Forum Thread: Flash & upgrade to Win10

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
taffy078 Flash & upgrade to Win10
Contributor 29th Dec, 2015 14:10
Ranking: 408
Posts: 1,469
User Since: 26th Feb, 2009
System Score: N/A
Location: UK
Two weeks ago I was swayed by a message from Microsoft on my Win7 PC that I could now download the free, full Win10 upgrade and run it at a later date of my choosing - so I did. Lying bar stewards (a technical term) - the full Win 10 was installed, and I'm one of hundreds of thousands (so I'm told) of upgraders who are having major problems eg no Start icon. MS knew about this four months ago but hid that in their Upgrade blurb.

Today, a PSI scan has alerted me that Flash is at risk and needs to be updated. But the Adobe site says there's no need - MS has fully integrated Flash Player into IE - but they told no-one. I imagine that I can now uninstall my standalone Flash - any thoughts?

And does anyone know whether this new 'integrated Flash Player' is safe? Here's what Krebs said about the standalone Flash:

http://krebsonsecurity.com/2015/09/adobe-flash-pat...


--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7

Anthony Wells RE: Flash & upgrade to Win10
Expert Contributor 29th Dec, 2015 15:02
Score: 2542
Posts: 3,402
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi taffy ,

M$/Windows have not yet updated the Flash ActiveX in either IE 11 or Edge . Flash is Flash is Flash .

If you wish can disable Flash in "Settings" without uninstalling it . How much this affects you is variable and depends on whether the websites you use work on HTML5 . Same applies to Firefox and Chrome . I think you have heard all this before .

I have just manually updated the Firefox NPAPI plug-in and also AIR . I am still waiting for Chrome to install it's PPAPI Flash update .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 30th Dec, 2015 09:28
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK
Hi Anthony. Someone has created a similar thread here

https://secunia.com/community/forum/thread/show/15...

I've asked Maurice if he can merge the two threads as that seems to me to be sensible. Regards

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 1st Jan, 2016 09:10
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK
Last edited on 1st Jan, 2016 09:12
So that this thread has details of what happened on the other thread mentioned above, here are the posts:

***https://secunia.com/community/forum/thread/show/15...
30th Dec 2015 09:21 Hi both.

Maurice can this*** be merged with https://secunia.com/community/forum/thread/show/15... Both refer to the same problem.

What bothers me is that on my Win 7 laptop I finally took the advice of experts who'd said to uninstall Flash because of Adobe's long history of failing to keep Flash secure. As I need Flash for my gas & electricity supplier, I created a new profile "Me (with Flash)" and uninstalled Flash from the other profiles, in line with the advice.

PSI has picked up that My Flash is vulnerable. Microsoft have confirmed that the Flash that they have integrated with Internet Explorer in Win 10 is the same as the stand-alone program, or perhaps I should 'get with it' and call it an App.

So, next Actions required perhaps are these:
(1) Which Flash has PSI spotted, where is it and which version is it?
(2) What made PSI say it was vulnerable?
(3) Anthony, in the other thread, says he hasn't had an update alert. I'll check which version he said he has - is it different to mine?
(4) I'll ask the Secunia team whether PSI is able to check the integrated IE/Flash program in Win10. I imagine that it can - after all, Win 10 has been out quite a long time now.

JonIrenicus3 - this is your thread, not mine. Do you agree the two threads should be merged?
(He agreed soon afterwards.)

My next post: "30th December 2015 09:43 Here's the Flash that PSI found:

C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx, version 20.0.0.228 (IE)

Latest Version - patching one or more vulnerabilities: 20.0.0.267 (IE)

My IE programs are C:\Program Files(x86)\Internet Explorer\iexplore.exe, version 11.0.10586.20 and the 64-bit is C:\Program Files\Internet Explorer\iexplore.exe, version 11.0.10586.20

I haven't found a "new, integrated IE& Flash program for Win10 so how can I/you check that the Flash component is the latest, safe version?

I presume that this is why PSI rated it as Vulnerable: https://secunia.com/advisories/63454/ but I'm now way over my knowledge limit.


REPLY FROM MAURICE JOYCE 30th December 2015 12:13
A merge feature is not available between threads. All I can do is cut & paste from one to the other.

That will take a fair amount of my time and no one has convinced me that the two threads are remotely connected until such time as the originator responds with more information.

If you use Windows 10 or a variant of Windows 8 then Microsoft are responsible for updating the embedded Flash Active X component in IE and Edge (Windows 10 only)via Windows Update.

In the UK Microsoft issued the latest patch to Windows Update at 1800 hours GMT yesterday ready for updating automatically or manually as desired by the user. No reboot is/was necessary for Windows to be updated.

Checking Windows Update log will verify if it is installed or use the readily available tool from Adobe.

If you want PSI to show the correct status of Flash then you must reboot and run a full PSI scan.

JonIrenicus3

Are you now fixed up with Flash showing as Up to Date?

If not confirm which OS are you using?

If a Windows 8 variant or Windows 10 has Windows Update offered the patch to you? Is it installed or waiting execution?

If installed have you rebooted and run a full PSI scan?

If PSI continues to state your PC is vulnerable what path does it give you to the problem?

If using Windows 8 or 10 and you have incorrectly tried to update Flash using a third party like Flexera Secunia please publish the hyperlink to the installer used.






--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 1st Jan, 2016 09:44
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK
Last edited on 1st Jan, 2016 09:53


--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 1st Jan, 2016 09:54
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK


--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 1st Jan, 2016 10:11
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK
Last edited on 1st Jan, 2016 13:28


--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 4th Jan, 2016 14:20
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK


--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: Flash & upgrade to Win10
Contributor 7th Jan, 2016 06:42
Score: 408
Posts: 1,469
User Since: 26th Feb 2009
System Score: N/A
Location: UK
My Flash was eventually updated, both the stand-alone program (which I'll now uninstall) and the new integrated IE/Flash.

Maurice kindly advised me that Flash in both the integrated IE/Flash and also Edge can be disabled which I've now done. I can now dispense with the separate Flash User Profile and enable Flash when my utility provider requires it.

If you wish to disable your Flash, go here:

http://answers.microsoft.com/en-us/windows/forum/a...

PS Fingers crossed that this will arrive safely.

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0

This thread has been marked as locked.