News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Today’s the day – Flash EOL has arrived

    Posted on December 30th, 2020 at 18:02 Kirsty Comment on the AskWoody Lounge

    Today’s the day – Flash EOL has arrived

    Back in 2017, Adobe announced it was “planning to end-of-life Flash”. Yes, this has been posted about before… Well, the time has now come. Pop-ups have been seen in those machines still using it, for a bit now.

    If you have questions about what happens next, Adobe has a page full of questions and answers here.

    If you’re looking for articles on how to uninstall, check out Martin Brinkmann’s ghacks post.

    (and yes, only half the world is having New Year’s Eve already – Happy New Year to all)

  • About that Flash-zapping patch, KB 4577586? One leeetle problem. It doesn’t remove Flash.

    Posted on October 27th, 2020 at 21:08 woody Comment on the AskWoody Lounge

    Earlier today Microsoft released KB 4577586, the “Update for the removal of Adobe Flash Player: October 27, 2020.” As Susan notes in the entry below, it’s only available if you manually download and install it from the Microsoft Catalog.

    Now comes word from Lawrence Abrams at BleepingComputer that the patch doesn’t do anything of the sort:

    In our tests, though, Adobe Flash Player remained installed after installing the update… When we checked the Adobe Flash Player component in Microsoft Edge, it was still installed after installing the update.

    Let’s hear it for Microsoft’s testers – the unpaid ones, at least.

     

  • Out of band update for Adobe Flash Player Nov. 19, 2018

    Posted on November 20th, 2018 at 13:58 PKCano Comment on the AskWoody Lounge

    Adobe Security Bulletin APSB18-44, dated November 20, 2018 is rated Priority 1.
    Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

    Microsoft has issued an out-of-band patch for Flash Player on Nov. 20th. KB 4477029, 2018-11 Security Update for Adobe Flash Player Windows 8.1 and Windows 10 based systems, is available through Windows Update and the MS Catalog.

    For those using Windows 7, Vista, and XP,  MacOS X, or Linux, Flash Player version 31.0.0.153 can be downloaded from Adobe.com.

    Thx  @Lars220

  • How to remove the built-in version of Flash in Win10 and 8.1

    Posted on September 14th, 2018 at 12:13 woody Comment on the AskWoody Lounge

    An interesting contribution from @ch100:

    Warning!!! Only for advanced users and for those accepting a certain degree of risk if they don’t understand the procedure and don’t follow correctly.

    Optional first step

    Disable Adobe Flash in Internet Explorer and Edge. This is not mandatory, but would make the clean procedure below even cleaner, although it has only cosmetic relevance.

    Main procedure

    Step 1. Log into Windows with an administrator account

    Step 2. Verify your version of the Flash components.

    Under C:\Windows\servicing\Packages, check for

    Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-WOW64-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~<version number>

    The version number for Adobe Flash packages on Windows 10 1803 is 10.0.17134.1. It’s different on other versions of Windows 10.

    There are additional packages referring to Language Packs installed on the system, but we are not concerned with them now, as they will be removed at the same time with the main packages.

    Do nothing with those language packages (e.g. those flagged as en-us or other variations), but monitor for them to disappear from the folder when the uninstall is complete.

    The screenshots below are from Windows 10 1803, but the procedure is relevant for all Windows 10 (and for Windows 8.1, although not tested).

    Step 3. Type regedit in the search box and start the Registry Editor.

    Step 4. Give your machine full control over the requisite keys.

    Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

    Right click on each of:

    Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~<version number>

    Adobe-Flash-For-Windows-WOW64-Package~31bf3856ad364e35~amd64~~<version number>

    For each of those keys:

    4a. Right-click on the key name and choose Permissions. Give Administrators Full Control (screenshot) and click OK.

    4b. Back in the main Regedit screen, on the right, change the Visibility value from 2 to 1.

    4c. Still on the main Regedit screen, delete the subkey call Owners.

    See the before and after shots for Steps 4b and 4c.

    Before

    After

    Step 5. Open a command prompt, Run As Administrator

    dism /online /remove-package /packagename:Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.17134.1

    dism /online /remove-package /packagename:Adobe-Flash-For-Windows-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1

    dism /online /remove-package /packagename:Adobe-Flash-For-Windows-onecoreuap-Package~31bf3856ad364e35~amd64~~10.0.17134.1

    Step 6. You’re done. No more Adobe Flash in registry and under the Packages folder. Everything is also gone from:

    C:\Windows\System32\Macromed

    C:\Windows\SysWOW64\Macromed

    All that’s left is any copy of Adobe Flash that you’ve installed manually, most frequently as a plugin for Firefox. Manually installed Adobe Flash can be uninstalled as per normal procedure, from Programs and Features.

  • Patch Lady – Flash update out on June 7th

    Posted on June 7th, 2018 at 14:39 Susan Bradley Comment on the AskWoody Lounge

    Be aware that today a Flash update has been released.  For those of you on Windows 7 you will need to either look to a prompt or go to the Adobe flash page for your update.  For those on 10, and 8.1 you get your update from Microsoft.

    https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player

    Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.

    Generally speaking it’s wise to ensure these flash updates are installed as soon as possible.  Kirsty’s got the links for you here:

     

  • Adobe Flash patch KB 4074595 pushed out the Windows Update chute

    Posted on February 8th, 2018 at 00:58 woody Comment on the AskWoody Lounge

    Doncha just love Flash?

    A few hours ago, Microsoft pushed the first round of February 2018 patches. The KB 4074595 patch fixes two security holes in Adobe Flash Player, CVE-2018-4877 and CVE-2018-4878.

    Microsoft has a few details in Security Advisory ADV180004.

    Adobe’s Security Bulletin APSB18-03 says:

    Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users.  These attacks leverage Office documents with embedded malicious Flash content distributed via email.

    Adobe goes on to say it’s a remote code execution hole. Critical Priority 1. Impacts 28.0.0.137 and earlier versions (February 6, 2018). New version is 28.0.0.161.

    Adobe’s version checker is here.

    Microsoft’s patches are for Windows 8.1 and Win10, all versions. All of those versions need to have Internet Explorer (and, in the case of Win10, Edge) fixed to plug the holes in the embedded versions of Flash.

    Adobe’s patches cover everything other than IE 11 and Edge. Chrome is fixed automatically, by default, when you re-start Chrome.

    Liam Tung at ZDNet reports:

    Researchers at Cisco Talos said hackers known as Group 123 were using the zero-day Flash flaw and Excel sheets to deliver the ROKRAT remote-administration tool.

    Cisco researchers found Group 123’s Excel sheets contained an ActiveX object that was a malicious Flash file that downloaded ROKRAT from a compromised web server. Notably, it was the first time this group has been seen using a zero-day exploit, suggesting the targets were carefully selected and high value.

    FireEye, which calls Group 123 TEMP.Reaper, said it had observed the group interacting with their command-and-control infrastructure from North Korean IP addresses. Most of the group’s targets were South Korean government, military and defense industry organizations, it said.

    If you haven’t yet disabled Flash, now would be a very good time to do so. Chris Hoffman at How-to-Geek has detailed instructions. If you absolutely have to have Flash, restrict it to one browser — I use Chrome to do the dirty deed — and only use it manually, under duress.

    If you can’t or won’t throttle Flash, get the update applied. Yet another Patch Wednesday.

    Thx CAR, Günter Born.

  • Recently updated topics you may have missed

    Posted on October 19th, 2017 at 02:09 Kirsty Comment on the AskWoody Lounge

    It’s possible you may have missed recent security updates that have been made to Chrome, Firefox, Thunderbird, Java and Flash Player. The following topics have now been updated with the US-Cert alerts, with links:

    Chrome Security Update: US-CERT (Browser)

    Mozilla Security Update: US-CERT (Firefox)

    Mozilla Security Update: US-CERT (Thunderbird)

    Oracle Security Update: US-CERT (Java etc)

    1000002: Links to Flash update resources

    Subscribers to those topics should have received emails with details of the new posts. However, we have had some reports that some people are currently not receiving those emails. If your subscription emails aren’t working, please let us know.

     
    Also updated recently is AKB3000005: On the subject of Botnets, which was posted last month, but promptly disappeared in a backup-reset of the site.

  • Adobe Flash player security update is out

    Posted on October 16th, 2017 at 14:38 woody Comment on the AskWoody Lounge

    A week late, but what the heck. APSB17-32.

    Details on the Adobe site.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×