Microsoft Integrates Flash Player Updates for IE10 On 'Patch Tuesday' Rollouts
For about as long as it's existed, Adobe's Flash plugin has been one of the most vulnerable pieces of software on the planet. Much like an operating system itself, most people readily install a Flash plugin soon after a fresh install, so it's no wonder that people are often on the hunt to see what kind of exploits can be had. It's for this reason that Adobe releases updates frequently, and one of the reasons people are often annoyed with the company. As the Dos Equis man would say, "I don't always have to update Adobe software - oh wait, I do."
In an update to its quarterly security report, Kapersky has awarded 4 of the top 10 places in a list of serious vulnerabilities to Flash/Shockwave. This makes the reason for frequent updates obvious, but one problem many people face is that they don't get these regular updates. Why? Because they've disabled Adobe Updater's ability to search for updates, due to its naggy nature.
It's thanks to this that Adobe has just gotten "married" to Microsoft, as Andrew Storms, director of security operations at nCircle Security, has put it. Married in the sense that Adobe is now working closer with Microsoft to ensure that people get the updates to Flash that they need. If you're thinking this sounds like Windows Update, you're spot-on.
Going forward, Adobe will be allowed to slipstream its latest Flash update into Windows Update (which Microsoft still validates, I'm sure), so that whenever "Patch Tuesday" rolls around, your Flash will be taken care of. As some first experiences have shown, these updates will kill any active Flash usage, so bear that in mind. There's also a caveat - this affects Internet Explorer 10 only. Hopefully we'll see this spread more in the future, since updating the Flash plugin system-wide is a trivial matter.
While the thought of Adobe breaking into Windows Update is a little concerning, this is for a good reason. We've already established that Flash is mega-vulnerable, and it's a plugin that nearly everyone uses. This to me is a brilliant move by both Microsoft and Adobe, even if it is a simple one.
For information on the most recent patch (yesterday's), you can view the entry over at TechNet.