Microsoft will wait for the commercial release of Windows 8 to update the Flash Player plug-in integrated into Windows Explorer 10 by default.
While the Windows 8 operating system is not yet available to the general public, with the launch of this OS planned for the 26th of October, the RTM version is already out there with TechNet and MSDN subscribers having access to this.
A security problem has been raised by ZDNet though (an issue has been experienced by users operating the various test versions) relating to Internet Explorer 10. This browser directly integrates a Flash Player plug-in which is vulnerable.
In August, Adobe released corrective security patches for Flash Player to correct critical vulnerabilities which, when executed, allow attackers to lock Flash up and take control of the affected system.
With Flash player being integrated into IE10 (in the same way as Google Chrome), the corrective patches also have to be integrated into an IE10 update released by Microsoft who works in collaboration with Adobe.
A Microsoft spokesman has indicated that the current version of Flash in Windows 8 RTM doesn’t have the latest corrective patches. "We will have a security update coming through Windows Update in the GA timeframe (note: Windows 8 to be released on the 26th of October) ".
Windows 8 of course still doesn’t have any general users on it, but Microsoft’s reaction hasn’t been well received considering Oracle and Apple have previously been criticised for similar responses.
For affected users, it is possible to disable the integrated plug-in via IE10’s plug-in manager, or a different browser can be used which has an updated version of Flash Player. Adobe recently published version 11.4 of Flash Player.