Jump to content

Surprise! Microsoft issues Flash patches for Internet Explorer, Edge


Karlston

Recommended Posts

After announcing last week that February's patches would be delayed until March, Microsoft alerts large customers that security patches are due today--but details remain sketchy

Surprise! Microsoft issues Flash patches for Internet Explorer, Edge Credit: Thinkstock

 

Microsoft sent an email to its largest customers on Monday, alerting them that Adobe Flash Player patches for Internet Explorer and Edge will be coming today. Apparently Microsoft's announcement last week that it would delay February patches until March 14 didn't tell the whole story.

 

Yesterday's email says in part:

Microsoft is planning to release security updates for Adobe Flash Player. These updates will be offered to the following operating systems: Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016...

No other security updates are scheduled for release until the next scheduled monthly update release on March 14, 2017. 

These Flash patches are important for those who still use Flash with IE or Edge. There must be three of you out there, somewhere. For those who don’t use Flash-- or who only use Flash from inside Chrome or Firefox or a different browser--the fixes aren’t important.

 

This is a particularly odd situation. The bundled Windows 7 and 8.1 “patchocalypse” patching method has been amended, with Microsoft declaring last month that starting in February, IE patches won’t be included with the monthly Win7 and 8.1 security-only patch:

Starting with February 2017, the Security Only update will not include updates for Internet Explorer, and the Internet Explorer update will again be available as a separate update for the operating systems listed above.

Of course, we didn’t have a security-only patch in February. In fact, we didn’t have any security patches in February.

 

With Internet Explorer patches being yanked out of the Win7 and 8.1 security-only patches, it’s hard to guess what form these new Win7 and 8.1 patches will take. Adding to the confusion: Microsoft needs to patch Windows Server 2012, which is still stuck on Internet Explorer 10. Perhaps we’ll see a return to the old KB patches for IE10 and 11? Will there be Security Bulletins tying all of this together?

 

The Windows 10 situation is even more obtuse. We have two dangling Win10 hotfix patches – 14393.726 and 14393.729 – which, much to Microsoft’s credit, were released and fully documented but not rolled out the Win10 Automatic Update chute. Will the IE11 and Edge patches for the various versions of Win10 take the form of a cumulative update? And if so, will that cumulative update be issued as a hotfix or will it be pushed onto all Win10 PCs? Will the fix go to 1507 and 1511 systems, in addition to the latest version, 1607?

 

Microsoft hasn’t released corresponding hotfixes for Win10 1507 and 1511. If this patch goes out to 1507 and 1511 PCs, will the analogous hotfixes be issued for those versions?

 

It’s a tangled web Microsoft has woven. Its move to bunch together all patches on all versions of Windows -- and its subsequent backtracking to accommodate well-founded complaints -- increases the complexity enormously. Bunched patches may be part of a “cloud first” future, but they’re hell to install and manage.

 

There’s one point that sticks in my craw: All of this was foreseeable. Adobe has always released its patches on Patch Tuesday, and Microsoft always has to roll those patches into IE11 and Edge. Didn’t somebody see this train wreck coming?

 

Source: Surprise! Microsoft issues Flash patches for Internet Explorer, Edge (InfoWorld - Woody Leonhard)

 

Flash patches for Internet Explorer and Edge due today (AskWoody forums)

Link to comment
Share on other sites


  • Replies 19
  • Views 2.1k
  • Created
  • Last Reply

I dont know what's going on?  It's like Microsoft are still on Holidays .Even the insiders that get updates all the time are felling it they not  got a new release in 2 weeks lol. I think this the 1st patch Tuesday they ever missed and it started in Oct. 2003   You cant say that happened a lot in with Windows . About everything has though looking at the archives here i seen post were people were complaining about Microsoft was pushing updates on people that no one knew what was as far back as when XP and Vista was used . :)

Link to comment
Share on other sites


Microsoft® Windows® Malicious Software Removal Tool (KB890830) Feb. 2017 Updated

Site: https://download.microsoft.com
Sharecode[?]: /download/2/C/5/2C563B99-54D9-4D85-A82B-45D3CD2F53CE/Windows-KB890830-x64-V5.45.exe
Site: https://download.microsoft.com
Sharecode[?]: /download/4/A/A/4AA524C6-239D-47FF-860B-5B397199CBF8/Windows-KB890830-V5.45.exe

 

Link to comment
Share on other sites


" The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable."

 

seems to be a big secret, no download .............

Link to comment
Share on other sites


Airstream_Bill

I am receiving the Flash Patches etc. right now.  Just checked and there they were.

Link to comment
Share on other sites


Security Update for Adobe Flash Player for Windows 10 Version 1607(KB4010250)

Code:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows10.0-kb4010250-x64_fa7ad44be8dd1c65b51f07efbee478b0fbf82f5c.msu
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows10.0-kb4010250-x86_8e6459131457bd164eee5160d316d223ba599c2f.msu

Security Update for Adobe Flash Player for Windows 10 Version 1511(KB4010250)

Code:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows10.0-kb4010250-x64_8edf5a83a0b46d2f4f30a4b192d832a4b4b3c9b2.msu
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows10.0-kb4010250-x86_a300b69ec1fe7aea0101ac964a93e115b15e759e.msu

Security Update for Adobe Flash Player for Windows 10 (KB4010250) [Windows 10,Windows 10 LTSB]

Code:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows10.0-kb4010250-x64_f880a47aff3922d0d1d4a8c261aa24fc3b2a632c.msu
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows10.0-kb4010250-x86_0b0aeac5becf27ef355c97764ab09e907e6ac756.msu

 

THANKS TO MDL!

Link to comment
Share on other sites


Some more from Woody...

Microsoft rolls out KB 4010250 Flash Player update for Windows 8.1 and 10

In a bit of nostalgia, today's patch is attached to a Security Bulletin and not included in cumulative updates

Microsoft rolls out KB 4010250 Flash Player update for Windows 8.1 and 10 Credit: Adobe Systems

 

Microsoft has released an old-fashioned Security Bulletin, MS 17-005, which shepherds a handful of patches for various versions of Windows. The patches, all called KB 4010250, implement the Flash Player fixes contained in Adobe's APSB17-04, which fixes 13 critical vulnerabilities. It took Microsoft a week to plug the holes.

 

The patches are beginning to roll out now through Windows Update on machines running:

  • Windows 8.1, RT 8.1 and Server 2012 R2 running Internet Explorer 11
  • Server 2012 running Internet Explorer 10
  • All versions of Windows 10 -- RTM (1507), 1511, 1607, and Server 2016

Note that Windows 7 PCs don't need the patch, even if they're running Internet Explorer 11. Flash is built into IE11 on Windows 8.1 and Win10, so the updates for IE (and Edge in Win10) have to come from Microsoft. IE11 running on Windows 7 uses a separate Flash Player, via ActiveX, which is updated by Adobe. If you have Win7 and use IE11, chances are good that Adobe updated you last week.

 

You can either go to Windows Update and install the patch, or you can download it manually from the Windows Update Catalog.

 

I see no new cumulative updates for any version of Windows 10. This patch is completely dissociated from the Win10 cumulative updating model.

 

Microsoft was supposed to pull Internet Explorer patches out of the grouped Security-only and Monthly rollups for Windows 7 and 8.1, starting this month, and that finally happened. But Microsoft was also discontinuing Security Bulletins this month.

 

In what appears to be an unrelated move, Microsoft has brought back KB 2952664 (for Win7) and KB 2976978 (Win 8.1), which are the two enhanced snooping patches we last saw on Feb. 9. The patches, at this moment, appear as optional unchecked updates, with a published date of Feb. 21, 2017.

 

Poster ch100 on the AskWoody Lounge says:

The descriptions indicate exactly a metadata change, but it is not so visible to me in what sense. There is no visible supersedence involved at the WU level. Those 2 (or 4) patches have been published before and hidden from view since last Tuesday until today. They were never expired in the true sense, just hidden. I am wondering if they were those updates holding the main releases from the last 7-8 days? It is unlikely, but if this is not the case, it shows that WU/MU is well and alive, but that Microsoft works to something bigger behind the scenes and this has certainly something to do with the big rollups promised for March for Windows 7/2008 R2 and 8.1/2012 R2. It is also possible that there are preparations made for the Windows 10 Creators Edition and the new delivery mechanisms.

Could this be a harbinger for a return of the Win7-to-Win10 and Win8.1-to-Win10 upgrade paths, following the old "Get Windows 10" model? Time will tell.

 

Discussion continues on the AskWoody Lounge.

 

Source: Microsoft rolls out KB 4010250 Flash Player update for Windows 8.1 and 10 (InfoWorld - Woody Leonhard)

Link to comment
Share on other sites


Microsoft has released a patch to address vulnerabilities in Flash Player, after the company previously delayed the February 2017 Patch Tuesday rollout due to a last-minute bug.

The patch is listed as KB4010250 and is shipped to Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1. This means that Windows 7 systems aren’t getting it.

The vulnerabilities that are patched with this new update have already been fixed by Adobe one week ago, but given the fact that Microsoft delayed this month’s Patch Tuesday, the company is only now rolling out this fix, possibly because the number of attacks that might be aimed at exploiting these flaws is increasing.

Microsoft says that no other security updates are scheduled to go live this month and the next rollout will take place as planned on March 14.

The delayed Patch Tuesday

Microsoft surprisingly delayed this month’s Patch Tuesday cycle due to what the company described as a last-minute bug, explaining that all fixes would be included in the March 2017 patching schedule.

“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today,” the firm said.

“After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.”

This is the first time when Microsoft delays a Patch Tuesday rollout and although the company hasn’t provided a reason for this decision, there’s a chance it was caused by an infrastructure problem, as the firm planned to migrate to a new system that no longer relies on individual patches.

Users are strongly recommended to install this new Flash Player update, especially if they’re running Microsoft Edge as the default browser on their Windows 10 computers.

Source: http://news.softpedia.com/news/microsoft-releases-kb4010250-to-patch-flash-player-vulnerabilities-513178.shtml

Link to comment
Share on other sites


" I am receiving the Flash Patches etc "..........what more then the Flash Patches ??  ( etc. ?? what etc. ?)  :rolleyes:

I only just received new Flash Payer ! ( nothing more)

Link to comment
Share on other sites


I dont use flash  i have it disabled  in IE and EDGE I  never used EDGE ether  i keep it blocked  with my firewall who wants a browser that  you have sign into Windows Store to get Extensions you would have too be a true fan too do this. I wish Microsoft would stop forcing flash on there users . I dont install the plugin for Firefox  in a coons age. IOS  or Android dont have flash it's not really needed anymore. and it's not safe too use also any site that use it only is not compatible  with mobile no way get with the times.

How to Uninstall and Disable Flash in Every Web Browser

https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/

 

 

Link to comment
Share on other sites


5 hours ago, Kalju said:

Microsoft is very fast, it took only a week and already available. They really are professionals.

They need to put it back like they have it in windows 7  this is 3rd party software not made by Microsoft that you dont really have too have , so they have no business putting it on Windows updates no way  . That way people who want it can update it. And those who don't, dont. have to install it. Nothing Microsoft does really makes much sense now days no ways. I wish all OS would abandon this  breeding ground for malware called Flash .

Link to comment
Share on other sites


44 minutes ago, Kalju said:

Unfortunately without it not in any way possible till the flash objects are in use. 

I dont use it I do just fine without it , There's one site I visit that part of it uses flash it loads much faster without it loading in you're browser .. There is almost as many people on Mobile OS  as Windows  and Mobile OS dont have flash at all so today its not really needed  . The one i do visit that still have a little of it designed in flash still is fully functional without it  and works better without it. so it should be removed  Flash is going away every year more sites get HTML5  ..

 

Many flash video sites work in MPV  with YouTube DL .If a site dont work with HTML5 or MPV  i wont use it . i can just download the video or rent it  .there lost not mine. Look at all the costumers there losing out on from Mobile if they still just use flash  It's not even profitable to use just flash today.

 

Only desktop OS still support this outdated technology that's became a cancer on everyone.

 

That's the best thing Google  have going for it today  is Youtube  with HTML5 even people who never use Google  for anything else still watch videos at YouTube. Only reason this is many who upload videos refuse to go too other sites.

Link to comment
Share on other sites


question is... why would you use flash at all O_o ?
very little websites use it, and watching flicks online is better via "html5 video"

Link to comment
Share on other sites


uninstall flash and disable it in any browser you use that has it incorporated. flash is old and a security risk. any website that requires flash dont visit and delete from bookmarks. its that simple!

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...