Microsoft re-releases the KB 4287903 Flash zero-day patch

Topic

New Reply

Remember that Flash zero-day patch Microsoft released on June 7? You know, the really out of band patch that fixes the zero-day hole that’s so easy to
[See the full post at: Microsoft re-releases the KB 4287903 Flash zero-day patch]

1 user thanked author for this post.

Elly

Reply | Quote

Replies

From @gborn on borncity.com:

Flash-Update KB4287903: Install issues with WSUS
By guenni | June 8, 2018

 
It seems that Microsoft has messed up the critical Adobe Flash Update KB4287903 for Windows. At least for enterprise environments with WSUS, where the patch may causes install issues.

 
Read the full article here

4 users thanked author for this post.

woody, Elly, walker, WildBill

Reply | Quote

From the link you provided, it definitely happens with the WGT (World Golf Tour) video game. Is anyone having Flash problems not related to WGT since they installed the update? As per Woody’s advice, I keep Flash disabled on Firefox, but update it for IE 11 on Win 8.1. Not using IE 11 unless a Windows app uses it. Will reboot to see if Windows Update pumps KB4287903 down the pipe again…

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

woody wrote:

Remember that Flash zero-day patch Microsoft released on June 7?
…
But there have been problem reports attributed to the patch that — again, reportedly — go away when the patch is uninstalled.

Microsoft’s patch was only for IE/Edge on Win 8/10 (which most here think no one uses).

Those flash golfers needing to revert are using Chrome, Firefox, Opera, Maxthon, Slimjet.

There are several companies you could blame for that before Microsoft.

Does no one else sense the irony here?

Reply | Quote

I don’t think anyone was blaming anyone for anything, only expressing puzzlement. It would be more useful though if MS expressly stated with the install information that the update was for their browsers only.

2 users thanked author for this post.

WildBill, Alice

Reply | Quote

You’re quite correct.

Reply | Quote

I have Windows 7, so I downloaded “Flash” directly from Adobe (because, for Win 7, one has to), and what came down was the latest Adobe Flash ActiveX (the one thing, or so it seems, that has actually been changed). I have installed it (it is an automatic process, once one starts it by downloading) and noticed no problems connecting to sites that still run with Adobe Flash.

I wonder if those with other versions of Windows might no be better off by ignoring the dubious stuff they are receiving from MS and go get theirs, instead, directly from the source…

The link, here:    https://get.adobe.com/flashplayer/

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

I have Windows 7, so I downloaded “Flash” directly from Adobe (because, for Win 7, one has to), and what came down was the latest Adobe Flash ActiveX (the one thing, or so it seems, that has actually been changed). I have installed it (it is an automatic process, once one starts it by downloading) and noticed no problems connecting to sites that still run with Adobe Flash.

I wonder if those with other versions of Windows might no be better off by ignoring the dubious stuff they are receiving from MS and go get theirs, instead, directly from the source…

The link, here: https://get.adobe.com/flashplayer/

Despite the impression given by Woody, there is nothing dubious from MS here.

Modern versions of Windows cannot get their Flash updates directly from Adobe, because Microsoft wants to make sure they get them automatically.

1 user thanked author for this post.

woody

Reply | Quote

The Flash updates that “Modern versions of Windows cannot get… directly from Adobe” only apply to Microsoft browsers (i.e. Edge/IE).  If you also use other browsers on modern versions of Windows you will have to get the Flash updates for those browsers directly from Adobe!

I typically don’t use Edge or IE but nevertheless make sure to get Flash updates for those via Windows Update.  Separately, I download my Flash update for Firefox directly from Adobe.

1 user thanked author for this post.

WildBill

Reply | Quote

Re Adobe Flash from MS:  I do not have Adobe Flash Installed on my Asus Windows 1o Home computer, do not have IE, do not use Edge, prefer Firefox yet MS keep trying to automatically install the latest Flash updates.  Checking back they have done so several times with their MMUs (messy monthly updates).  Q1. Can I uninstall the previous un-necessary updates? Q2. Based in Bangkok is it possible the local MS crowd are doing the updates?  If so, it would explain a lot.  Woody and Co., thanks for all the hard work and invaluable information.

Reply | Quote

Unfortunately, IE11 is an integral part of the Windows 10 Operating system. Even if you do not use it for your browser (never open it) it is still vulnerable and MS has chosen to bundle Flash with it. The same goes for Edge – just because you never use it as a browser, it is still a part of the Operating System.

So, given that, if you do not patch IE11/Edge and the accompanying Flash, you leave your system vulnerable.

3 users thanked author for this post.

WildBill, columbia2011, Cee Arr

Reply | Quote

Theoretically, you’re still leaving the system vulnerable, but one of the most important things you can do in general to improve your odds against malware is to be careful what you do while online.  Not going to questionable web sites is a well-known one, although you can never know for sure that a supposedly legitimate site has been compromised.  Even so, if you never use IE to go to any sites at all, the odds are pretty slim of having a flash object attempt to run, I would think.

If IE is sitting there going to web sites all by itself, that’s probably the problem I would think the most important.  It may have been foolishly made part of the OS by a monopolist trying to avoid being forced to unbundle it (successfully, I might add; lying to Congress works), but it still takes a human to point it in the general direction of a site containing infected flash code.   Or, at least, I hope so.

I have IE on all of my Windows installations “uninstalled,” at least to the greatest extent possible.  In XP, “turning off” IE didn’t really accomplish any more than setting something else as your default browser.  Even “turned off,” it managed to pop up quite often when certain programs that were hard-coded to call IE rather than use the default browser would run.

In Windows 7 (I have no idea how it was in Vista), turning off IE actually meant something, as it does remove iexplore.exe from the \Program Files and \Program Files (x86) (if applicable) directories, in addition to unregistering it as an available handler for browser file types.  The rest of the files besides iexplore.exe are still there, and iexplore.exe is still in the WinSxS directories, but that’s as close as you can get to an “official” uninstall.

Whether that offers any protection against this new malware, I don’t know.  I rather wish MS had left Flash the way it was– which is to say an optional addon that can be completely uninstalled, rather than another component of IE/Edge, themselves components of the OS (neither of which have any business being true).  Now, in the supposed interest of better security for their customers, they’ve made sure Flash is still a part of our lives even if we’ve jettisoned it long ago to the extent that we can.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

I’m not seeing anything in WSUS to showcase a revision.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

ch100

Reply | Quote

It looks like I hit a momentary glitch in the Catalog. I should’ve taken a screenshot….

Anyway, all is well now.

1 user thanked author for this post.

Elly

Reply | Quote

Win 7,  With Firefox  add on’s I disable flash  unless a site does not work then I enable it.

1 user thanked author for this post.

WildBill

Reply | Quote

Possibly related to this thread but thank you for reading.  My malwarebytes premium trial is almost up and am at a loss as to if I should purchase the premium or go with another program.  I have read where malwarebytes is not that great.  Any suggestions-recommendations is appreciated.  TY
Windows 10 Home (x64) Version 1709 (build 16299.461) Firefox Quantum 60.02

Reply | Quote

AV-Test is a good place to start. Another is AV-Comparatives. There are ratings for multiple antivirus programs.Here’s the page for Win10.

2 users thanked author for this post.

Elly, columbia2011

Reply | Quote

I got the update for Windows 8.1 recently.  Of course I know it is only for IE.  Have noticed no issues with IE, which I normally do not use.  I normally use Firefox, but it and other browsers update plugins automatically.  With Opera, I do not know, since I don’t have access to plugins on that browser now.  I don’t use Opera on Windows, since it blips my icons when it starts.  I do use it on Ubuntu, where it annoyingly starts half-screen.  I have not found an effective way to fix this.

Reply | Quote

Some old news from July 2017 going back to 2013 recommends not using Flash where possible.  Also notes that  Java  is not secure,  and Adobe Reader is bloatware.

https://www.darkreading.com/vulnerabilities—threats/adobes-move-to-kill-flash-is-good-for-security/d/d-id/1329472

https://www.zdnet.com/article/java-reader-and-flash-are-most-exploited-windows-programs/

https://www.pcworld.com/article/2030153/how-i-ditched-the-security-risks-and-lived-without-java-reader-and-flash.html

Reply | Quote