Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft re-releases the KB 4287903 Flash zero-day patch

    Home Forums AskWoody blog Microsoft re-releases the KB 4287903 Flash zero-day patch

    This topic contains 18 replies, has 12 voices, and was last updated by  anonymous 6 months ago.

    • Author
      Posts
    • #196917 Reply

      woody
      Da Boss

      Remember that Flash zero-day patch Microsoft released on June 7? You know, the really out of band patch that fixes the zero-day hole that’s so easy to
      [See the full post at: Microsoft re-releases the KB 4287903 Flash zero-day patch]

      1 user thanked author for this post.
    • #196924 Reply

      Kirsty
      AskWoody MVP

      From @gborn on borncity.com:

      Flash-Update KB4287903: Install issues with WSUS
      By guenni | June 8, 2018

       
      It seems that Microsoft has messed up the critical Adobe Flash Update KB4287903 for Windows. At least for enterprise environments with WSUS, where the patch may causes install issues.

       
      Read the full article here

      4 users thanked author for this post.
    • #196927 Reply

      WildBill
      AskWoody Lounger

      From the link you provided, it definitely happens with the WGT (World Golf Tour) video game. Is anyone having Flash problems not related to WGT since they installed the update? As per Woody’s advice, I keep Flash disabled on Firefox, but update it for IE 11 on Win 8.1. Not using IE 11 unless a Windows app uses it. Will reboot to see if Windows Update pumps KB4287903 down the pipe again…

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

    • #196933 Reply

      b
      AskWoody Lounger

      Remember that Flash zero-day patch Microsoft released on June 7?

      But there have been problem reports attributed to the patch that — again, reportedly — go away when the patch is uninstalled.

      Microsoft’s patch was only for IE/Edge on Win 8/10 (which most here think no one uses).

      Those flash golfers needing to revert are using Chrome, Firefox, Opera, Maxthon, Slimjet.

      There are several companies you could blame for that before Microsoft.

      Does no one else sense the irony here?

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

      • #196963 Reply

        anonymous

        I don’t think anyone was blaming anyone for anything, only expressing puzzlement. It would be more useful though if MS expressly stated with the install information that the update was for their browsers only.

        2 users thanked author for this post.
      • #196991 Reply

        woody
        Da Boss

        You’re quite correct.

    • #196942 Reply

      OscarCP
      AskWoody Lounger

      I have Windows 7, so I downloaded “Flash” directly from Adobe (because, for Win 7, one has to), and what came down was the latest Adobe Flash ActiveX (the one thing, or so it seems, that has actually been changed). I have installed it (it is an automatic process, once one starts it by downloading) and noticed no problems connecting to sites that still run with Adobe Flash.

      I wonder if those with other versions of Windows might no be better off by ignoring the dubious stuff they are receiving from MS and go get theirs, instead, directly from the source…

      The link, here:    https://get.adobe.com/flashplayer/

       

      • This reply was modified 6 months, 1 week ago by  OscarCP.
      • #196947 Reply

        b
        AskWoody Lounger

        I have Windows 7, so I downloaded “Flash” directly from Adobe (because, for Win 7, one has to), and what came down was the latest Adobe Flash ActiveX (the one thing, or so it seems, that has actually been changed). I have installed it (it is an automatic process, once one starts it by downloading) and noticed no problems connecting to sites that still run with Adobe Flash.

        I wonder if those with other versions of Windows might no be better off by ignoring the dubious stuff they are receiving from MS and go get theirs, instead, directly from the source…

        The link, here: https://get.adobe.com/flashplayer/

        Despite the impression given by Woody, there is nothing dubious from MS here.

        Modern versions of Windows cannot get their Flash updates directly from Adobe, because Microsoft wants to make sure they get them automatically.

        Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

        1 user thanked author for this post.
        • #196952 Reply

          anonymous

          The Flash updates that “Modern versions of Windows cannot get… directly from Adobe” only apply to Microsoft browsers (i.e. Edge/IE).  If you also use other browsers on modern versions of Windows you will have to get the Flash updates for those browsers directly from Adobe!

          I typically don’t use Edge or IE but nevertheless make sure to get Flash updates for those via Windows Update.  Separately, I download my Flash update for Firefox directly from Adobe.

          1 user thanked author for this post.
    • #196959 Reply

      Cee Arr
      AskWoody Lounger

      Re Adobe Flash from MS:  I do not have Adobe Flash Installed on my Asus Windows 1o Home computer, do not have IE, do not use Edge, prefer Firefox yet MS keep trying to automatically install the latest Flash updates.  Checking back they have done so several times with their MMUs (messy monthly updates).  Q1. Can I uninstall the previous un-necessary updates? Q2. Based in Bangkok is it possible the local MS crowd are doing the updates?  If so, it would explain a lot.  Woody and Co., thanks for all the hard work and invaluable information.

      • #196962 Reply

        PKCano
        AskWoody MVP

        Unfortunately, IE11 is an integral part of the Windows 10 Operating system. Even if you do not use it for your browser (never open it) it is still vulnerable and MS has chosen to bundle Flash with it. The same goes for Edge – just because you never use it as a browser, it is still a part of the Operating System.

        So, given that, if you do not patch IE11/Edge and the accompanying Flash, you leave your system vulnerable.

        3 users thanked author for this post.
        • #197033 Reply

          Ascaris
          AskWoody MVP

          Theoretically, you’re still leaving the system vulnerable, but one of the most important things you can do in general to improve your odds against malware is to be careful what you do while online.  Not going to questionable web sites is a well-known one, although you can never know for sure that a supposedly legitimate site has been compromised.  Even so, if you never use IE to go to any sites at all, the odds are pretty slim of having a flash object attempt to run, I would think.

          If IE is sitting there going to web sites all by itself, that’s probably the problem I would think the most important.  It may have been foolishly made part of the OS by a monopolist trying to avoid being forced to unbundle it (successfully, I might add; lying to Congress works), but it still takes a human to point it in the general direction of a site containing infected flash code.   Or, at least, I hope so.

          I have IE on all of my Windows installations “uninstalled,” at least to the greatest extent possible.  In XP, “turning off” IE didn’t really accomplish any more than setting something else as your default browser.  Even “turned off,” it managed to pop up quite often when certain programs that were hard-coded to call IE rather than use the default browser would run.

          In Windows 7 (I have no idea how it was in Vista), turning off IE actually meant something, as it does remove iexplore.exe from the \Program Files and \Program Files (x86) (if applicable) directories, in addition to unregistering it as an available handler for browser file types.  The rest of the files besides iexplore.exe are still there, and iexplore.exe is still in the WinSxS directories, but that’s as close as you can get to an “official” uninstall.

          Whether that offers any protection against this new malware, I don’t know.  I rather wish MS had left Flash the way it was– which is to say an optional addon that can be completely uninstalled, rather than another component of IE/Edge, themselves components of the OS (neither of which have any business being true).  Now, in the supposed interest of better security for their customers, they’ve made sure Flash is still a part of our lives even if we’ve jettisoned it long ago to the extent that we can.

          Group L (Linux): KDE Neon User Edition 5.14.4 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

    • #197044 Reply

      Susan Bradley
      AskWoody MVP

      I’m not seeing anything in WSUS to showcase a revision.

      Susan Bradley Patch Lady

      1 user thanked author for this post.
      • #197073 Reply

        woody
        Da Boss

        It looks like I hit a momentary glitch in the Catalog. I should’ve taken a screenshot….

        Anyway, all is well now.

        1 user thanked author for this post.
    • #197049 Reply

      Geo
      AskWoody Lounger

      Win 7,  With Firefox  add on’s I disable flash  unless a site does not work then I enable it.

      • This reply was modified 6 months, 1 week ago by  Geo.
      • This reply was modified 6 months, 1 week ago by  Geo.
      1 user thanked author for this post.
    • #197054 Reply

      numike
      AskWoody Lounger

      Possibly related to this thread but thank you for reading.  My malwarebytes premium trial is almost up and am at a loss as to if I should purchase the premium or go with another program.  I have read where malwarebytes is not that great.  Any suggestions-recommendations is appreciated.  TY
      Windows 10 Home (x64) Version 1709 (build 16299.461) Firefox Quantum 60.02

    • #197053 Reply

      anonymous

      I got the update for Windows 8.1 recently.  Of course I know it is only for IE.  Have noticed no issues with IE, which I normally do not use.  I normally use Firefox, but it and other browsers update plugins automatically.  With Opera, I do not know, since I don’t have access to plugins on that browser now.  I don’t use Opera on Windows, since it blips my icons when it starts.  I do use it on Ubuntu, where it annoyingly starts half-screen.  I have not found an effective way to fix this.

    • #197814 Reply

      anonymous

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft re-releases the KB 4287903 Flash zero-day patch

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.