Woody,

Thanks for the information. Does KB1000002 apply to Windows 7 as well as 8? If it does, I’ll check it out later today.

Dave

Woody,

The link you provided to, Check your Flash version, https://helpx.adobe.com/flash-player.html is actually a help page that shows how to, “Install Flash Player in five easy steps” along with a link you can click to, “Check if Flash Player is installed on your computer”. In my case the link shows that I have version 24.0.0, but it doesn’t show if its version, 24.0.0.168, or version 24.0.0.194

The About Adobe Flash page found at https://www.adobe.com/software/flash/about/ might be more useful. When the page opens, it automatically indicates which version of flash player is installed which in my case is version 24.0.0.194. Below the version box there’s a table that indicates the most recent version for each platform and each browser.

If the flash player does need to be updated, there is a “Player Download Center” link just above the table that will take you directly to the update page for the platform and browser that you are using to view the article. To check for flash player updates for other platforms and browsers just open, https://www.adobe.com/software/flash/about/ from that browser, and use the same “Player Download Center” link to update it.

Fyi, the free Avast antivirus program(for home users) has an optional Software Updater scanner/tool(installed by default) which can update the Adobe Flash Player for both the Firefox n IE browsers, besides updating other programs, eg 7-Zip, Java Runtime, VLC, etc.

19 old updates for Flash Player for Windows 2012 R2 have been expired by Microsoft as today 2nd February 2017. I don’t have confirmation for Windows 8.1 or other versions, but I think this applies at least to Windows 8.1.
This is part of the maintenance effort to avoid the slowing down of the scans for Windows Update.
There is more to be done in the Windows 8.1/2012 R2 space as based on my experience, Windows Update for both OS is slow, similar to what was experienced with Windows 7 in the recent past. This is more true for new installations or those who are far behind in keeping up with all updates. There are ways around the issue, but I think the reason that the issue is not so visible is that Windows 8.1 is a lot less in use than Windows 7.
The server OS is normally maintained differently and is less within the scope of the current discussion.

EDIT:
It appears that there have been a large number of IE CUs for Windows 8.1 which have been expired today, while the same Flash Player older updates which are now expired for Windows 2012 R2, were expired a week ago for Windows 8.1, at the same time with the CU updates expired for 2012 R2.
As I said in the original post, this is normal ongoing maintenance which has not been happening very much in the past few years, generating slow WU scanning.

Permalink for latest Windows 8.1 Flash Update
x86
http://go.microsoft.com/fwlink/?LinkId=328650&clcid=0x409
x64
http://go.microsoft.com/fwlink/?LinkId=328651&clcid=0x409

Permalink for the latest Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe.

Useful prior to switching between major versions and when troubleshooting bugs/crashes, or when flushing out old or multiple versions etc.

Does anyone know if there’s a way to update PepperFlash manually?

I believe the online Adobe Flash Player Settings Manager also has a few options that are only accessible at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html also.

The online settings manager offers a checkbox on whether to store third party content and one to store common Flash content. One can not do that within the control panel setting manager correct?

https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html

Try that link. That page lists a checkbox to allow third party sites to store content and one to allow storage of common Flash components. They were checked by default for me and I don’t see a corresponding way to check/uncheck those settings outside of that specific online settings manager page.

The “online” Flash Player settings page is actually a local location on your PC. The presentation is in a browser, but the page is local.

I thought Woody says running Flash Player is an absolute no no?

Latest Version: 25.0.0.127
Offline Installers are available online (see bottom of linked page for relevant version).

Adobe Security Bulletin: 14 March 2017

Latest Version 25.0.0.148
Adobe Security Bulletin: 11 April 2017

Offline Installers are available online (see bottom of linked page for relevant version).

Online installer link: https://get.adobe.com/flashplayer/

Latest Version 25.0.0.171
Adobe Security Bulletin: May 9, 2017

Adobe Offline Installers are available online (see bottom of linked page for relevant version).

Adobe Online installer link: https://get.adobe.com/flashplayer/

MS Windows Support link: KB4020821

I thought it was unsafe to use Flash nowadays?

Latest Version:
26.0.0.126 (Desktop Runtime & Google Chrome) &
26.0.0.120 (IE11 & Edge on Win 8.1, 10)
Adobe Security Bulletin: June 13, 2017

Adobe Offline Installers are available online (see bottom of linked page for relevant version)

Adobe Online installer link: https://get.adobe.com/flashplayer/

MS Security Advisory: ADV170007

Adobe released a new version of Flash Player today, 26.0.0.131.

Latest Version:
26.0.0.151 (Desktop Runtime & Google Chrome) & (IE11 & Edge on Win 8.1, 10)
Adobe Security Bulletin: August 8, 2017

Adobe Offline Installers are available online (see bottom of linked page for relevant version)

Adobe Online installer link: https://get.adobe.com/flashplayer/

MS Security Advisory: ADV170009

This is the US-Cert Alert related to Woody’s blogpost Adobe Flash player security update is out (October 16th):

 
Adobe Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2017/10/16/Adobe-Releases-Security-Updates

Original release date: October 16, 2017

 
Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 (link is external) and apply the necessary updates.

Another update for Adobe Flash Player, is for functionality NOT security reasons:

Release Notes for Flash Player 27 and AIR 27
Welcome to the Flash Player and AIR 27 release notes!

October 25, 2017
In today’s release, we’ve updated Flash Player with an important functional fix impacting Flex content and recommend those users impacted update.

Thanks to @ajnorth for the permalinks to the current updates, in addition to the permalinks at the top of this topic:
NPAPI: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
AX: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
PPAPI: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Adobe Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2017/11/14/Adobe-Releases-Security-Updates

Original release date: November 14, 2017

 
Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.

Adobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb17-42.html

 
Security updates available for Flash Player | APSB17-42
Last Published: December 13, 2017

Bulletin ID: APSB17-42
Date Published: December 12, 2017
Priority: 2

Summary
Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a regression that could lead to the unintended reset of the global settings preference file.

Affected Product Versions : 27.0.0.187
Solution: 28.0.0.126

(No US-Cert post found yet)

Adobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb18-01.html

Security updates available for Flash Player | APSB18-01

Bulletin ID: APSB18-01
Date Published: January 9, 2018
Priority: 2

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an important out-of-bounds read vulnerability that could lead to information exposure.

Affected Product Versions: 28.0.0.126
Solution: 28.0.0.137

Security updates available for Flash Player | APSB18-03
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html

Bulletin ID: APSB18-03
Date Published: February 6, 2018
Priority: 1

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Affected Product Versions: 28.0.0.137
Solution: 28.0.0.161

Adobe AIR has been updated to version 29.0.0.112 – https://get.adobe.com/air/

 
Adobe Flash Player has been updated to version 29.0.0.113. Executables for manual installation (Right-click; select Save Link As):

Flash Player for Firefox 29.0.0.113 – NPAPI

Flash Player for Internet Explorer 29.0.0.113 – ActiveX

Flash Player for Opera and Chromium-based browsers 29.0.0.113 – PPAPI

Adobe Flash Player Uninstaller 29.0.0.113

Adobe have released a security update to their Flash Player for all platforms. Here are the three for Windows — all clean (right-click; select Save Link As):

Flash Player for Firefox 29.0.0.140 – NPAPI | 19.8 MB

Flash Player for Opera and Chromium-based browsers 29.0.0.140 – PPAPI | 19.8 MB

Flash Player for Internet Explorer 29.0.0.140 – ActiveX | 19.3 MB

Adobe Flash Player Uninstaller 29.0.0.140 | 1.30 MB

(The update for IE & Edge in Windows 8.1 and 10 will be released through Windows Updates on Tuesday 10 April 2018.)

Security updates available for Flash Player | APSB18-16
https://helpx.adobe.com/security/products/flash-player/apsb18-16.html

Bulletin ID: APSB18-16
Date Published: May 8, 2018
Priority: 2

Summary:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 29.0.0.140 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Product Versions: 29.0.0.140 and earlier versions
Solution: 29.0.0.171

Find links above for updates

 
Security bulletins were also issued for Creative Cloud Desktop Application (Priority 2) & Adobe Connect (Priority 2)

Kirsty wrote:

find links above for updates

For users running Windows 8.1 or 10, Flash updates here:

2018-05 Security Update for Adobe Flash Player for Windows (KB4103729)

Adobe Security Bulletin:
Security updates available for Flash Player | APSB18-19
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

Bulletin ID: APSB18-19
Date Published: June 7, 2018
Priority: 1

Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.

Affected Product Versions: 29.0.0.171 and earlier versions
Solution: 30.0.0.113

 
Find links above for updates for browser versions

See also, on Code Red: Adobe Flash Zero Day Patch

Kirsty wrote:

Find links above for updates for browser versions

… or, for the 47% running Windows 8.1/10, find them here:

2018-06 Security Update for Adobe Flash Player for Windows 8.1/10

You can get it for gecko based browsers and Chrome based browsers direct from Macromedia ftp download.  The links for each type of Flash Player are buried in an old Adobe help page that says it is for Windows 7.  However, the page is kept fully up to date for the downloads.  I have bookmarked the ftp download links in my default browser and I fetch Flash Player quickly this way.  I have been doing it this way for years on both Windows 8.0 Pro and Windows 10 Pro 1709.

The first link is for gecko based browsers and the second for Chromium based:

https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe

https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

(I’m not sure if ftp download links are allowed so, if not, this is the Adobe Flash Player help page where they are located UNDER “Still Having Problems”.

https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html

For IE and Edge, I get that from Microsoft update catalog (and make sure I have the current servicing stack update first).

Thanks.

I have always found the direct installers work far more reliably that the webinstallers, plus they do not have the pre-checked additional software sections.  It is JUST the Adobe Flash update.  The webinstallers sometimes left older versions of files in the Macromedia directories.

Another quick link I use for software updates notices is at http://www.tweakguides.com..

Adobe Security Bulletin:
Security updates available for Flash Player | APSB18-24
https://helpx.adobe.com/security/products/flash-player/apsb18-24.html

Bulletin ID: APSB18-24
Date Published: July 10, 2018
Priority: 2

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Product Versions: 30.0.0.113 and earlier versions
Solution: 30.0.0.134

 
Find links above for updates for browser versions
KB 4338832 for Win8.1/10 offline installer (prerequisite noted: KB 4132216 SSU)

Adobe Security Bulletin:
Security updates available for Flash Player | APSB18-25
https://helpx.adobe.com/security/products/flash-player/apsb18-25.html

Bulletin ID: APSB18-25
Date Published: August 14, 2018
Priority: 2

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address important vulnerabilities in Adobe Flash Player 30.0.0.134 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Product Versions: 30.0.0.134 and earlier versions
Solution: 30.0.0.154

 
Find links above for updates for browser versions
KB 4343902 for Win8.1/10 offline installer (prerequisite noted: KB 4132216 SSU)

Adobe Security Bulletin
Security updates available for Flash Player | APSB18-31
https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

Bulletin ID: APSB18-31
Date Published: September 11, 2018
Priority: 2

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address an important vulnerability in Adobe Flash Player 30.0.0.154 and earlier versions. Successful exploitation could lead to information disclosure.

Affected Product Versions: 30.0.0.154 and earlier versions
Solution: 31.0.0.108

 
Find links above for updates for browser versions
KB 4457146 for Win8.1/10 offline installer (same prerequisite as last month’s)

Adobe Security Bulletin
Security updates available for Flash Player | APSB18-39
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Bulletin ID: APSB18-39
Date Published: Noveember 13, 2018
Priority: 2

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address an important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions. Successful exploitation could lead to information disclosure.

Affected Product Versions: 31.0.0.122 and earlier versions

Solution: 31.0.0.148

 
Find links above for updates for browser versions
KB 4467694 for Win8.1/10 offline installer (prerequisities mentioned)

The Security Bulletin related to today’s blogpost: Out of band update for Adobe Flash Player Nov. 19, 2018

Adobe Security Bulletin
Security updates available for Flash Player | APSB18-44
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html

Bulletin ID: APSB18-44
Date Published: November 20, 2018
Priority: 1 (except Linux – priority 3)

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player 31.0.0.148 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Technical details about this vulnerability are publicly available.

 
Further details (& Microsoft Catalog link) are in the blogpost; links, as always, are above.

Adobe Security Bulletin
Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Bulletin ID: APSB18-42
Date Published: December 05, 2018
Priority: 1 (except Linux – priority 3)

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer. Successful exploitation could lead to Arbitrary Code Execution and privilege escalation in the context of the current user respectively.

Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.

Adobe Flash Player Affected Product Versions: 31.0.0.153 and earlier versions
Solution: 32.0.0.101

Adobe Flash Player Installer Affected Product Versions: 31.0.0.108 and earlier (priority 2)
Solution: 31.0.0.122

 
Find links above for updates for browser versions
KB 4471331 for Win8.1/10 offline installer
(MS KB information)

This is NOT A SECURITY UPDATE (yes, confusing!)

 
Security updates available for Flash Player | APSB19-01
https://helpx.adobe.com/security/products/flash-player/apsb19-01.html

Bulletin ID: APSB19-01
Date Published: January 08, 2019
Priority: 3

Summary:
Adobe has released updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address feature and performance bugs, and do not include security fixes.

 
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190001:

Note: Please disregard mentions of security or vulnerability in this advisory. These are hardcoded titles that we were unable to change for this non-security Adobe Flash update.

Adobe Security Bulletin
Security updates available for Flash Player | APSB19-06
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html

Last Published: February 13, 2019

Bulletin ID: APSB19-06
Date Published: February 12, 2019
Priority: 2

Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one important vulnerability in Adobe Flash Player. Successful exploitation could lead to information disclosure in the context of the current user. 

Affected Product Versions: 32.0.0.114 and earlier

Solution: 32.0.0.142

 
Find links above for updates for browser versions
KB 4487038 for Win8.1/10 offline installer
(MS KB information)

 
Security Updates were also issued for Creative Cloud Desktop (Priority 3), as well as Acrobat/Reader

Adobe Security Bulletin
Security updates available for Flash Player | APSB19-19
https://helpx.adobe.com/security/products/flash-player/apsb19-19.html

Last Published: April 10, 2019

Bulletin ID: APSB19-19
Date Published: April 9, 2019
Priority: 2

 
Summary:
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical and an important vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Affected Product Versions: 32.0.0.156 and earlier

Solution: 32.0.0.171

 
Find links above for updates for browser versions
KB 4493478 for Win8.1/10 offline installer
(MS KB information)

Adobe Security Bulletin
Security updates available for Flash Player | APSB19-26
https://helpx.adobe.com/security/products/flash-player/apsb19-26.html

Last Published: May 14, 2019

Bulletin ID: APSB19-26
Date Published: May 15, 2019
Priority: 2

 
Summary
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

Affected Product Versions: 32.0.0.171 and earlier

Solution: 32.0.0.192

 
Find links above for updates for browser versions
KB 4497932 for Win8.1/10 offline installer
(MS KB information)

? says:

Adobe Flash v32..0.0.255 released today has “important bug and security fixes.”

https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html

Thanks, Kirsty & Woody for this. A quick way to access needed links… I’m currently up-to-date on Firefox, though I’ll need to update Windows & IE 11 in November. No biggie!

? says:

no security in October Flash patch v32.0.0.270, just “important bug fixes,” ho hum:

https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html