Microsoft, who has integrated Flash Player into IE10, is responsible for pushing out the update but hasn't done it the last two times for this version and, according to a Microsoft spokesperson, will not be doing it until Windows 8 becomes generally available to the public on 26 October.
These Adobe's two patches issued last month have closed eight vulnerabilities. Some of them are considered highly critical and have been spotted being misused in a number of attacks in the wild, reports H-Online.
One of them - CVE-2012-1535 - has been exploited by the Elderwood gang - a hacker group whose activities have been recently exposed by Symantec researchers.
Unfortunately, there is not much the users can do except stop using the aforementioned Windows 8 version. Before, when the Flash Player plugin was not integrated with the browsers, users could update it themselves, but with Windows 8 that option is non-existent.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.