Zero-day Flash Fix Rolling Out Now for IE10 and IE11

A zero-day flaw in Adobe Flash was discovered this week. Microsoft is taking steps today to deliver a security update for IE10 and IE11.

Rod Trent

January 23, 2015

2 Min Read
Zero-day Flash Fix Rolling Out Now for IE10 and IE11

Adobe Flash Player was caught with yet another zero-day flaw this week. Adobe released security fixes yesterday, providing a patch and releasing guidance for updating on affected systems. Affected systems include the usual gang including Windows, Mac, and Linux and any of the following software versions.

Affected software versions:

  • Adobe Flash Player 16.0.0.257 and earlier versions

  • Adobe Flash Player 13.0.0.260 and earlier 13.x versions

  • Adobe Flash Player 11.2.202.429 and earlier versions for Linux

This patch is important because and attacker…

  • Could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website

  • Could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine

  • Could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements

Starting with Windows 8 and Windows Server 2012, Microsoft started including embedded Flash Player support in IE10. And, as both operating systems were updated and IE11 was released, this continued. But, this means that when Adobe releases security updates for its Flash Player components, Microsoft has to follow up with a patch of its own to ensure IE10 and IE11 match the updated security.

To warn customers, Microsoft put up a Security Advisory shortly after Adobe released its patches. Security Advisory 2755801 is online to view here: Microsoft Security Advisory 2755801. Today, the update is already out the door and well on its way down the Windows Update wires. I received my update first thing this morning.

For those companies staging delivery of the update, Microsoft has made it available for download in the Support Center. It's available for both IE10 and IE11 running on Windows 8 for 32-bit Systems, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows 8.1 for 32-bit Systems, Windows 8.1 for 64-bit Systems, Windows Server 2012 R2, and Windows RT 8.1.

Incidentally Server Core for Windows Server 2012 and Windows Server 2012 R2 are not affected.

The downloads are available from here: Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer: January 22, 2015

About the Author

Rod Trent

Rod Trent

See more from Rod Trent
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a stressed employee at their laptop and collaboration icons gone amok
Unified Communications
Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?
byBrien Posey
Sep 12, 2024
4 Min Read
person placing a block between two columns of blocks
IT Management
Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?
byNathan Eddy
Sep 7, 2024
7 Min Read
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge
byIan Horowitz
Aug 30, 2024
1 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

tablet with "cloud computing" on the screen on top of financial documents and calculator
Cloud Computing
Guide to Cloud Computing ETFsGuide to Cloud Computing ETFs
A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles