Microsoft IE vs. Adobe Flash: Zero-Day Analysis

Image from grahamcluley.com/

There has been quite a bit of discussion and coverage the past few days about the new Internet Explorer zero-day vulnerability and associated exploits. Through this pandemonium, there was also a zero-day vulnerability for Adobe Flash, arguably effecting a like number of users. Unlike the Flash vulnerability however, federal government agencies have stepped in and advised Windows users to use other browsers, only adding to the paranoia and media spin. As of March 11th, there were an estimated 1.4 billion active Windows licenses and of those, about 30% were XP systems. Not accounting for the number of users who have upgraded in response to the April 8th cutoff for support from Microsoft, that leaves about 488 million systems that will not receive the patch for Internet Explorer’s zero-day vulnerability when it is released.
Another reason that the Adobe Flash vulnerability has not gained as much space in the headlines is the simple fact that it was patched within 24 hours. Not only is Microsoft currently leaving all of their users out to dry, but a good number of them will never get relief from this zero-day. It is important to note that Microsoft is worth an estimated $300 billion, while Adobe has a meager net worth of $18 billion, comparatively.
Some think that the IE vulnerability could finally force users to upgrade their Windows XP systems, even though they already made the decision to keep an unsupported operating system. Others claim that any issues resulting in XP users being attacked is of their own irresponsibility.
Could this lack of support from Microsoft have a negative effect on their stock prices? Is this just another reason for computer users to have less trust in the information system giant, causing them to use Apple products and operating systems? Will users decide to take the less expensive path and switch to a Linux solution, which has steadily gained popularity during the last decade?
What do you think?

Steve P. Higdon has been working in the information security field for over ten years, providing support and consultancy to several public and private sector organizations. Steve holds several industry certifications and can be reached via email at infosec@stephenhigdon.com and on Twitter at @SteveHigdon.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s