Adobe and Microsoft on Tuesday each issued updates to fix multiple critical security vulnerabilities in their software. Adobe pushed a patch that addresses 29 security holes in its widely-used Flash Player browser plug-in. Microsoft released some 14 patch bundles to correct at least 50 flaws in Windows and associated software, including a zero-day bug in Internet Explorer.
Half of the updates Microsoft released Tuesday earned the company’s most dire “critical” rating, meaning they could be exploited by malware or miscreants to install malicious software with no help from the user, save for maybe just visiting a hacked or booby-trapped Web site. Security firms Qualys and Shavlik have more granular writeups on the Microsoft patches.
Adobe’s advisory for this Flash Update is here. It brings Flash to v. 23.0.0.162 for Windows and Mac users. If you have Flash installed, you should update, hobble or remove Flash as soon as possible.
The smartest option is probably to ditch the program once and for all and significantly increase the security of your system in the process. I’ve got more on that approach (as well as slightly less radical solutions ) in A Month Without Adobe Flash Player.
If you choose to update, please do it today. The most recent versions of Flash should be available from this Flash distribution page or the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).
Chrome and IE should auto-install the latest Flash version on browser restart (I had to manually check for updates in Chrome an restart the browser to get the latest Flash version).
As always, if you run into any issues installing any of these updates, please feel free to leave a comment about your experience below.
The Flash distribution page says once again that it will go dark at the end of this month. Wonder if they will actually go through with it this time. People who use those downloads reduce their bloatware distribution income.
Even if that page goes away eventually, I assume this page will remain, as it is Adobe’s troubleshooting page for Flash installations.
https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html
The direct links for the Firefox plugin, IE’s ActiveX Flash and the PPAPI Flash for Opera and other Chromium-based browsers are at the bottom of the page.
I just wish you would use your notariety to light a fire under the ass of the US National Weather Service. Want to track that hurricane or tonado, citizen? USE FLASH AND NOTHING ELSE.
Amen! That is one reason I still use Flash. Almost all of the weather sites I use, insist on Flash or Java. I only let Flash run when I need it to, but it drives me insane.
Brian, can you remove the link above ^
Correct site: https://www.wunderground.com/
You might care to check out
http://krebsonsecurity.com/2015/07/third-hacking-team-flash-zero-day-found/
(it’s buried in the 5th paragraph)
and
https://petitions.whitehouse.gov//petition/remove-requirement-adobe-flash-player-all-us-government-web-sites-favor-html5
I have my suspicions who the unnamed “B.K.” is.
I signed; the populi voxed; or rather, they didn’t.
Oh well….
There is another page where Adobe supplies direct links to the MSI distribution packages. I’m torn about posting it because if it becomes popular than Adobe will probably nuke it as well… but what the heck. Scroll to the bottom of the page:
https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html
Notice that the download links on that page end in .exe. The links that everyone raves about using, to the extent you can rave about using Flash, end in .msi. The MSI installers don’t include a bundle of third party profitability for Adobe (typically browser plugins, home page/search changes, etc.), while the executable installers normally do.
Adobe doesn’t care if you post links to the executables. They do care if you inform the general public about how to bypass one of their profit centers.
The Flash installer executable package does not require a SSE2 compatible processor whereas the Adobe ‘profit centre’ does so I cannot clean install the latest version of Flash plugin on my ancient PC. Ironically the Flash player software does not require SSE2 capability. I guess that downloading the pre-SSE2 installer while it is still available is a good idea for those with wrinkly hardware.
It’s probably good to note that starting in October Microsoft is going to move all Windows 7 and 8.x users to the Windows 10 update model (single monthly blobs of everything) and getting rid of individual Hotfixes (i.e. you get to install everything they send to you or nothing at all – no more selecting security only update choices and preventing the data monitoring updates from being installed on 7 & 8.1).
http://www.infoworld.com/article/3108405/microsoft-windows/microsoft-changes-win781-updates-pushes-even-harder-for-windows-10.html
If a user wants to download individual patches, supposedly there will be some a way around this, but it’ll be manual for every patch (no Windows Update choice – it’ll just have to be turned off & probably pestering you to get turned on), so that only corporate and a few tech nuts will do so. Microsoft is effectively making your desktop OS a smartphone OS except you pay for this OS on top of the hardware price. Probably fine for most folks, annoys me to no end though.
This will be the last month of updates like this, so take images of your Windows installations while you can – Microsoft has also said that they will roll hotfixes into the update blob’s retroactively as time goes on so you won’t be able to do new installs with just hotfixes through Oct 2016 as time goes on.
As an another FYI Microsoft fired their Windows testing team (a while ago) and is literally using a staged rollout of Windows 10 to the public as a Beta with the goal of getting fixes in place prior to the rollout of the same Win 10 for Enterprise (and you get to pay for this).
https://arstechnica.com/information-technology/2016/09/some-people-wont-get-augusts-windows-10-anniversary-update-until-november/
Not entirely true. WSUS or other Enterprise patching solutions will still have a choice of security vs. non-security. Yes, they will be monthly roll-ups, but two for each, again, one security bundle and one non-security bundle.
ya but you can just block everything with w10fw or any other one. only allow svchost for dns and nothing else, windows 7 own firewall lets you dot his. the problem is alost of windows 7 users were being sabotaged with long download times. that was annoying enough for me to push me to update lol.
But ya crazy how they do all these crazy evil rollouts in like feb,march or octo,november. the screw you over ones… like superceding updates to break your pc as bad as AU update, while at the same time removing the digital river iso’s both times as a slap in the face. I will never forget how crazy brazen that was. and they just keep getting worse. AU update just alienated alot of peoples machines from windows. I guess its all the mobile fads fault with everything. For desktop and security guys its all a downgrade.
Win 7 still the best of all time imo.
…why I do linux…
That’s one way of increasing their installed base of Silverlight and Skype.
The worst of this is that there’s no way to update NET files separately.
This is very bad news. Forcing users to take the whole mess is going to be a disaster. Recently there were some bad patches that wrecked Bluetooth and Wi-Fi on some machines. The Wi-Fi on my work laptop no longer connects without my first going through the BIOS to disable BT and WLAN and then re-enable WLAN. If they throw a blob at us then we’re stuck with their errors. Assuming I can stave off a forced update, I guess I’ll have to start taking the approach that is common with z/OS, wait for one or two quarters and then install the roll-up once the errors other customers found have been fixed…
My installation of Win 10 pro up-dated without issue on Tuesday. I then checked with Adobe and saw that the Windows updates included all Adobe patches for the Edge and Internet Explorer browsers. I manually up-dated the Firefox browser with the new Adobe patch. I find the Windows 10 pro version to be exceptionally stable, however, I dislike the many un-explained programs and apps and such which run in the background all the time.
I try to go without Flash but I recently found that Hulu requires it. How annoying.
> The smartest option is probably to ditch [Flash] once and for all
I tried that but a few sites important to me still needed it. It was a minor concern. Most annoying was, without Flash, most videos autoran, though FF is set to click to play and I’ve installed add ons which also try to give the user control over videos. But I can stop the autorun of Flash videos, so I went back.
Is anyone else having a problem getting Windows 7 updates? I have my computer set to automatic updates. The last check for updates was 9/12/2016. The last time updates were installed was 8/23/2016. When I saw this post, I checked for new updates, but the checking never completes. I gave up after an hour and a half. I tried again today and same thing. Does anyone have a suggestion?
@Muffin: For some months, there has been a “magic patch” that often fixes Windows 7’s slow update problem. Unfortunately, after this month it will not be possible to install individual patches. But, for what it’s worth, the current one is KB3185911. For more information, see http://wu.krelay.de/en/ or the many discussions on AskWoody.com.
@Muffin – You may need to let check for updates run overnight. It can take that long. And your CPU usage will be high for a while.
Thank you, John. They finally appeared. I’m fed up with Microsoft. My next computer will be a Mac.
I think Microsoft is punishing those of us who did not take the free Windows 10.
Mac does the same thing, but they just don’t tell you about it, they all have call home now and auto updating on by default. It’s everything anymore, in 5 years all OSes will be subscription based. This is just the framework for it. OSX pretty much as been with their yearly cheap “OS Updates” for minor features. The biggest issues I have is the MS has been taking away features trying to be more “tablet central”, Media Center, Cast to, Play to, etc.. Windows 7 Pro with Media Center was just about the panicle or home PC usage for me.
The day I can finally get rid of flash will be a day of celebration – but as others have said here, unfortunately some web sites and applications demand we keep using it.
At least on Windows 7 x64 the automatic flash updater seems to be working, I haven’t had to manually update if for many months.
The on good thing about my UPS failing is I can finally ditch Java – I was weary of updating it too!
The latest Win10 update seems to have made the Win7 desktop games disappear again 🙁
Is the Microsoft update 1607? It took forever do load this morning