listed in the CV list. An attacker could then host specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website.
  • By default, all supported versions of Microsoft Outlook and Windows Live Mail open HTML email messages in the Restricted sites zone.
  • By default, Internet Explorer on Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration.  This mode can help reduce the likelihood of exploitation by these vulnerabilities in Adobe Flash Player in Internet Explorer 10

More info at:

No comments:

Post a Comment