June 10, 2015

Adobe today released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws in Windows and associated software.

brokenwindowsThe bulk of the flaws Microsoft addressed today (23 of them) reside in the Internet Explorer Web browser. Microsoft also issued fixes for serious problems in Office, the Windows OS itself and Windows Media Player, among other components. A link to an index of the individual Microsoft updates released today is here.

As it normally does on Patch Tuesday, Adobe issued fixes for its Flash and AIR software, plugging a slew of dangerous flaws in both products. Flash continues to be one of the more complex programs to manage and update on a computer, mainly because its auto-update function tends to lag the actual patches by several days at least (your mileage may vary), and it’s difficult to know which version is the latest.

If you’re unsure whether your browser has Flash installed or what version it may be running, browse to this link. Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160. Adobe Flash Player installed with Google Chrome, as well as Internet Explorer onWindows 8.x, should automatically update to version 18.0.0.160, although Chrome users on Mac systems will find 18.0.0.161 is actually the latest version, according to Adobe. To force the installation of an available update, click the triple bar icon to the right of the address bar, select “About Google” Chrome, click the apply update button and restart the browser.

brokenflash-a

The most recent versions of Flash should be available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). See this graphic for the full Adobe version release.

Most applications bundled with Adobe AIR should check for updates on startup. If prompted, please download and install the AIR update. If you need to update manually, grab the latest version here.

As usual, please sound off in the comments section if you experience any issues applying any of these patches.


34 thoughts on “Adobe, Microsoft Issue Critical Security Fixes

    1. Rick

      My Windows Update went OK, but the OS-specific Flash download page is not working for me, as of 8 a.m. Pacific time. The .exe installer “couldn’t be downloaded.” Is it slow/broken for anybody else?

      1. Rick

        Later, I was able to use Firefox to download both of the .exe files and then run them, doing IE first as recommended. (Why didn’t I think of trying that sooner? Duh.) Both updates went fine. An easy workaround, in this case.

      2. Tim

        The manual download page seems to be one of the last things updated as I recall the same thing happening with the previous update. Their “automatic” download page was updated immediately when I got the notification, but it took a few hours for the manual page to update. Even after they updated the page to reflect that 18.0.0.160 was the current version, the download link didn’t work till maybe an hour later.

        Get on it Adobe!

      3. John Magnum

        Mine hasn’t worked the last 3 updates. I had to Google Adobe Flash Player Help and update from there.

      4. SeymourB

        I suspect that the “new” distribution page, the one that requires an Adobe-issued token in order to use, is being updated before the old distribution page as a way of dissuading people from using the old distribution page.

        This way some people will install whatever adware-of-the-week Adobe is bundling with their consumer installer. Adobe gets paid for spreading misery, you see.

  1. Bob Q

    There were several bad patches in last month’s batch, Brian. Have any of those been updated or eliminated? Or do the new patches replace those. I refer specifically to the one that hung many computers on “Step 3 of 3.” Are those same patches going to continue to pop up on Windows Update? Should I continue to ignore them? How to proceed?

    1. Terry D

      If you get stuck on “Step3 of 3” hit Control-Alt-Delete. Most of the time it will bring you to the login prompt where you can login.

  2. JimV

    There are three of the MS updates (KB3058515, KB3063858 and KB3068708) which simply won’t install on my Win7 Ultimate x64 desktop. All fail with an error code 80073712 — “unexpected failure” (really helpful, MS), which appears (from the limited information MS provides about that code) to indicate some sort of corruption in the installed updates database. I’ve downloaded the patch installation files to run directly, but no joy there either.

    The other patches in yesterday’s tranche installed okay, and subsequent MSE updates install properly but those 3 problem children won’t, and it actually began Monday evening when the KB3058515 patch was pushed out ahead of the others. I’ve checked the disk for errors, run System File Checker, successfully installed the KB947821 hotfix which supposedly resolves problems generating that error code (at 500+MB it ought to do something impressive), but they still fail to install.

    I put this aside in complete frustration yesterday evening, but will pursue it further today — after some more research, a next step will be to boot into Safe Mode and see if that will produce some different outcome.

    1. Andrew Rossetti

      Update KB3058515 fails for me on my work machine as well. The others installed fine. I’m seeing sporadic reports of this update failing, but nothing in the way of either an acknowledgement from Microsoft or a workaround.

      1. Andrew Rossetti

        Well, looks like the patch does install, but reports as failing on WU. I checked my About_Internet Explorer screen, and it did show update version 11.0.20 (KB3058515). No official word from Microsoft on this yet, however.

    2. timeless

      So, I haven’t played w/ the current round of updates, but I did have one class of update that would periodically fail (because I had locked down a registry key, and the update system considered writing to that key to be essential).

      MS has instructions for how to read the Windows Update logs [1], and I’ve generally been able to use Process Monitor [2] to figure out what’s going wrong with installers. The official starting point for updates failing is apparently “How to get support for Windows Update problems” [3]. And you can try to “Fix Microsoft Windows Update Issues” [4].

      Historically, if you had a valid license to MS Windows (or Office, depending on what kind of update is failing), and the fault is Microsoft, you could actually call a toll free number [5] and they’d figure it out — you gave a credit card number and if the fault was yours, you’d be out ~$50 [it’s per case, even if it takes days for them to solve], if the fault was theirs, they’d refund the charge. I’m not sure if that’s still applicable to Windows Update — I’ve used the service occasionally over the past two decades — as long as they didn’t have an officially documented answer for how to solve the problem, you’d be refunded, so if they found a workaround for me, I was only out the time involved in the phone call, not any money. I think it’s sort of mentioned in their lifecycle policy [6]. You can certainly call the toll free number and ask them if they’d cover it — they won’t charge you for the call, and they will explain what would/wouldn’t be covered (they’re really quite reasonable, and even if you do pay the $50, it’s probably worth it if it fixes your problem…).

      [1] https://support.microsoft.com/en-us/kb/902093
      [2] https://technet.microsoft.com/en-us/library/bb896645.aspx
      [3] http://windows.microsoft.com/en-ca/windows/get-support-windows-update-problems
      [4] https://support.microsoft.com/en-us/gp/windows-update-issues/en-us
      [5] https://support.microsoft.com/ContactUs/TechnicalSupport
      [6] https://support.microsoft.com/en-ca/gp/lifepolicy

      1. Bill

        Just wanted to mention that I called Microsoft on a failed update issue I was having recently. They remoted in and spent about three hours on it. In the end they told me it was my Kaspersky anti-virus causing the issue but they did not charge me a dime. Later that day I read on askwoody(dot)com that Microsoft re-released botched patches that day. Contacting support at MS got me out of spending any more time messing with a failed update that I suspected was a Microsoft issue to begin with. So yes, Microsoft does still help with failed updates.

        1. JCitizen

          That’s what I do too – I figure if they’re going to release updates without vetting them, they can pay someone to work on my machine at no cost to me. Maybe they’ll learn to be more thorough if they start going broke fixing bad updates.

    3. Bob

      Win 7 Ultimate with Office 2007. I did the malware scan patch first. Then I did each of the other patches one at a time, rebooting as requested. No failures. I’ll do the flash update tonight.

      1. Bob

        I forgot to mention that it’s the x64 version of Win 7 Ultimate.

  3. Eaglewerks

    I had no discernible problems with the updates from Microsoft or Adobe today. I did note that under the optional updates on MS I had an unexpected update rather than the expected in that category. I did install it also, but failed to note the knowledge base number associated with it.

  4. grayslady

    Last month my computer was caught in the dreaded “can’t configure” loop. Initially, I thought it was due to so many dot NET framework updates, but now I’m convinced it had to do with the cumbersome Malicious Software Removal Tool. Although MS lists the MSRT last, it is actually one of the first to run during updates. Today, I decided to update the MSRT separately, and it confirmed my suspicions. On a one-year old HP laptop, Windows 7 64-bit system, the update took 6 minutes to complete! It’s no wonder the other updates couldn’t install correctly. By running the MSRT separately, I had no problems with the updates today.

    On another update from last month, beware KB3050265. This update was listed as Important last month. It is now listed as Optional. The update will place a notice in the Task Bar reminding you to update to Windows 10. If you try to hide the notification, it reappears every time you restart your computer. I finally found MS instructions on how to remove the update (and then, of course, hide it). I now read through Bryan’s linked list of exactly what the updates cover before downloading anything anymore.

    1. arbee

      grayslady
      June 10, 2015 at 10:26 am :

      > beware KB3050265. This update was listed as Important last
      > month. It is now listed as Optional. The update will place a
      > notice in the Task Bar reminding you to update to Windows 10.

      Nope; the update you cite is unrelated to the Get W-10 issue.

      Mid-May 2015, KB3035583 a Recommended Update for Windows 7 x64-based Systems innocently showed up. It’s the miscreant.

      KB3035583 installs, amongst other dreck, GWX dot exe. This enables you to be the First One On Your Block to migrate from W-7 or W-8 to W-10. Up to you to decide whether or not you want to stroll down this path.

      Once KB3035583 installs, you can temporarily suppress the taskbar notification. The only way to permanently remove it (and GWX dot exe) is to uninstall the update, which is no big deal.

    2. Stephen

      Besides Brian’s site, you should also check out the folks at WindowsSecrets – http://windowssecrets.com/

      They publish all sorts of helpful items. If you make a donation (like $10) you’ll also get their ‘paid’ information for a year (do it again a year later, and you get another year). One item in their paid section is an story on that month’s patch Tuesday releases and a chart showing which ones should be installed, waited-on, or skipped.
      This week’s issue has the article entitled “No summer break from MS Office updates.”

      I am just one of their happy contributors, nothing more.

  5. IA Eng

    in reference to 80073712

    A few MS Links that might provide a fix without any major work :
    http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/how-to-fix-error-code-80073712-windows-component/29102eca-67ff-4724-837a-74289ec37498

    http://support.microsoft.com/kb/957310

    Many months ago, I had issues with something that was corrupt, preventing windows from updating. I tried making the BITS and Windows Update services were stopped and set to start automatically, and that didn’t help much.

    I ended up doing a refresh which did correct the issue.

    I had to re-install a lot of software that I had loaded, so beware. Ensure you understand the risk of refreshing a PC. If you do decide to go down that path, ensure you have all of your product keys, login information to obtain any software downloads you may require to get your system back to where it was before the issue.

    I seen a neat article that shows LOG information about the issue here.

    Note, that this is NOT a MS website and proceed with caution. The poster’s problem may not be exactly the same as yours. I thought the log compilation was pretty interesting.

    http://www.sevenforums.com/windows-updates-activation/331522-update-error-code-80073712-a-2.html?s=70de2b002fada0c2a73e69de57e2f711

    1. JimV

      MANY thanks for the reference to SevenForums, which has been a truly helpful resource in successfully resolving those three recalcitrant updates. The active assistance in the process that was provided by the principal forum moderator may have taken a few days while he had me run an arcane MS tool (Windows System Update Readiness Tool) and post the resulting logs for review, but it produced spot-on target advice and system folder patches (I won’t demean them by calling them “hacks”) to get the specific corrupted elements identified and repaired.

      I cannot recommend that particular resource for Windows 7 or 8 (and also 10) problem resolution strongly enough!

  6. Section 215 Patriot Act

    I had 28 updates for Windows 8.1. including the ones for Office and Flash. I think some may be the ongoing updates for the reserve of Windows 10.

  7. John brown

    We had about 4 machines failed today when MS updates have loaded – on win 7 win8.1 and early win10 all 64Bit – cannot tell if it is supplier specific but look like it relates to EFUI
    18:00 UK 10 June 2015

    1. Likes2LOL

      Hi John,

      You wrote: “We had about 4 machines failed today when MS updates have loaded…”

      Bob Q wrote: “There were several bad patches in last month’s batch…”

      My advice is to hold off updating for a few days, until the rest of the world finishes doing Microsoft’s incomplete beta testing of the patches. 😉

  8. JCitizen

    I was surprised when I saw the “plug-in” isn’t exactly necessary now. They put the NPAPI version that leads me to believe it works for Chrome and Firefox. However – now I have three flash files to update instead of the old way when it was just Active X and Plug-in. Now I have one Active X for Internet Explorer and two NPAPI files for Chrome and Firefox, “I assume’, or perhaps Comodo Dragon needs it, as it isn’t exactly a Chrome clone. At least I think Dragon uses a different engine.

    1. timeless

      https://www.chromium.org/developers/npapi-deprecation

      By now, Chrome doesn’t support NPAPI by default. For a while now, Chrome has been using Pepper instead for Flash, but more relevant to updates, Chrome has bundled Flash, so you just get an updated Chrome with the updated Flash (when Google/Adobe are ready to ship an updated Pepper plugin).

  9. coakl

    I uninstalled Flash a month ago, and haven’t needed it. Youtube defaults to HTML5 video. The only major site that I used to use, and that still requires Flash, was Major League baseball streaming.

    Several of the major adult streaming sites will also default to HTML5 if Flash is not installed at all. If you have Flash installed but disabled in the browser, the site will ask you to enable Flash. But if you have no Flash at all, they will offer HTML5. Steve Jobs’ anti-Flash campaign via the iPad, forced everyone to either offer HTML5 as a fallback or lose the traffic. You may have to enable javascript for a third-party content delivery network CDN site for the HTML5 to show.

    1. CooloutAC

      word, so I guess that evil sob was actually good for something lol.

  10. roger grimes

    I have not been able to update flash player I download it and install it but when I go back on facebook or other sites it still wants me to upgrade it

    1. Anonymous

      Try completely removing Flash (and Java) from your system. Use Google Chrome as this has Flash built into it and will automatically update without you ever having to worry.

      1. SeymourB

        As an added bonus, Chrome comes free with its own botnet.

  11. CooloutAC

    I forgot i was using firefox and got worried, but apparenlty I don’t even have flash installed on this windows install. So screw it then, i’ll install it when I need it lol. I haven’t even noticed it missing….

Comments are closed.