Microsoft this week made available its first ever software patch for another vendor’s product, plugging a critical Windows hole that endangered users of Adobe’s Flash Player.
Microsoft signaled the third-party patch may be the first of more to come, which has broad implications for security and other software vendors. The move comes after Microsoft’s protests over supposed encroachment on its own turf in terms of providing necessary software updates and patches.
“I find it ironic, almost humorous, relative to Microsoft’s complaints about security firms issuing Windows patches,” IT-Harvest Founder and Chief Research Officer Richard Stiennon told TechNewsWorld.
The vulnerability addressed by the Microsoft fix for Flash was a typical Windows issue whereby a user with administrator rights could take control of affected systems, which included Windows XP, Windows 98 and ME.
The attacker would then have the ability to install, view, change or delete new programs, or create new user accounts with full user rights, according to Microsoft’s security bulletin.
Microsoft indicated new versions of Flash Player, as well as security advice from an Adobe security advisory, would prevent users from being vulnerable.
However, there were reports that the Flash patch from Microsoft would not install correctly, and that even with updated versions of Flash, which was a liability only with versions 7 or older, Windows users were being told to install the patch.
Those expressing their opinions about the third-party patch from Redmond said it might bring more security, but it was sure to bring more complexity and criticism as well.
The patch, which Microsoft worked with Adobe to produce, may be a sign of things to come as security holes in third-party products bundled with Windows are addressed more frequently, Microsoft said.
Bad and Good
Stiennon echoed others regarding the implications of third-party patching from Microsoft, which represents another step in Microsoft’s march to provide anti-virus and other security software to Windows customers on its own.
“I could see how it would work to their advantage,” he said, wondering if Microsoft might update third-party anti-virus solutions with Windows Update as well.
As for the Flash Player plug-in, it is so universal, it is a good thing that Microsoft was able to quickly release a patch for the problem, Stiennon concluded.
Is the patch worse than the danger? Now, when one of the WANTED cookies in my computer tries to signal StatCounter or RiteCounter not to count the click I just made on one my web sites, Adobe Flash Player stops my whole computer and demands that I delete that cookie THAT I WANT AND NEED. I did not delete the cookie- I pulled the plug, plugged it back in and quickly gave Adobe an inhouse message that they were greedy b**tards and idiots for thinking that they could control MY computer. Remember- Adobe put the patch in themselves, not Microsoft. Adobe is seeing the benefits of controling the computers of all the website owners, big and small. Control of those computers means more $$$$$$$$$ in sales. Adobe is not the victim here- Adobe sees $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$.