One of the biggest threats to users of Windows 8 right now is the vulnerability found in the Modern UI version of IEE 10. Microsoft originally intended this version of Internet Explorer to run without plug-ins. This was intended to keep the browser secure, No Flash, Java or Silverlight and there is very little chance of getting malware through your web browser. It was a grand idea that we knew would not last and it did not. It was not that long before Microsoft announced that IE 10 would have its own bundled version of Flash that would stand alone. Microsoft would be responsible for the updates to this when they provided updates to the browser (can you see the flaw in the plan yet?).
Now we are finding out that the version of Flash that is integrated into the shipping version of Windows 8 is vulnerable to existing Malware simply because Microsoft did not update it. This means that if you are running the RTM version of Windows 8 you are vulnerable to exploits that have been out for several weeks and you have no ability to patch it until Microsoft does. Microsoft has said they will release a patch after the new OS is officially launched on October 26th. This does not mean that you will get a patch for Modern UI IE 10 on that day; it means that sometime after the 26th Microsoft will push out a patch through the regular Windows Update service.
This is another in a lengthening list of security issues that are popping up now that more people are getting their hands on the final build. Microsoft claims that by pushing Flash updates through Windows Update they are making things more convenient for people and to some degree that is true, but in some cases this may also delay the release of critical fixes as they wait for their normal cycle. Make no mistake; Windows 8 does not have a glorious future set in stone yet. There are problems with the OS that could sway more than a few consumers to avoid the new OS. Although we think that Microsoft is going in the right direction by getting into the tablet market and creating an ecosystem for all of their devices, we do think they are firmly off the road and in the gutter with the way they are executing this idea.
Discuss this in our Forum