• Patch Lady – Flash update out on June 7th

    Home » Forums » Newsletter and Homepage topics » Patch Lady – Flash update out on June 7th


    Be aware that today a Flash update has been released.  For those of you on Windows 7 you will need to either look to a prompt or go to the Adobe flash
    [See the full post at: Patch Lady – Flash update out on June 7th]

    Susan Bradley Patch Lady

    11 users thanked author for this post.
    Viewing 17 reply threads
    • #196539

      From Bleeping Computer author Catalin Cimpanu:

      ‘Adobe has issued a security update for Flash Player today to patch a zero-day vulnerability exploited by attackers in the wild.

      The vulnerability was discovered and independently reported by several security firms —ICEBRG, Tencent, and two security divisions from Chinese cyber-security giant Qihoo 360.

      The vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player and earlier versions. It was fixed with the release of Flash Player’

      More information here:

      For W8.1 and W10 it looks like a June Patch Tuesday fix.

      Keep IT Lean, Clean and Mean!
      5 users thanked author for this post.
      • #196551

        Brian Krebs also has a report.

        I wonder if it’s out in time to make this month’s security patches for Windows and/or Office?

        1 user thanked author for this post.
      • #196587

        Unless MS distribute an out-of-band patch for those on W8.1 or W10, I’d advise to disable flash completely until patch Tuesday since this is a zero day exploit. Better safe than Sorry!

        Who uses flash these days, HTML5 is the way forward.

        Keep IT Lean, Clean and Mean!
    • #196597

      Thanks for the heads-up. Personally, I always download Adobe updates direct from their website. It’s a habit I got into years ago, when they started using the prompts to sneak Chrome and Mcafee onto unsuspecting P.C.’s without the owner’s express consent. Nothing wrong with Chrome, but I want to be the one to decide whether to install it on my computer – not Adobe.

      2 users thanked author for this post.
      • #196634

        @TheSurfingPensioner  hehe – I remember when Adobe flash would sneak (uh I mean offer) Google Chrome too. Currently the 2 optional offers (checked) when manually updating flash is McAfee Security Scan Plus and McAfee Safe Connect. Yes thx @PkCano, I got Adobe flash on Win 8.1 via Windows Update today too.

        • #196667

          The last couple of times I updated Flash, I noticed they had removed the pre-set checks in the boxes for the optional offers. Someone must’ve complained. It nearly threw me: I am so used to unchecking the boxes, I didn’t quite know what to do!

    • #196601

      Susan Bradley wrote:

      For those on 10, and 8.1 you get your update from Microsoft.

      As far as I know, that only works if you use IE or Edge exclusively.  If you use Firefox, Chrome, or any other non-MS browser, you have to get your update through Adobe as in Windows 7 (or better yet, uninstall Flash and don’t use it at all, if you don’t have some specific need for it).

      Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
      XPG Xenia 15, i7-9750H/16GB & GTX1660ti, OpenSUSE Tumbleweed

      1 user thanked author for this post.
    • #196600

      Adobe sneaking Chrome onto systems must have been a while ago because Chrome blocks Flash.

      I use Chrome and there is no Flash player installed on my systems. I won’t use websites that ask for flash to be installed.

    • #196604

      I said goodbye to Flash long time ago.

    • #196636

      I am Win 7 x64 and use Google Chrome as my browser, with Flash disabled. Therefore, I assume I don’t need to do an update for Flash to overcome this exploit?

      appreciate advice on this.


      • #196642

        Check your installed programs and if you have Adobe Flash installed you should update it or as said  better still uninstall the program.

    • #196658

      I am Win 7 x64 and use Google Chrome as my browser, with Flash disabled. Therefore, I assume I don’t need to do an update for Flash to overcome this exploit? appreciate advice on this. GeoffB

      Google Chrome auto updates the flash player – see my blog post below how to check the version.

      Adobe Flash Player version available

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author


      2 users thanked author for this post.
    • #196659

      Does Flash update KB4287903 is causing install issues in WSUS environments? I received two user comments between a few hours confirming this. Are you see a similar behavior?


      Flash-Update KB4287903: Install issues with WSUS

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author


      1 user thanked author for this post.
    • #196663

      Thanks, I’ve been asked to do a emergency deployment of the update to my customers Win7 estate. I was hoping for a peaceful Friday.

      Rgds, Zeus

    • #196669

      I said goodbye to Flash long time ago.

      Me, too, (& Java) and I’ve never noticed an issue.

      WHAT’s the lingering reason(s) to still be using Flash?

      W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

      1 user thanked author for this post.
      • #196671

        I have some old and much-loved animations and applications that use it. And it’s never given me any problems.

        1 user thanked author for this post.
      • #196764

        There are several applications within business environments, that depends on flash. I’m not sure, whether it’s changes, but VMware ESX vms are using Flash for admin login form.

        Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author


        2 users thanked author for this post.
    • #196673

      WHAT’s the lingering reason(s) to still be using Flash?

      There are still sites that haven’t transitioned away from Flash yet. I run into this with sites library patrons have to go to for pre-outside job training per their prospective employers on a regular enough basis. My favorite webgame, from Japan, is only now in the middle of transitioning from Flash to HTML5, after 5 years, although I use the Android port.

      1 user thanked author for this post.
    • #196675

      This morning WSUS has flash updates for window10, etc. Unlike other WSUS updates I always approve the flash updates and have not had any issues (knock wood).

      It’s really easy to push flash updates to windows 7 machine in AD through group policy. You’ll need the msi installer version.

      Just like everyone else I’d rather get rid of flash all together but for now it stays until I can devote more time to that.

      Red Ruffnsore

    • #196676

      Have Windows10 Pro x64 v1709
      I’m relatively new with Win 10, so if I wanted to manually download and install the Flash update from the catalogue link vs waiting for Patch Tuesday (which will probably be patch July!!!), how do I update from the catalogue??
      Step by Step specifics, please.

      • #196680

        The Flash Player update for Win10 1709, KB 4287903 dated 6/5/18. is available NOW through Windows Update. If you are not familiar with Catalog download/manual install, I would advise you to install the update through Windows Update.

        • #196691

          PK thx but will the update come down thru Windows 10 update if I have my update settings at Group #2, Semi-Annual, and Quality Features 14 days?

          • #196696

            Use wushowhid to see that it’s there and hide anything you don’t want to install first.

            I’m set at auto update = 2, SAC, and quality = 0. It shows in my Windows Update. I don’t believe that it is a quality update and it should show up. Just be sure with wushowhide you don’t get 1803.

            1 user thanked author for this post.
      • #196788

        SSUs are only needed for the cumulative updates.  Just download the patch from the catalog and install.  If you have quality set to defer for 14 days, going to “get updates” won’t trigger detection.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
        • #196856

          Susan thanks for the additional comments. However what are SSUs?  And as originally requested, please provide newbie step by step installation from the catalogue starting with what gets downloaded and where when I select the Download button, then how to install.


          • #196866

            Anonymous #196676-

            From what Susan says in her reply just above this one, all you need to do is download the patch and install it on an individual basis. The link to the patch’s spot in the catalog is here.

            Once you get there, go to the last one on the list (there are 19 different versions of this patch!!) and you’ll see the one for your version of Windows 10 listed, version 1709 x64. You DON’T want ANY OTHER ONE on the list that may say 64 in it’s title, ONLY the last one at the very bottom of the list.

            You’ll see a blue button on the right side of the row for your individual update that says”Download”. Clicking that will bring up a box that will have a blue-colored link to the exact file you need, and the file’s entire name will be the link itself, ending in “.msu”.

            Clicking that link should present you with two options: You can either run the .msu installer right then and there, OR you can download the file to a location of your choosing on your computer and run it later at a time of your choosing.

            If you choose to download it and run it later, all you need to do is simply double click the file and let it run when you’re ready. From the sounds of Susan’s post above, it doesn’t sound to me like running the patch will go get anything else you don’t want to have (like 1803 for example), it will just install the patch and that’s it.

            • #196884

              Thank you for the fine detail – seems easy enough.

              PK – is there a concern we are missing here?

              SSU = Servicing Stack Update???  (Not sure what this is)

            • #196889

              The Servicing Stack is the Windows Update mechanism. For 1709, the latest is KB 4131372 for Build 16299.431 or KB 4132650 for Build 16299.461. If you update through WU, it is automatically installed first before the Cumulative Update. If you are manually installing, it needs to be installed first.

              It should be available through Windows update or downloadable from the Catalog.
              Find the Build number of 1709 by typing “winver” (without quotes) in the search box.

    • #196724

      I just hope Adobe & Microsoft won’t release another new Flash Update this coming Patch Tuesday June 12.

    • #196839

      As pointed out WU only updates IE based browsers. You must manually update for Firefox based browsers or use their built in updaters.

      I am not losing any sleep over this one. If as it says it is distributed by dodgy email and as a flash attachment to Office documents I can relax as I don’t have Office and pretty sure LibreOffice would alert me to this unusual situation. Besides which it would never get through my spam filters (instantly deleted in Mailwasher before it got anywhere else.

      I do have one application (Telegraph crosswords) which uses flash with no alternative in sight but in general the use of flash online has decreased enormously in the past year.


    • #196861

      My apologies to go off-topic, but I have been unable to find out how to post an question on the proper forum, when clicking on the “comment…” link the response is, “there is nothing here”.  Can someone please tell me how to post my question?  Many thanks!

    • #196867

      Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

      2 users thanked author for this post.
    • #197809

      Well it is June 14 and still no sign of the Flash Update in my Windows Download que, guess Susan was correct – with Quality Features set to 14 days it wont detect the update (until 14 days I guess?).

      • #197821

        That is correct.

        If you have Auto Update set to Enabled, =2 (notify download/install) in Group Policy, you can set delay Quality Features = 0. The updates will show up in the queue but won’t download until you click the “Download” button. The computer will search when it starts up and the updates will be visible. (Don’t manually check for updates, that will automatically start the install) If you set metered connections, you can use wushowhide to hide the ones in the queue you don’t want and install the ones you do. There is a trick to that I mentioned here.

        • #197830

          OK, yes I do have GP setting at 2, so guess I could loosen up on the 14 days.

          Regarding wushowhide, say I have items hidden, when I select to unhide them or one item (because I want to install the KB) do they automatically download and install upon exiting wushowhide?  Or since GP is at 2, do they reappear in Windows update queue once again waiting for me to select download and install?

          PS not sure why these are not appearing as replies under the reply #

          • #197834

            To make a reply, click on the “Reply” button on the top line of the post you want to reply to across from the date. Be careful – the words are light and “spam” “trash” and “report” are there too.

            In my experience, when you check to unhide in wushowhide, the updates end up in the queue waiting for you to click “download.” I have not had one start downloading automatically. But just to be safe, leave connections on “Metered.”
            If they don’t disappear from the queue when you hide them, try the procedure I linked to above.

    Viewing 17 reply threads
    Reply To: Patch Lady – Flash update out on June 7th

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: