New Flash and Adobe Reader patches, plus a speed-up for Vista scans

Topic

New Reply

Just in from EP: Hi Woody. New Adobe Flash Player security updates posted in security bulletin APSB16-32 https://helpx.adobe.com/security/products/fla
[See the full post at: New Flash and Adobe Reader patches, plus a speed-up for Vista scans]

Reply | Quote

Replies

Thanks. For the adobe update update.

I just the day before the patchocapolypse finished upgrading my last client PC that was Vista to 7.

CT

Reply | Quote

Not quite in relation to the subject of the current blog post, but otherwise it has good chances to be lost as the relevant post is already old.
Something is moving in relation to the Antimalware Suite, now that apparently the October 2016 patch releases have been successful, although there are still questions about the design of the WSUS deployment which is bizarre, not faulty as it was explained by abbodi86.
As we remember, MSE 4.10.205 had some issues, although it was not retired and those issues are still not resolved.
The enteprise equivalents, using the same engine, FEP and SCEP are as follows.
FEP 2010 (which is considered legacy) was never upgraded to 4.10.205, but was left to 4.9.219.0. This is the correct version, not a typo, a little bit different from the MSE equivalent 4.9.218. This version was revised this morning under the same number.
SCEP 2012 R2, the current product, which is only a cosmetic relabelling of FEP 2010, has been upgraded to 4.10.205 at the same time with MSE, but the download was made invisible since then by Microsoft, without officially retiring it. The situation is that those admins who downloaded it in WSUS by synchronising with Windows Update at the time of release still see it as available in their console, while the remainder do not even know that it exists. Worse than that, the previous version 4.9.219.0 which is the same with FEP 2010, only relabelled, was expired on the assumption that 4.10.205 is a good one and replaces it. A bit premature I would say. This retired version is still available on the Microsoft servers, but one has to know the complex URL and download the last known good version from there. Otherwise, the only other option is to use a 2 years old engine, 4.7 which is still good and fully functional.
To summarise we have this situation which is more than bizarre:
– MSE latest offer is 4.10.205 with known issues – right-click disk scanning not working and there seem to be other few known issues. The last good version is 4.9.218, but this is not what is on offer on WU
– FEP 2010 – this is the only good download offered and revised this morning under the same name, version 4.9.219.0. This is the version which should currently be available for all products, until a better one is created. This was the case 1 month ago.
– SCEP 2012 R2 which should be the current best product is offered in a version 2 years old, fully functional, but the worst is that there is the latest version 4.10.205 in limbo, with unknown status, offered for a while and currently made unavailable without reasons offered by Microsoft. This is an enterprise product, the most current one.

There seems to be a similar situation with the servicing stack update released in September 2016 which is still on WSUS, probably only if it was synchronised at that time, cannot be uninstalled, but not on WU currently. I have it installed and I did not notice and I am not aware of negative side effects, but there must be something if Microsoft made it unavailable currently.

I am expecting something to move in the Antimalware products, because they have been in this uncertain situation for more than a month. I assume that with reduced resources at Microsoft, all those available were allocated for a successful October 2016 Patch Tuesday release which appears to have happened at least from early indications. However, ideally the design for managed environments still needs to be fine tuned as mentioned above.

Reply | Quote

Well done. RIP Vista.
Everyone reading here should at least aim to replace Vista as soon as possible, suggesting Windows 7, but there are other options too.

Reply | Quote

Just stirring a little bit our debate about the telemetry. This news item is not telemetry related, but shows what rogue employees of a technology company can do with information which is obtained from customers without their consent.
http://www.bbc.com/news/world-australia-37642095

Reply | Quote

Ouch.

Reply | Quote

Thanks from this corner also re the Adobe Reader update. I reverted to Reader 11 after seeing what changes Adobe introduced about a year ago in connection with their effort to tie Reader to the cloud. I was not the only longtime user who found them ugly and distracting. At least Adobe has continued to support older versions–I upgraded to 11.0.18 today. Thanks again for the heads-up.

Reply | Quote

Something weird with the Sept Servicing Stack update. I have been doing some experimenting. It did not show up in WU on the Win7 I’ve been playing with initally.

I hid the two Oct rollups (Win and .NET) and installed some other stuff (won’t mention KBs b/c those who don’t understand DEFCON will think they have to install same).

After I rebooted (Oct rollups still hidden), the servicing stack update showed up as checked important. Then, when I unhid the Oct rollups, it disappeared. And it didn’t show up again when I ran another search.

????

Reply | Quote

Good thing not my phone.
Not stand -10.

Reply | Quote

Very interesting and happy to hear that wdburt1. I felt the same way.

I have been installing version 11 myself for the very same reasons.

Interesting that they are maintaining the older version 11 as well as that DC version.

CT

Reply | Quote

This goes to the download page for Adobe Flash Player:

https://get.adobe.com/flashplayer/

Reply | Quote

So the WU speedup is now pointless, since in order to get it, you already have to install a whole rollup to get it, at which point, if you’re Group B, that’s it for the month… What a joke…

Reply | Quote

The meaning of what you noticed is that one or more of the hidden updates are superseding the September stack update. I didn’t realise but this may well be the case and that patch for the stack was not retired. If some patches are hidden, then the next level of supersedence would show up. Normal Windows Update scanning does not show superseded updates (without hiding the higher level) and while this is normal, it is also the main reason for the known issue of slow scanning.
There is a beautiful piece of software which does not need to be installed, named Windows Update MiniTool, which allows scanning with the superseded patches showing. It is only a check box, very easy to use software.
http://www.wilderssecurity.com/threads/windows-update-minitool.380535/ and on MDL Forum.
With superseded updates showing, ANY agent, even those considered faulty like 7.6.7600.320, would do the job in few minutes. However that procedure is useful only for testing and understanding more as you don’t need to install 500+ patches instead of 200+. In fact some of those superseded would fail anyway.

Reply | Quote

“Interesting that they are maintaining the older version 11 as well as that DC version.”

Reader 10 was also supported for some time after Reader 11 was released.

The last update to Reader 10 was released on October 2015, 2 years after the release of Reader 11.

Support for Reader 11 will end on October 2017, 2 years after the release of Reader DC.

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
https://www.adobe.com/support/products/enterprise/eol/eol_matrix.html#864

Hope for the best. Prepare for the worst.

Reply | Quote

Yes, that’s right. But isn’t it good for Group B? Just install the security-only rollup (after verifying that there are no significant problems) and ignore Windows Update. No more need for “Speedup”.

That’s why Woody has recommended that we turn off Windows Update if you are “Group B”. For you will need to download the updates manually yourself without using Windows Update anymore.

Hope for the best. Prepare for the worst.

Reply | Quote

Which would imply that the two (or one of them) Oct full rollups are/is superseding the stack patch. When they were hidden, the stack patch showed up, when I unhid them, it disappeared. KB3192391 (security-only) mentions kernel-mode drivers, and this is a part of the full monthly rollup.

BTW, I sent some info to Woody last night on what I’m testing. Will finish up today.

Reply | Quote

The security-only patch includes the kernel-mode drivers – see my comments above.

Reply | Quote

Updating any version of Adobe Reader always tries to point me towards installing the “DC” version, but I am aware of how to get around that.

When finally digging down through their ftp site for the latest update for version 11 there’s always two files available. One has the letters “MUI” in it and the other one doesn’t. I’ve always downloaded the one that doesn’t because I don’t know what that MUI represents. Can somebody fill me in please?

Reply | Quote

No one should be put through all this crap. I am hanging in there until Apple releases it’s new Mac Book Pro.

Reply | Quote

Thank you for that, James Bond 007

CT

Reply | Quote

http://www.tweakguides.com/ has direct links to the full installers for IE and Firefox.

The full installers do not have the default clicked boxes to install Chrome and/or the Google toolbar. I also find they never leave remnants of the prior version like the online installer will if you do not reboot.

Reply | Quote

The simple way of avoiding all this crap is to disable WU altogether, then you’re in the same position you’ll eventually be in anyway in terms of not having ongoing security etc support, albeit 3 years early. The only risk apart from missing out on some added protection is that the odd application may not work properly if it requires a particular update to run.

Reply | Quote

Seff, right you are. Good point of view. We are going to be in that state anyway come Jan 2020.

This is essentially group C (W).

I have seen an awful lot of computers that have not been updated in years and the owner did no even know it.

I am not at all sure the risk is all that great.

CT

Reply | Quote

Just curious: Why is it so urgent to replace Vista? It’s still being supported with security patches (I think).

I understand that you might WANT to replace Vista with something else (Windows 7 would be my first choice); but you might not want to spend the money on another OS at this time.

In other words, I don’t believe I need to advise any of my customers, some of whom are still using Vista, that they need to replace Vista as soon as possible.

Reply | Quote

My version 11 has a cloud on the top menu bar that lets you store files on their Acrobat.com site or whatever. I never have used it but it’s there. So why the need to go with what sounds like an annoying new DC version?

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

The 2nd simplest way is to turn updates off, and then wait till the end of each month to see how all of the unpaid beta testers fared with the current month’s updates. If all was well with them, (1) do a backup, and (2) install the security only patch for that month.

You’re going to come to this site anyway and see what happened with the beta testers; so you’ll know, without much effort, whether or not to install that month’s sescurity patch.

Reply | Quote

Why don’t you get a 2nd hard drive and a SATA hard drive power switch, and install Linux on the 2nd hard drive? In this way, you can switch back and forth quickly and easily, and you can be learning Linux and getting it in good working order for the time when you decide to abandon Windows.

Reply | Quote

MS promised “support” for Vista ends April, 2017.

CT

Reply | Quote

Surely people reboot eventually after doing an Adobe flash update — and the installer throws up a notice that says to do so.

Reply | Quote

At times, I have had slow scanning even with no updates hidden, prior to installing the various “magic” patches for the months in question.

Reply | Quote

To answer my own question and inform anyone else that may have wondered… it stands for Multilingual User Interface.

I was relatively certain what the last two letters represented but the first one could have been any of numerous things.

Reply | Quote

@Bill C…..

“I also find they never leave remnants of the prior version like the online installer will if you do not reboot.”

Why would one use a full installer instead of just updating if Flash Player is already installed?

@poohsticks….

“Surely people reboot eventually after doing an Adobe flash update — and the installer throws up a notice that says to do so.”

I’ve NEVER seen a reboot notice after a Flash Player update. In fact, when it’s set to update automatically (which mine is) the only way I know it has updated is by checking the install date from Programs and Features.

Reply | Quote

Windows 10 and Window 8/8.1 users can selectively download just the Flash Player and MSRT updates when desired using the wushowhide trick. Then run MS Updates with only the desired patches showing. Afterwards, reset everything to metered connection and whatever, and wait for the all-clear for the rest of the month’s updates.

Doing this may sometimes require occasional resets of MS Update, but that’s the only side-effect I’ve noticed in several months of using these tricks.

Reply | Quote