Hot on the heels of an update that fixed the recent zero-day flaw discovered in Internet Explorer versions 7, 8, and 9, Microsoft has released a separate patch that solves issues related to the Adobe Flash Player component of Internet Explorer 10.[blink] [blink]
Previous versions of IE displayed Flash content using Adobe's Flash Player plugin. But in IE 10, Microsoft has made Flash an integral part of the browser, with the goal of providing a "plugin-free" browsing experience. As a result, Flash security fixes for IE 10 must come from Microsoft, not Adobe.
Wow, I missed this along the way. Microsoft had been thumping their chest about not having to have a plug in for IE 10, but I didn't know that the reason was that it was because they had included the single buggiest application in the entire known Universe in their stupid browser.
This is without a doubt the single stupidest security decision since Microsoft made Internet Explorer a non-separable part of the Operating System. And even they know this:
According to the post, Microsoft will "coordinate" with Adobe to release IE 10 patches in conjunction with Adobe's regular, quarterly update cycle. In addition, Redmond says it may issue emergency updates outside of its own monthly security bulletin cycle, should the "threat landscape" require it.Ya think that the "threat landscape" will have as many Day Zero flash exploits next year as it did this year? The only question left unanswered is whether the Internet Explorer Product Manager uttered the words "Hey, hold mah beer" right before signing off on this brilliant idea.
My recommendation to all readers is not no every using Internet Explorer under any circumstances. Those on IE 8 and 9 should start planning their migration to Firefox, Opera, Safari, or other browser.