Today we released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.
 
We recognize there has been some discussion about our update process as it relates to Adobe Flash Player. Microsoft is committed to taking the appropriate actions to help protect our customers and we are working closely with Adobe to deliver quality protections that are aligned with Adobe’s update process.
 
With respect to Adobe Flash Player in Internet Explorer 10, customers can expect the following:

  • On a quarterly basis when Adobe normally issues Flash Player updates, we will coordinate on disclosure and release timing.
  • When the threat landscape requires action outside of Adobe’s normal update cadence, we will also work to align our release schedules. For example, this may mean that in some cases we will issue updates outside of our regular monthly security bulletin release.

As always, we recommend customers visit the Advisory for more information and make sure the update is deployed as soon as possible to help ensure that they are protected.

Yunsun Wee
Director
Microsoft Trustworthy Computing