A week after Adobe released patches for critical vulnerabilities in Flash Player, Microsoft also released patches for the same vulnerabilities in Edge and Internet Explorer 11 on Windows 8.1 and Windows 10. The vulnerabilities allowed an attacker to take full control of the system.
Normally Adobe and Microsoft release Flash Player updates around the same time to limit the number of vulnerable users. In the past it regularly happened that attackers analyzed Flash Player updates to find the patched vulnerabilities. These were then used to attack users who didn’t patch their system yet.
Last week, at the last moment, Microsoft decided to delay the Patch Tuesday of this month and to postpone it to the 14th of March. However, Adobe released updates for Flash Player according to the regular schedule. Because both Internet Explorer 11 on Windows 8.1. and Windows 10 and Microsoft Edge feature an embedded Flash Player these users now risked to be attacked.
Therefore Microsoft decided to nevertheless release patches for Flash Player yesterday, outside its regular patch cycle. On most systems the both Adobe’s and Microsoft’s patches are automatically installed.