11
Jan 17

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software.

brokenwindowsMicrosoft’s batch includes updates for Windows, Office and Microsoft Edge (Redmond’s replacement for Internet Explorer). Also interesting is that January 2017 is the last month Microsoft plans to publish individual bulletins for each patch. From now on, some of the data points currently in the individual updates will be lumped into a “Security Updates Guide” published with each Patch Tuesday.

This change mirrors a shift in the way Microsoft is deploying updates. Last year Microsoft stopped making individual security updates available for home users, giving those users instead a single monthly security rollup that includes all available security updates.

Windows users and anyone else with Flash installed will need to make sure that Adobe Flash Player is updated (or suitably bludgeoned, more on that in a bit). Adobe’s Flash update addresses 13 flaws in the widely-installed browser plugin. The patch brings Flash to v. 24.0.0.194 for Windows, Mac and Linux users alike.

If you have Flash installed, you should update, hobble or remove Flash as soon as possible. To see which version of Flash your browser may have installed, check out this page. But the smartest option is probably to ditch the program once and for all and significantly increase the security of your system in the process. An extremely powerful and buggy program that binds itself to the browser, Flash is a favorite target of attackers and malware. For some ideas about how to hobble or do without Flash (as well as slightly less radical solutions) check out A Month Without Adobe Flash Player.

brokenflash-aIf you choose to keep and update Flash, please do it today. The most recent versions of Flash should be available from the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

Chrome and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates in and/or restart the browser to get the latest Flash version). My version of Chrome says it’s the latest one (55.0.2883.87) but the Chrome Releases blog says the latest stable version — 55.0.2883.105 includes the Flash fixes (among other security fixes for Chrome), which isn’t yet being offered. Adobe’s Web site tells me my Flash version is 24.0.0.186 (not the latest).

When in doubt with Chrome, click the vertical three dot icon to the right of the URL bar, select “Help,” then “About Chrome”: If there is an update available, Chrome should install it then. In either case, be sure to restart the browser after installing an update (if it doesn’t do that for you).

As ever, if you experience any issues applying these updates, please don’t hesitate to leave a note about the issue in the comments below. You might help someone else who’s having the same problem!

Tags: , , ,

47 comments

  1. Brian,

    The Chrome version you see on the Chrome Release blog is for Chrome OS. .87 is the current release as of this writing for the browser.

  2. IRS iTUNE cards (real)

    No security roll ups for Windows 8/8.1.

  3. columbus_via LA

    “As ever, if you experience any issues applying these updates, please don’t hesitate to leave a note about the issue in the comments…”

    As ever, I will wait 3-5 days until I am confident that the MS updates are bug-free. Being badly burned once by updating immediately was more than enough. From that point (several years ago) onward, automatic updates have been disabled on all my computers.

    However, I typically update Flash (I use Foxit, not Adobe, for pdf reading, creation and editing) right away. So far, so good with that. Shout-out to Brian for always issuing timely update emails.

    • Better than turning off Updates, in Windows Pro versions, specify exactly when they will occur:
      Open “Local Group Policy Editor” by running gpedit.msc (Not available in 7 and 8 Home versions)
      Go to the following policy path:
      Computer Configuration / Administrative Templates / Windows Components / Windows Update
      Use the Configure Automatic Updates policy:
      • Enable the policy
      • Use option #4 – Auto download and schedule the install
      • Deselect “Install during automatic maintenance”
      • Set a day, e.g., “2 – Every Monday” for the scheduled install day
      • Set a time, e.g., “23:00” for the scheduled install time
      Most versions also have a policy in that path to automatically reboot after the updates are installed.

      • Thanks, Pete. From long habit and experience, I simply check “never update” and look for them myself every few days. With the carefully-chosen layers of security on my machines, this system works just fine for me.

    • The 24.0.0.194 will not take. Failure Code: 0x80070490
      Adobe. If you make something for the next shuttle the shuttle with all hands will explode on the launch pad during it’s first and final take off without a thought from you all.

      0x80070490[2017-01-12-T-08_42­13P]
      Well I used the most Current Update Trouble Shooter, and it fixed that update code mentioned above, and three other issues which it continues to fix since I first started using WUTrobleShooter. 2 years ago.

      It always did the job , the updates would then install, but not this time. then I did the D.I.S.M with admin priv live internet, and that , that one’s a genius program because it saved my hp, which is very touchy meaning it is set to roll into a Diagnostic loop the second anything new is added , then It rolls right into the something is wrong, a space missing, a period, a number misplaced with the infamous restart diagnostic loop window, which then means the HP owner must factory restore, and loose all their stuff usually. I learned how to save everything , but as an end user, it was challenging to say the least.

      This adobe update will not install. It downloads to that same failure code every time.
      So for now Adboe, you selfish company making everything complicated that not even Albert Einstein could get right the first time or how about to the 10th to the 120th power.
      And then your instructions are so redundantly circular reading them is like walking in circles while lost in the woods.
      Mac looks good from here.

  4. Andrew Rossetti

    The Adobe Reader update (at least when downloaded from the web rather than the built in update function) will silently install the Adobe Reader plug-in for Chrome with no prompt, warning, or way to avoid it. Fortunately, Chrome by default will not enable the newly added plug-in.

    • Elliot Alderson

      or, you can get it from the ftp site adobe is still running.
      ftp://ftp.adobe.com/pub/adobe/
      all without extra installer junk and
      much faster than http web muck.
      ¯\_(ツ)_/¯

    • This is biting me right now, as I push updates to frozen computers before students return to campus for spring semester.

      The MSP updater available via FTP has this crapware included as well. I may have to push out the immediately previous update to Reader, I’ve tried and failed to work around this for about 4 hours already today.

      Adobe is terrible, I can’t wait until they’re no longer demanded and expected. Their time is coming with actions like this that turn administrators hard against them.

  5. Andrew Rossetti

    The update for Adobe Reader (at least when downloaded from the web, not using the built in updater) will silently install the Adobe Reader Chrome plug-in with no warning, ability to opt out, or any notification at all. Fortunately, Chrome by default does not enable the plug-in and upon launch the user can either enable it or (my preference) remove from Chrome.

    • Of course it does. Thanks for the warning, Andrew.

    • Do you mean the old PPAPI plug in? I used to have trouble with web sites trying to download flash on Chrome, but that has ended for quite some time now. When I go to the Adobe site to download the NPAPI plug in(extension or whatever you want to call it) that is the only version I get, unless I use another browser or manually select another browser/operating system version.

      I rather doubted most of those sites were actually trying to download flash anyway, as I already had it on the system for older browsers using the same core as Chrome. They were probably trying to download malware, by my best guess.

  6. Google took more than 24 hours after Adobe’s release of npapi Flash 24.0.0.194 to make ppapi Flash 24.0.0.194 available on Google Chrome.

    • The simplest way of forcing Google Chrome to update Flash is to open chrome://components in the address bar and click the update button for Flash, assuming that the new version is actually available. Better late than never I suppose.

    • I haven’t need PPAPI flash for Chrome for around a year now. I only used it on older browsers that had the same core engine as Chrome used to use. I have never needed pepper on the new Chrome, as all sites are perfectly functional without it. I got rid of all those old browsers, as they didn’t run as well on Win7 anyway.

    • Hi

      I discovered recently that Chrome browser can have Flash updated “separately” by typing chrome://components … and then you will be able to verify current version and force update of the plugin if needed.

      ChromeOS, unfortunately, do not offer same workaround.

      ++
      Raphael

  7. Many web sites advise that IE-11 does not support flash active x, and when you test it, some test web pages concur with that assessment. However – that is confusing to many folks, because if you test IE-11 on Win7 with the active x app installed, the test is successful. I wish many of these otherwise well rated sites would make them selves clear about the issue.

  8. Generally, when it comes to pissing and moaning about anything Microsoft-related, I’ll join the chorus, but my experience (thus far) with both 32-bit and 64-bit installs of W-7/SP1: the new update arrangement works fine. The December 2016 offerings included a separate update (KB3205402) for .NET installations. Based on past experience, I installed that after the big rollup file.

    My only concern remains: based on the campaign to cram W-10 down our throats, I’m wary about unwanted stuff (e.g.: Silverlight) being inextricably bundled in a rollup, but so far, so good.

  9. Not sure if it is just me, but my first attempt at the update on my win7 laptop resulted in a notice it was up to date (windows update link) as of 14/12/ 16 – an attempt to check for updates resulted in a freeze-turn off-restart of my machine. Second try resulted in an error screen after the check for updates link was clinked. Restarted the update screen and, finally updates were found which took around 20 minutes to install with a manual restart. A bit scary overall, considering I was dealing with a dedicated Windows Update site. Flash was fine, and quick.

    • You were probably way behind on updates – Microsoft had an issue with all updates a while back that required at least one bulletin that fixed the issue – I had to download mine straight from the MS site to get my manual control back. Now I get the expected performance from both the automatic update and the manual method. One of the rollups fixed the errors I was constantly getting too.

    • I had the same problem, David T. I ended up having to roll my computer back a bit, then let it reinstall the last few updates. I’m thinking this was a Windows 7 issue.

    • I also have problems with windows update on 10, do not upgrade it will get much worse.

  10. fwiw, Firefox built in “Plugin Checker” didn’t know about the latest Flash update and reported it current @.0.0.18something.

    A quick trip to the provided link remedied that.

  11. Flash free for 6 years. Since the ipad came with no flash I also removed it from my Mac. I run chrome almost solely as a flash fallback browser where necessary.

  12. Just to follow up a bit on some comments; My Chrome says up to date w/ version “55.0.2883.87 m (64-bit)”. Going to “chrome://components/” allowed me to then update Flash player separately. It does find the new update released and integrates it into the current Chrome release.

  13. For those who manage multiuser fleets, here’s where the new Reader DC plugin is loaded from. Delete this key and Chrome won’t prompt to install it.

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj

  14. My Windows 10 Home that came factory installed on a new Dell Inspiron 11 laptop updates Flash automatically as part of Windows Update. But it is possible to update Flash manually as well; which is a good thing given how slow and unreliable Windows Update is 🙁

  15. Does anyone know if the Microsoft Update Center, http://www.catalog.update.microsoft.com/home.aspx
    will be shut down after this month? I’ve been using it for the last 3 months, installing the appropriate updates a week or more after release, keeping the automatic updates off. I use Windows 7 in a partitioned desktop.

  16. Just FYI: The Flash update is for Win8.1/10.

    Version 24.0.0.186 is still OK on Windows 7. If you have automatic updates for Windows 7, it will not be automatically updating to 24.0.0.194. Adobe may change this, but what I am saying is, you do not need to worry about updating to 24.0.0.194 on Windows 7 as it is not vulnerable.

    However, going to the Flash install site will install 24.0.0.194 on all OS’s.

  17. Headsup, there’s a recent build of win 10 that breaks multi monitor gaming (MS put it as a known issue in an update and then went and released it anyway)

  18. The ChromeOS and Desktop Chrome have different versions. The one that you are using for the link is for ChromeOS

  19. 1. I have deleted Adobe Reader quite a while ago. Have been using Foxit Reader. It works well, plus has some added features.
    2. Unfortunately Adobe Flash Player is required too frequently to live without it. I disabled it, and enable it when required (2 clicks, nothing to type).

  20. Just read these posts and you wonder why we have computer security issues with these systems!

    And a home user is suppose to be able to buy these systems and do online banking!

    Maybe we need some kind of committee that could end up requiring vendors to have a standard way to do security updates.

    This way in Chrome, this way in ie, this way in firefox it is not sustainable!

  21. More info about here about Acrobat Reader telemetry data:

    Warning: latest Adobe Acrobat Reader DC installs Chrome extension

    http://www.ghacks.net/2017/01/11/warning-latest-adobe-acrobat-reader-dc-installs-chrome-extension/

    The browser displays a prompt that informs you about the permissions that the Adobe Acrobat extension requests.

    What those are? Glad you asked:

    1. Read and change all your data on the websites you visit.
    2. Manage your downloads.
    3. Communicate with cooperating native applications

  22. great article about adobe

  23. All for updates getting out as fast as possible. Well, that is until one has some issues. Not opposed to what Microsoft is doing, but also feel the vast Windows ecosystem needs a fall back option to help those times when an update breaks something. KB3213986 was a bear on one PC in which it was installing all the time in a loop. Finally fixed it, but not without some time consuming scans and running Windows tools to fix a corrupt registry entry. I’ve embraced Windows 10 as mostly good, but not without some reservations on how it will work in terms of updates.

  24. “kernels of truth hidden among the dross” I feel like someone may be a name of the wind fan.

  25. Thanks for the brief … I’ll update the programs that I’m affected by immediately!

  26. I look after the computers for over 10 different companies with over 100 computers each. Needless to say, I don’t like it when these companies bring out updates. Took me an entire weekend going around updating each indiviual computer. Thankfully, this kind of wholescale updates only appen every now and again.