IE browser XSS flaw opens door to thieves and phishers
IE browser XSS flaw opens door to thieves and phishers

Microsoft has said that it will patch a Flash flaw in Internet Explorer ahead of the launch of Windows 8.

Originally, the company said that it would not patch the exploit in the forthcoming Internet Explorer 10 (IE 10) browser until after Windows 8 ships on October 26th.

In a statement sent to ZDNet, Yunsun Wee, director of Microsoft Trustworthy Computing, said: “In light of Adobe's recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers. This update will be available shortly.

“Ultimately, our goal is to make sure the Flash Player in Windows 8 is always secure and up-to-date, and to align our release schedule as closely to Adobe's as possible.”

Originally Microsoft said that fixes issued for Flash in August were available for installation on Internet Explorer 9 and earlier versions in Windows 7, Windows Vista, and Windows XP SP3, but as IE10 incorporates its own version of Flash, this cannot be removed and can only be updated by Microsoft. Therefore the fixes would not be available for IE10 until Windows 8 is launched.