![]() |
MS-DEFCON 4:
There are isolated problems with current patches, but they are well-known and documented on this site.
|
-
Patch Lady – Flash update out on June 7th
Home › Forums › AskWoody blog › Patch Lady – Flash update out on June 7th
Tagged: Flash, Patch Lady Posts, Zero Day
This topic contains 50 replies, has 20 voices, and was last updated by
PKCano 1 year, 5 months ago.
-
AuthorPosts
-
Be aware that today a Flash update has been released. For those of you on Windows 7 you will need to either look to a prompt or go to the Adobe flash
[See the full post at: Patch Lady – Flash update out on June 7th]Susan Bradley Patch Lady
11 users thanked author for this post.
-
From Bleeping Computer author Catalin Cimpanu:
‘Adobe has issued a security update for Flash Player today to patch a zero-day vulnerability exploited by attackers in the wild.
The vulnerability was discovered and independently reported by several security firms —ICEBRG, Tencent, and two security divisions from Chinese cyber-security giant Qihoo 360.
The vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 29.0.0.171 and earlier versions. It was fixed with the release of Flash Player 30.0.0.113’
More information here:
https://www.bleepingcomputer.com/news/security/adobe-patches-flash-zero-day/For W8.1 and W10 it looks like a June Patch Tuesday fix.
********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********
-
Brian Krebs also has a report.
I wonder if it’s out in time to make this month’s security patches for Windows and/or Office?
1 user thanked author for this post.
-
Unless MS distribute an out-of-band patch for those on W8.1 or W10, I’d advise to disable flash completely until patch Tuesday since this is a zero day exploit. Better safe than Sorry!
Who uses flash these days, HTML5 is the way forward.
********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********
-
I just received the flash update on my Win8.1 through WU.
1 user thanked author for this post.
-
Thanks, That’ll be one less patch on Tuesday then 🙂
********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********
-
-
-
-
Thanks for the heads-up. Personally, I always download Adobe updates direct from their website. It’s a habit I got into years ago, when they started using the prompts to sneak Chrome and Mcafee onto unsuspecting P.C.’s without the owner’s express consent. Nothing wrong with Chrome, but I want to be the one to decide whether to install it on my computer – not Adobe.
2 users thanked author for this post.
-
@TheSurfingPensioner hehe – I remember when Adobe flash would sneak (uh I mean offer) Google Chrome too. Currently the 2 optional offers (checked) when manually updating flash is McAfee Security Scan Plus and McAfee Safe Connect. Yes thx @pkcano, I got Adobe flash on Win 8.1 via Windows Update today too.
-
The last couple of times I updated Flash, I noticed they had removed the pre-set checks in the boxes for the optional offers. Someone must’ve complained. It nearly threw me: I am so used to unchecking the boxes, I didn’t quite know what to do!
-
-
-
Susan Bradley wrote:
For those on 10, and 8.1 you get your update from Microsoft.
As far as I know, that only works if you use IE or Edge exclusively. If you use Firefox, Chrome, or any other non-MS browser, you have to get your update through Adobe as in Windows 7 (or better yet, uninstall Flash and don’t use it at all, if you don’t have some specific need for it).
Group "L" (KDE Neon User Edition 5.17.4).
1 user thanked author for this post.
-
anonymousAdobe sneaking Chrome onto systems must have been a while ago because Chrome blocks Flash.
I use Chrome and there is no Flash player installed on my systems. I won’t use websites that ask for flash to be installed.
-
Yep, it was a while ago. I go back a long way.
-
I just checked. It was 2012.
-
According to Krebs, Flash “ships by default with Google Chrome”.
-
Actually, it’s PepperFlash that ships with Google, it’s not written by or provided by Adobe Flash. PepperFlash is maintained by Google, and runs in a sandbox, so it’s relatively safer. I haven’t seen warnings about upgrading Pepperflash, though my Linux Chrome updates often, so perhaps that’s how they handle it.
-
anonymouspepflashplayer.dll is still digitally signed by Adobe, so it must be an agreement at most between Google and Adobe
-
-
-
-
anonymousI said goodbye to Flash long time ago.
-
I am Win 7 x64 and use Google Chrome as my browser, with Flash disabled. Therefore, I assume I don’t need to do an update for Flash to overcome this exploit?
appreciate advice on this.
GeoffB
-
anonymousCheck your installed programs and if you have Adobe Flash installed you should update it or as said better still uninstall the program.
-
-
I am Win 7 x64 and use Google Chrome as my browser, with Flash disabled. Therefore, I assume I don’t need to do an update for Flash to overcome this exploit? appreciate advice on this. GeoffB
Google Chrome auto updates the flash player – see my blog post below how to check the version.
Adobe Flash Player version 30.0.0.113 available
Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
-
Google Chrome auto updates the flash player – see my blog post below how to check the version. Adobe Flash Player version 30.0.0.113 available
Thanks for the advice. Chrome has auto updated the Flash Player to 30.0.0.113 for me.
regards
GeoffB
-
-
Does Flash update KB4287903 is causing install issues in WSUS environments? I received two user comments between a few hours confirming this. Are you see a similar behavior?
Flash-Update KB4287903: Install issues with WSUS
Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
1 user thanked author for this post.
-
No issues at all.
-
anonymousInstall problems for Windows 10 1607 clients can be solved by
installing the Service Stack Update KB4132216 – before installing
the Flash Player update KB4287903.Gordon7.
-
1607 is no longer supported unless you are Enterprise or Edu. Thus flash won’t be pushed out if you don’t have that license.
Susan Bradley Patch Lady
-
-
Thanks, I’ve been asked to do a emergency deployment of the update to my customers Win7 estate. I was hoping for a peaceful Friday.
Rgds, Zeus
-
I said goodbye to Flash long time ago.
Me, too, (& Java) and I’ve never noticed an issue.
WHAT’s the lingering reason(s) to still be using Flash?
W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN
1 user thanked author for this post.
-
I have some old and much-loved animations and applications that use it. And it’s never given me any problems.
1 user thanked author for this post.
-
There are several applications within business environments, that depends on flash. I’m not sure, whether it’s changes, but VMware ESX vms are using Flash for admin login form.
Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
2 users thanked author for this post.
-
-
WHAT’s the lingering reason(s) to still be using Flash?
There are still sites that haven’t transitioned away from Flash yet. I run into this with sites library patrons have to go to for pre-outside job training per their prospective employers on a regular enough basis. My favorite webgame, from Japan, is only now in the middle of transitioning from Flash to HTML5, after 5 years, although I use the Android port.
1 user thanked author for this post.
-
This morning WSUS has flash updates for window10, etc. Unlike other WSUS updates I always approve the flash updates and have not had any issues (knock wood).
It’s really easy to push flash updates to windows 7 machine in AD through group policy. You’ll need the msi installer version.
Just like everyone else I’d rather get rid of flash all together but for now it stays until I can devote more time to that.
Red Ruffnsore reporting from the front lines.
-
anonymousHave Windows10 Pro x64 v1709
I’m relatively new with Win 10, so if I wanted to manually download and install the Flash update from the catalogue link vs waiting for Patch Tuesday (which will probably be patch July!!!), how do I update from the catalogue??
Step by Step specifics, please.
Thx-
The Flash Player update for Win10 1709, KB 4287903 dated 6/5/18. is available NOW through Windows Update. If you are not familiar with Catalog download/manual install, I would advise you to install the update through Windows Update.
-
anonymousPK thx but will the update come down thru Windows 10 update if I have my update settings at Group #2, Semi-Annual, and Quality Features 14 days?
-
Use wushowhid to see that it’s there and hide anything you don’t want to install first.
I’m set at auto update = 2, SAC, and quality = 0. It shows in my Windows Update. I don’t believe that it is a quality update and it should show up. Just be sure with wushowhide you don’t get 1803.
1 user thanked author for this post.
-
-
-
SSUs are only needed for the cumulative updates. Just download the patch from the catalog and install. If you have quality set to defer for 14 days, going to “get updates” won’t trigger detection.
Susan Bradley Patch Lady
1 user thanked author for this post.
-
anonymousSusan thanks for the additional comments. However what are SSUs? And as originally requested, please provide newbie step by step installation from the catalogue starting with what gets downloaded and where when I select the Download button, then how to install.
Thx
-
anonymousAnonymous #196676-
From what Susan says in her reply just above this one, all you need to do is download the patch and install it on an individual basis. The link to the patch’s spot in the catalog is here.
Once you get there, go to the last one on the list (there are 19 different versions of this patch!!) and you’ll see the one for your version of Windows 10 listed, version 1709 x64. You DON’T want ANY OTHER ONE on the list that may say 64 in it’s title, ONLY the last one at the very bottom of the list.
You’ll see a blue button on the right side of the row for your individual update that says”Download”. Clicking that will bring up a box that will have a blue-colored link to the exact file you need, and the file’s entire name will be the link itself, ending in “.msu”.
Clicking that link should present you with two options: You can either run the .msu installer right then and there, OR you can download the file to a location of your choosing on your computer and run it later at a time of your choosing.
If you choose to download it and run it later, all you need to do is simply double click the file and let it run when you’re ready. From the sounds of Susan’s post above, it doesn’t sound to me like running the patch will go get anything else you don’t want to have (like 1803 for example), it will just install the patch and that’s it.
-
anonymousThank you for the fine detail – seems easy enough.
PK – is there a concern we are missing here?
SSU = Servicing Stack Update??? (Not sure what this is)
-
The Servicing Stack is the Windows Update mechanism. For 1709, the latest is KB 4131372 for Build 16299.431 or KB 4132650 for Build 16299.461. If you update through WU, it is automatically installed first before the Cumulative Update. If you are manually installing, it needs to be installed first.
It should be available through Windows update or downloadable from the Catalog.
Find the Build number of 1709 by typing “winver” (without quotes) in the search box.
-
-
-
-
-
I just hope Adobe & Microsoft won’t release another new Flash Update this coming Patch Tuesday June 12.
-
anonymousWhat is the concern if they do?
-
-
As pointed out WU only updates IE based browsers. You must manually update for Firefox based browsers or use their built in updaters.
I am not losing any sleep over this one. If as it says it is distributed by dodgy email and as a flash attachment to Office documents I can relax as I don’t have Office and pretty sure LibreOffice would alert me to this unusual situation. Besides which it would never get through my spam filters (instantly deleted in Mailwasher before it got anywhere else.
I do have one application (Telegraph crosswords) which uses flash with no alternative in sight but in general the use of flash online has decreased enormously in the past year.
-
My apologies to go off-topic, but I have been unable to find out how to post an question on the proper forum, when clicking on the “comment…” link the response is, “there is nothing here”. Can someone please tell me how to post my question? Many thanks!
Windows 7 HP and Linux Mint Mate 19.2
-
In which topic are you trying to post?
On the main blog page, clicking on the “Comment on the AskWoody Lounge” link will take you to the right place for comments on that topic.1 user thanked author for this post.
-
Is this the post you were trying to make? The topic is Windows 7 Update, Location in the Lounge Windows\Windows 7\Questions Windows 7.
-
-
Flash is blocked in Office 365 Monthly Channel from this month:
Blocking Flash, Shockwave, Silverlight controls from activating in Office Applications for Security
Windows 10 Version 1909 (Group ASAP)
2 users thanked author for this post.
-
anonymousWell it is June 14 and still no sign of the Flash Update in my Windows Download que, guess Susan was correct – with Quality Features set to 14 days it wont detect the update (until 14 days I guess?).
-
That is correct.
If you have Auto Update set to Enabled, =2 (notify download/install) in Group Policy, you can set delay Quality Features = 0. The updates will show up in the queue but won’t download until you click the “Download” button. The computer will search when it starts up and the updates will be visible. (Don’t manually check for updates, that will automatically start the install) If you set metered connections, you can use wushowhide to hide the ones in the queue you don’t want and install the ones you do. There is a trick to that I mentioned here.
-
anonymousOK, yes I do have GP setting at 2, so guess I could loosen up on the 14 days.
Regarding wushowhide, say I have items hidden, when I select to unhide them or one item (because I want to install the KB) do they automatically download and install upon exiting wushowhide? Or since GP is at 2, do they reappear in Windows update queue once again waiting for me to select download and install?
PS not sure why these are not appearing as replies under the reply #
-
To make a reply, click on the “Reply” button on the top line of the post you want to reply to across from the date. Be careful – the words are light and “spam” “trash” and “report” are there too.
In my experience, when you check to unhide in wushowhide, the updates end up in the queue waiting for you to click “download.” I have not had one start downloading automatically. But just to be safe, leave connections on “Metered.”
If they don’t disappear from the queue when you hide them, try the procedure I linked to above.
-
-
-
-
AuthorPosts
-
-
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
TJ on Microsoft to start pushing Win10 1809 customers onto 1909
6 minutes agoAlex5723 on 2000014: Ongoing List of Apple Operating System Updates
37 minutes agoAlex5723 on Windows 10 “refresh”
1 hour, 23 minutes agoAlex5723 on New Windows 10 HP Notebook
1 hour, 35 minutes agoFred on Chase bank is at it again with useragent sniffing
2 hours, 6 minutes agofrankus333 on MS-DEFCON 4: Time to get the November patches installed
2 hours, 7 minutes agoPaul T on Can one start Excel 2019 from the command line (cmd.exe)?
2 hours, 12 minutes agoanonymous on Microsoft to start pushing Win10 1809 customers onto 1909
2 hours, 19 minutes agoanonymous on New Windows 10 HP Notebook
2 hours, 20 minutes agoPaul T on How does Windows Update work?
2 hours, 23 minutes agoPaul T on Review on Amazon Echo Buds
2 hours, 31 minutes agoAlex5723 on What if I delete Internet Explorer?
2 hours, 44 minutes agoKirsty on How To See My Posts
3 hours, 9 minutes agoKirsty on How to set avatar?
3 hours, 10 minutes agoPaul T on Windows 10 “refresh”
3 hours, 22 minutes agoanonymous on Original Surface Books with Swollen Batteries, a Cautionary Story
3 hours, 23 minutes agoibe98765 on How To See My Posts
3 hours, 23 minutes agoibe98765 on How to delete Edge Cookies?
3 hours, 30 minutes agoPaul T on How To See My Posts
3 hours, 37 minutes agoibe98765 on How To See My Posts
3 hours, 40 minutes agoibe98765 on What does 'THANKS SAVED' mean?
3 hours, 48 minutes agoanonymous on Windows 10 “refresh”
3 hours, 52 minutes agoibe98765 on Chase bank is at it again with useragent sniffing
3 hours, 56 minutes agoAscaris on Comparing video streaming results: Waterfox, Chromium; Windows, Linux
4 hours, 4 minutes agoNathan Parker on Kindle Fire 8 as a Backup eBook Reader
4 hours, 54 minutes agoNathan Parker on MacBook Pro Popping Sound Returns in 16” MacBook Pro
5 hours, 2 minutes agob on MS-DEFCON 4: Time to get the November patches installed
5 hours, 5 minutes agoanonymous on Question about Trusted Installer?
5 hours, 16 minutes agoDriftyDonN on MS-DEFCON 4: Time to get the November patches installed
6 hours, 5 minutes agob on Microsoft refuses to clarify policy on replacement Surface Pro 4’s
6 hours, 48 minutes ago
Recent Topics
-
Plex Launched free streaming service in 220 countries
1 hour, 6 minutes ago
-
How to set avatar?
3 hours, 11 minutes ago
-
Review on Amazon Echo Buds
2 hours, 31 minutes ago
-
Apple TV+ Dolby Vision HDR Streams Failing
8 hours, 4 minutes ago
-
Chase bank is at it again with useragent sniffing
2 hours, 6 minutes ago
-
How does Windows Update work?
2 hours, 24 minutes ago
-
Windows 10 Insider Preview build 19037 (20H1) released to FAST & SLOW rings
12 hours, 39 minutes ago
-
What if I delete Internet Explorer?
2 hours, 44 minutes ago
-
Microsoft refuses to clarify policy on replacement Surface Pro 4’s
6 hours, 48 minutes ago
-
Windows update strange behaviour
15 hours, 35 minutes ago
-
Question about Trusted Installer?
5 hours, 16 minutes ago
-
Intel Display Driver Issue With Recent Updates
16 hours, 12 minutes ago
-
Cimpanu: Most significant security events of the 2010s
20 hours, 9 minutes ago
-
Microsoft to start pushing Win10 1809 customers onto 1909
7 minutes ago
-
Error 80073701 – No updates since September
21 hours, 13 minutes ago
-
Security monthly quality rollup kb4525235 failing to install
17 hours, 27 minutes ago
-
Win10 1903 Pro problem – Defer updates period too long
18 hours, 22 minutes ago
-
Windows 10 “refresh”
1 hour, 24 minutes ago
-
MacBook Pro Popping Sound Returns in 16” MacBook Pro
5 hours, 2 minutes ago
-
Apple Clips App Offers Support for Memoji
1 day, 8 hours ago
-
Can one start Excel 2019 from the command line (cmd.exe)?
2 hours, 13 minutes ago
-
Updates cause System Failure and Automatic Restart
10 hours, 49 minutes ago
-
Original Surface Books with Swollen Batteries, a Cautionary Story
3 hours, 24 minutes ago
-
AirPlay 2 cracked
8 hours, 9 minutes ago
-
Windows and Firefox
1 day, 10 hours ago
-
windows search
1 day, 10 hours ago
-
Windows 10 is now official a joke
1 day, 10 hours ago
-
Microsoft 365 Life – your opportunity to rent an Office 365 superset
1 day, 10 hours ago
-
Fill and Sign – Adobe Acrobat Reader
7 hours, 52 minutes ago
-
New Windows 10 HP Notebook
1 hour, 36 minutes ago
Search for Topics
Recent blog posts
- Microsoft refuses to clarify policy on replacement Surface Pro 4’s
- Cimpanu: Most significant security events of the 2010s
- Microsoft to start pushing Win10 1809 customers onto 1909
- Original Surface Books with Swollen Batteries, a Cautionary Story
- Microsoft 365 Life – your opportunity to rent an Office 365 superset
- MS-DEFCON 4: Time to get the November patches installed
- Patch Lady – watch out for banner ad scams
- Born: Reported profile problems with the newly updated Firefox
Copyright © 2019 AskWoody LLC. All rights reserved.