Microsoft To Provide More Patches For Third-Party Apps

Some observers wonder if Microsoft's patch of Adobe Flash Player augers the company's permanent move to be more accountable for the security of bundled, partnered products in Windows.
Microsoft confirmed Wednesday that it will continue to patch third-party products that impact Windows.

Tuesday, Microsoft pushed out a patch to Windows XP, 98, and Millennium users for Flash Player, an Adobe-owned multimedia application that's bundled with those operating systems. It was the first time that the Redmond, Wash. developer had issued an update for a non-Microsoft product using its Windows Update service.

A Microsoft spokesman explained the decision Tuesday afternoon by saying that "Flash Player is a third-party technology that is redistributed by Microsoft in certain versions of Windows, therefore some Microsoft customers may be at risk.

"Microsoft is committed to protecting our customers from security threats and so has worked closely with Adobe to develop, test, and release security updates that help protect our mutual customers from these security vulnerabilities," he continued.

When asked Wednesday whether the Flash update was a one-time event or the beginning of a long-term practice, the spokesman's answer was oblique.

"I think Chris Andrew had it right when you quoted him as saying, 'Third-party vulnerabilities, when those third-party products are bundled with Windows, must be patched just as if they were Windows bugs,'" the spokesman added Wednesday.

Andrew, vice president of security technologies at patch and vulnerability management maker PatchLink, commented in a TechWeb story Tuesday about the three security bulletins Microsoft released, including MS06-020, the one which updates Flash Player.

"Is this a move to take more accountability of bundled, partnered products in Windows?" asked Mike Murray, director of research at vulnerability management vendor nCircle, in that same story Tuesday. "If so, that would be huge, a phenomenal step for Microsoft, to essentially 'own' security at any level that touches the Microsoft OS."

Editor's Choice
James M. Connolly, Contributing Editor and Writer
Carrie Pallardy, Contributing Reporter
Shane Snider, Senior Writer, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author