Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Adobe and MS scramble to fix new Flash threats


    PATCH WATCH



    Adobe and MS scramble to fix new Flash threats


    By Susan Bradley

    Microsoft is undoubtedly focused on putting final touches on Windows 10, but it's still cranking out plenty of updates including several to fix an Flash vulnerability that threatens IE. The Flash threat is considered so severe that Mozilla took steps to block Adobe's media player in FireFox. The 4th of July might be just a pleasant memory, but it might now be time to declare our independence from Flash.

    The full text of this column is posted at windowssecrets.com/patch-watch/adobe-and-ms-scramble-to-fix-new-flash-threats/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td] [/tr][/tbl]
    [/SIZE][/COLOR][/FONT]

  2. #2
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    I've been checking daily for updates; just got the Flash update for Win8.1 this morning. Let's hope there isn't going to be another 0 day as far as Microsoft is concerned since they were 2 days behind Adobe on this one.

  3. #3
    Star Lounger
    Join Date
    Dec 2009
    Posts
    51
    Thanks
    1
    Thanked 4 Times in 3 Posts

    More on dealing with Flash

    Those who sometimes need Flash but want to disable it otherwise can try this:
    http://www.howtogeek.com/188059/how-...y-web-browser/
    I put this to work on Firefox a week or so ago, and it looks good; I am prompted to click to activate Flash when an app looks for it.

    Here's more on dealing with Flash:
    http://www.howtogeek.com/222275/how-...y-web-browser/


  4. #4
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts

    Flash Player Alternative -- Firefox Shumway

    For a few iterations now, Firefox has included the Shumway plugin which operates by default last I tried it. The plugin does an on the fly transcoding process, so that Flash Videos become HTML5 Videos. I don't think you need to keep the Adobe Shockwave Flash Plugin installed to use Shumway. Here's a reference for more information on how Shumway works:

    http://www.neowin.net/news/adobe-fla...-in-firefox-27

    Shumway is now enabled by default, and disabling it does not require editing the about:config file. It appears that with Shumway enabled, you can indeed remove the vulnerable Shockwave Flash Plugin entirely from the Firefox Browser, unless you encounter web sites or players which still do not support the transcoding of Flash content into other formats. (And there are many such sites, sadly.)

    If you for some reason don't find Shumway in your list of Firefox Exdtensions, you can download Shumway and check out demos:
    https://mozilla.github.io/shumway/

    Shumway doesn't work with many modified in-browser Flash Players, but it does work with YouTube, Amazon Videos and PBS Videos. The advantage is that you are not playing the video streams with Flash Player, and thus many of the Flash vulnerabilities are mitigated (though not all of them).

    I have successfully watched many hours of Flash Videos using Shumway under Linux, and where it works, no Flash content needs to be enabled or allowed on the entire web page.
    Last edited by bobprimak; 2015-07-16 at 14:53.
    -- Bob Primak --

  5. #5
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,748
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by bobprimak View Post
    For a few iterations now, Firefox has included the Shumway plugin which operates by default last I tried it.
    Isn't that just in the "cutting-edge Nightly version of Firefox that's not stable enough for regular folks.":

    Firefox tiptoes toward a world without Adobe Flash

    The Shumway site says it's a technology experiment.

  6. #6
    Ken Kashmarek
    Guest
    While everybody is worried about Flash, they should also pay attention to Acrobat Reader.

    On two computers, I installed the recent 11.0.12 "fix". That fix killed Acrobat Reader completely (bad dll module) and killed Windows Essentials Photo Gallery.

    I uninstalled Adobe Reader 11, downloaded and installed Adober Reader DC, and the Reader function is restored. Further, Photo Gallery dll errors and file access errors are also gone (it now functions as expected; only required replacing Reader though I am both puzzled and bothered that a bad Reader dll could affect other modules - AcroRd32.dll).

    If this was only one one computer, I might have dismissed it as a problem unique to that system. But, it was on two different computers, one a 64-bit Core2 Duo laptop, the other a 32-bit Core2 Duo workstation, both Windows 7, fully patched.

  7. #7
    Star Lounger MRCS's Avatar
    Join Date
    May 2011
    Posts
    52
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Interesting article. Clarifies a lot of issues with the patches to Windows Update.

    New Policies in July's Windows Update Client to Stop Windows 10 Upgrades by Normal Users
    http://windowsitpro.com/windows-10/n...s-normal-users

  8. #8
    Star Lounger
    Join Date
    Nov 2011
    Location
    Calgary, AB, Canada
    Posts
    54
    Thanks
    51
    Thanked 2 Times in 2 Posts

    Exclamation Out Of Band OOB Security Patch

    Hi Folks,

    Monday, July 20, 2015 (Excerpt)

    This is a summary of the new and changed content to be released on Monday, July 20, 2015.

    New security content:
    MS15-078: Security Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded (KB3079904)

    National Cyber Awareness System:

    Microsoft Releases Security Update


    07/20/2015 02:29 PM EDT

    Original release date: July 20, 2015

    Out-of-band release for Security Bulletin MS15-078
    MSRC Team
    Mon, Jul 20 2015 11:09 AM

    Don't forget Susan Bradley's Patch release Grid .xlsx - Microsoft Excel Online that she highlight in an earlier Post.

    Best Regards,

    Crysta
    Last edited by PhotM; 2015-07-20 at 17:39. Reason: Typo, Additional Link

  9. #9
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    Quote Originally Posted by bobprimak View Post
    For a few iterations now, Firefox has included the Shumway plugin which operates by default last I tried it. The plugin does an on the fly transcoding process, so that Flash Videos become HTML5 Videos. I don't think you need to keep the Adobe Shockwave Flash Plugin installed to use Shumway. Here's a reference for more information on how Shumway works:

    http://www.neowin.net/news/adobe-fla...-in-firefox-27

    Shumway is now enabled by default, and disabling it does not require editing the about:config file. It appears that with Shumway enabled, you can indeed remove the vulnerable Shockwave Flash Plugin entirely from the Firefox Browser, unless you encounter web sites or players which still do not support the transcoding of Flash content into other formats. (And there are many such sites, sadly.)

    If you for some reason don't find Shumway in your list of Firefox Exdtensions, you can download Shumway and check out demos:
    https://mozilla.github.io/shumway/

    Shumway doesn't work with many modified in-browser Flash Players, but it does work with YouTube, Amazon Videos and PBS Videos. The advantage is that you are not playing the video streams with Flash Player, and thus many of the Flash vulnerabilities are mitigated (though not all of them).

    I have successfully watched many hours of Flash Videos using Shumway under Linux, and where it works, no Flash content needs to be enabled or allowed on the entire web page.
    Since I use a Chrome variant, I never heard of Shumway. So someone has indeed created a html5 wrapper to play flash content. They need to cross platform this plugin/add-on for Chrome users (and their variants).

  10. #10
    New Lounger bobspunkin's Avatar
    Join Date
    Dec 2009
    Location
    Bay area
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am a paid subscriber to Windows Secrets and have been for several years. I NEVER update my computer until I have read the Patch Tuesday report by Susan Bradley. I just reviewed the updated list and, like numerous other times, the KB's don't match what shows from Windows Update. The two she advised to wait on were listed, thank goodness, but I don't know what to do so just update the computer not knowing if I am doing the right thing or not! I know Ms. Bradley has her own business and I certainly don't want to bother her but I do rely on her report. I have fortunately not had any issues just going ahead and downloading/installing the updates. I just don't understand why my numbers don't match hers. Anyone else have this issue?

  11. #11
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    169
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Quote Originally Posted by bobspunkin View Post
    I am a paid subscriber to Windows Secrets and have been for several years. I NEVER update my computer until I have read the Patch Tuesday report by Susan Bradley. I just reviewed the updated list and, like numerous other times, the KB's don't match what shows from Windows Update. The two she advised to wait on were listed, thank goodness, but I don't know what to do so just update the computer not knowing if I am doing the right thing or not! I know Ms. Bradley has her own business and I certainly don't want to bother her but I do rely on her report. I have fortunately not had any issues just going ahead and downloading/installing the updates. I just don't understand why my numbers don't match hers. Anyone else have this issue?
    I have found in recent weeks that the patch chart that PhotM links in post #8 above has failed to show anything in the "OK to install" column for updates in recent months, I think April is the last month now showing any recommendations.

    I too find Susan Bradley's recommendations invaluable, but it surprises me that she is able to make those initial recommendations within barely 24 hours of the monthly updates being released - unless she has prior notice of them of course. Even then I would wonder if that gave her enough time to establish whether any updates are proving problematic. I tend to wait until at least the following Monday before reviewing several sites to see whether there are any further recommendations, and even then Woody Leonhard at http://www.askwoody.com/ will invariably still be advising readers to hold off from installing anything until further recommendations are made. That remains his position as I write this in relation to this month's updates.

    As for this month's updates, I'm still being offered KB3077657 and have installed it on one machine as per the Patch Watch recommendations, but I see that it is now supposed to be succeeded by KB3079904 although I'm not being offered the replacement and have no recommendations on it. I'm therefore confused over what to do with my second machine.

    There's no doubt that investigating these updates and making recommendations on installing or leaving them is a difficult job, although not a thankless one as I have no doubt that it is very much appreciated by all who subscribe here. Doubtless it is getting harder by the month, even if it will cease to be needed for those desperate to submit their machines to forced updates with Windows 10 ! Personally I'm sticking with Windows 7 for the duration, and will continue to value highly the advice of the experts on how to approach the monthly updates.
    Last edited by Tandor; 2015-07-21 at 06:28.

  12. #12
    Star Lounger
    Join Date
    Nov 2011
    Location
    Calgary, AB, Canada
    Posts
    54
    Thanks
    51
    Thanked 2 Times in 2 Posts
    Hi Tandor,

    Susan certainly doesn't need me to defend her!

    Consider this, when one wants to complain about how she helps so many of us. Susan is mostly VOLUNTEERING her time to make multitudes lives easier. Lately, many months have been extremely consuming when it comes to patches and now Microsoft is spreading things out even more.

    As far as the column that you mentioned, I believe she only uses it for problem patches but I maybe wrong. Remember, the Patch Grid is replacing what Microsoft stopped doing! That means Susan and other need to do MUCH research to come up with the Patch Grid and things are much less certain.

    Susan Moderates "Patch Management List" another volunteer position that has many many administrators ready to spin up TEST bare metal/VM's by the 1000's of servers and client Windows OS machines. They are are willing to report immediately back to the LIST. I only watch the list because I don't feel qualified to report on it as I am retired from the industry. One can get a fair impression within a few hours as to the quality of a patch. Also, Microsoft Windows, Servers, Patching and Testing Departments Managers and Employees WATCH the LIST and sometimes comment. It is a great source for them to know if they have a bad patch. Yes, there are patches that change there color after baking in a few days but for the most part with all of the varied testing there are not many.

    I hope that clarifies a few things for many here.

    Thank You once again Susan for ALL of the late nights that you put in, to help all of us from IT Professionals to novices! Most really do appreciate IT ALLOT!

    Best Regards,

    Crysta
    Last edited by PhotM; 2015-07-21 at 13:49. Reason: Typo

  13. #13
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    169
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Quote Originally Posted by PhotM View Post
    Hi Tandor,

    Susan certainly doesn't need me to defend her!

    Consider this, when one wants to complain about how she helps so many of us. Susan is mostly VOLUNTEERING her time to make multitudes lives easier. Lately, many months have been extremely consuming when it comes to patches and now Microsoft is spreading things out even more.

    As far as the column that you mentioned, I believe she only uses it for problem patches but I maybe wrong. Remember, the Patch Grid is replacing what Microsoft stopped doing! That means Susan and other need to do MUCH research to come up with the Patch Grid and things are much less certain.

    Susan Moderates "Patch Management List" another volunteer position that has many many administrators ready to spin up TEST bare metal/VM's by the 1000's of servers and client Windows OS machines. They are are willing to report immediately back to the LIST. I only watch the list because I don't feel qualified to report on it as I am retired from the industry. One can get a fair impression within a few hours as to the quality of a patch. Also, Microsoft Windows, Servers, Patching and Testing Departments Managers and Employees WATCH the LIST and sometimes comment. It is a great source for them to know if they have a bad patch. Yes, there are patches that change there color after baking in a few days but for the most part with all of the varied testing there are not many.

    I hope that clarifies a few things for many here.

    Thank You once again Susan for ALL of the late nights that you put in, to help all of us from IT Professionals to novices! Most really do appreciate IT ALLOT!

    Best Regards,

    Crysta
    If you think I'm criticising Susan, then please re-read my post. No criticism was intended, merely a couple of observations along with several compliments:-

    "I too find Susan Bradley's recommendations invaluable"

    " I have no doubt that it is very much appreciated by all who subscribe here"

    "Personally I'm sticking with Windows 7 for the duration, and will continue to value highly the advice of the experts on how to approach the monthly updates."

    I think my position is clear!

    All I have said is that I'm surprised that the initial Patch Watch recommendations can be made so soon after the updates have been released, and that the chart which used to show all the recommendations has recently appeared to be missing them for the past few months (since April's). I'm sure the recommendations were there for May and June but they, along with July's, no longer appear when I access the chart. That's simply reporting what may be a bug or other error, not criticising it.

    If you check past Patch Watch threads on this board you'll find several where I've been quick to thank Susan for her advice. The fact that I have raised a couple of queries about Patch Watch and the chart doesn't in any way diminish my appreciation for the invaluable service she provides, as hopefully the extracts from my post that I have quoted here will demonstrate. However, if any doubt remains, then let me say again - thank you Susan, your advice is indeed very much appreciated!
    Last edited by Tandor; 2015-07-21 at 14:28.

  14. #14
    Star Lounger
    Join Date
    Nov 2011
    Location
    Calgary, AB, Canada
    Posts
    54
    Thanks
    51
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Tandor View Post
    Hi Tandor,

    Susan certainly doesn't need me to defend her!

    Consider this,
    No personal attack was meant on you or anybody else BUT many people do read this column, so I felt it was good to put this out there.

    As far as I am concerned, nothing more needs to be said.

    Have a good day,

    Crysta

  15. #15
    2 Star Lounger
    Join Date
    Jul 2011
    Location
    Colorado
    Posts
    129
    Thanks
    30
    Thanked 10 Times in 10 Posts
    I just renewed my subscription just after this Patch Watch was released. Can I get this emailed to me now that I just renewed, please?
    "Every Thing Changes but Change Itself"

    [Core I7 6700][Asus Maximus VIII Hero][8GB G.Skill memory][Asus GTX 980Ti Strix][1 x 512GB Samsung 950 Pro][850W Seasonic PSU][Antec 900][Windows 10 Professional, 64-bit][2 x Asus PG278Q]

    [Core I5 2500k][Asus P8P67 Pro (ver 3.1)][8GB Corsair memory][Asus ENGT430][1 x 90GB Corsair GT SSD][650W Corsair PSU][Thermaltake DH-202][Windows 7 Home, 64-bit][65" Panasonic Plasma T.V.]

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •