Forum Thread: Incorrect ActiveX info

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
MikePerry Incorrect ActiveX info
Member 18th Feb, 2017 17:19
Ranking: -3
Posts: 21
User Since: 24th Feb, 2011
System Score: N/A
Location: UK
It is now well known that Microsoft have withdrawn their February updates rollup due to a fault with the process. That leaves everyone using Windows, not just those with W10 but everyone using Windows, with an insecure system. They have not seen fit to release any of the security fixes, not even the critical ones!

For PSI users, that lack of the Adobe Flash Player ActiveX fix is a problem. Especially as Secunia has still got it listed as a required install! We can't resolve that as you direct us to Microsoft Updates!

Please Secunia don't make everyone have misleading tray icon for the next month, remove the requirement from your systems until such time as Microsoft get themselves sorted out and release the updates we all need.

rd52 RE: Incorrect ActiveX info
Member 18th Feb, 2017 17:40
Score: 21
Posts: 78
User Since: 4th Dec 2008
System Score: N/A
Location: US
I noticed it too. I found that MS won't update this till the next time it does updates, probably patch Tuesday (saw this on the Windows Ten Forums). I appreciate seeing Secunia's warning. My main browser that I use is Chrome, two versions Canary and Beta 64. In both of them I have flash disabled and I have to manually allow it to run on any site that wants to run Flash.

When I saw the Secunia warning, and saw in the W 10 Forums that it wasn't going to be updated til March, I just disabled it completely in both IE and Edge. If I need to use Flash, I'll use Chrome and allow Flash to run. It is probably safer to use either Chrome or Firefox with Flash disabled and only being able to run if the user manually allows it at the site.
Was this reply relevant?
+0
-0
MikePerry RE: Incorrect ActiveX info
Member 18th Feb, 2017 17:53
Score: -3
Posts: 21
User Since: 24th Feb 2011
System Score: N/A
Location: UK
The problem is that for those who do not want to disable Flash in IE, they will still have a misleading icon that masks any other instance of software being out of date and in need of updating! That is why I want Secunia to remove the Active X reference from their systems, especially for those who use OE with Flash, so that the icon returns to normal behaviour.

I use Firefox and Opera, or sometimes Chrome, in a modified W8.1 so they were updated appropriately. My wife used W7 and prefers IE11 - so she has the unwanted colour of icon that is misleading.
Was this reply relevant?
+0
-0
rd52 RE: Incorrect ActiveX info
Member 18th Feb, 2017 18:17
Score: 21
Posts: 78
User Since: 4th Dec 2008
System Score: N/A
Location: US
If you do not want to see the warning on your computer, the red Secunia box, just click show programs, right click Adobe Flash Player and select the ignore updates to this program. Your Secunia icon will be green. This is how it work in Secunia 3, don't remember exactly how to do it in Secunia 2, but I remember the option was there. I've done this for years as my version of Photoshop CS2, which Adobe no longer supports, and Secunia pegs as "end of life"

When MS finally gets around to the update you can re-enable the monitoring by Secunia by right clicking it and selection, "Don't ignore updates to this program"
Was this reply relevant?
+1
-1
jckinnick RE: Incorrect ActiveX info
Member 19th Feb, 2017 02:16
Score: 6
Posts: 191
User Since: 21st May 2010
System Score: 100%
Location: US
I hit ignore, hope I can remember to turn it back on though.
Was this reply relevant?
+1
-1
MikePerry RE: Incorrect ActiveX info
Member 19th Feb, 2017 11:19
Score: -3
Posts: 21
User Since: 24th Feb 2011
System Score: N/A
Location: UK
I consider that an unacceptable 'work around'. It means you have to monitor it all the time and that ruins the ease of use we normally have.

More importantly, Secunia should not be offering something that is not available at present. When Microsoft sort out their issues and make the update available, we hope, then and only then should Secunia offer the update. Not doing that does not help the reputation of Secunia.

I trust someone at Secunia is watching this thread and has the authority to act.
Was this reply relevant?
+0
-1
MikePerry RE: Incorrect ActiveX info
Member 19th Feb, 2017 11:22
Score: -3
Posts: 21
User Since: 24th Feb 2011
System Score: N/A
Location: UK
jckinnick

That is the point I am making in my response. You should not have to try to remember to turn it back on again, it should behave correctly without your needing to get involved until there is a real issue needing an update.
Was this reply relevant?
+0
-1
rd52 RE: Incorrect ActiveX info
Member 19th Feb, 2017 20:19
Score: 21
Posts: 78
User Since: 4th Dec 2008
System Score: N/A
Location: US
on 19th Feb, 2017 11:22, MikePerry wrote:
jckinnick

That is the point I am making in my response. You should not have to try to remember to turn it back on again, it should behave correctly without your needing to get involved until there is a real issue needing an update.


It is a real issue, just because MS is slow in releasing its update does not mean that the version of Flash that Edge and IE use is secure. The Flash update that is available in Chrome and Firefox is more secure. The problem is MS, not Secunia for pointing out the Flash used by IE and Edge has been found to have security holes. It is MS's fault for not issuing a prompt update, have you contacted MS? . This is what the Secunia program does, pinpoint programs that are either end of life or that are no longer secure. Just because MS is tardy in issuing an update does not make the flash used in their programs secure. I appreciate the warning, as I said in one of my previous posts, Secunia warned me, I took action, I disabled Flash in IE and Edge.

Flash is one of the most insecure parts of a browser, and MS's refusal to update it, even though Adobe has issued an update is a bad reflection on them.
Was this reply relevant?
+0
-0
rd52 RE: Incorrect ActiveX info
Member 19th Feb, 2017 20:19
Score: 21
Posts: 78
User Since: 4th Dec 2008
System Score: N/A
Location: US
on 19th Feb, 2017 11:22, MikePerry wrote:
jckinnick

That is the point I am making in my response. You should not have to try to remember to turn it back on again, it should behave correctly without your needing to get involved until there is a real issue needing an update.


It is a real issue, just because MS is slow in releasing its update does not mean that the version of Flash that Edge and IE use is secure. The Flash update that is available in Chrome and Firefox is more secure. The problem is MS, not Secunia for pointing out the Flash used by IE and Edge has been found to have security holes. It is MS's fault for not issuing a prompt update, have you contacted MS? . This is what the Secunia program does, pinpoint programs that are either end of life or that are no longer secure. Just because MS is tardy in issuing an update does not make the flash used in their programs secure. I appreciate the warning, as I said in one of my previous posts, Secunia warned me, I took action, I disabled Flash in IE and Edge.

Flash is one of the most insecure parts of a browser, and MS's refusal to update it, even though Adobe has issued an update is a bad reflection on them.
Was this reply relevant?
+0
-0
Anthony Wells RE: Incorrect ActiveX info
Expert Contributor 19th Feb, 2017 23:51
Score: 2539
Posts: 3,401
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Hello ,

This "problem" was widely discussed some years ago concerning embedded software which is "insecure" but which you yourself cannot update .
A lot of time and energy was being spent here on the Forum dealing with and explaining such problem situations with varied degrees of success :))

So ,at that time , Secunia support set the rule that such software would no longer be displayed by the PSI . So technically speaking , according to their rules , as there is currently no patch available from M$ for the "insecure" Adobe FP ActiveX in IE and Edge , then the PSI should not show it a "insecure" even if it is . You can see why there was a lot of debate at the time . Very much "to be or not to be , that is the question" .

Supoort do not work weekends nor do they follow the Forum apart from the pleasant posts from Waqar these last few days .

If you feel strongly try emailing him at support@secunia.com on Monday (CET) and mention "the rules" .

Hope that is clear e'nuff .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
lostcowboy RE: Incorrect ActiveX info
Member 22nd Feb, 2017 06:59
Score: 0
Posts: 1
User Since: 22nd Feb 2017
System Score: N/A
Location: US
Last edited on 22nd Feb, 2017 07:03
Well I thought I would add to the mystery. As most of you know Adobe flash player 24.x (Activex) is showing as out of date. Secunia system psi shows me as having 24.0.0.194 (IE), and shows the secure version as 24.0.0.221(IE). As most of you did I went to Adobe to get a update and was told I had to wait on windows update. Now when you right click on the error, and left click on show detail it gives you the path to the out of date file. If you open up windows explorer and go to the file and right click on it and select properties/ details I found the file was not 24.0.0.194 , but was in fact 24.0.0.221.

So it looks like the file is correct, but what ever Secunia system psi is checking did not get updated, as it is still showing as out of date.

PS: the file also showed that it was created about seven hours ago. so maybe I got a update.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Incorrect ActiveX info
Handling Contributor 22nd Feb, 2017 08:58
Score: 12287
Posts: 9,543
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 22nd Feb, 2017 09:05
Microsoft have issued the update for Flash yesterday via Windows Update. Complete a full PSI scan and it should show correctly.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1709 (Creators Update) Build 16299.19
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
MikePerry RE: Incorrect ActiveX info
Member 22nd Feb, 2017 10:11
Score: -3
Posts: 21
User Since: 24th Feb 2011
System Score: N/A
Location: UK
As I started this thread I can confirm that Microsoft have, at long last, released the update of the Active X component for Adobe Flash for IE.

Those who have their computer set to automatically receive updates will have had it installed already.

Those who use a different setting for updates, like me, need to check for the update and install it. There is currently only one update made available by Microsoft so all the critical security updates are still awaited!

Was this reply relevant?
+0
-0
rd52 RE: Incorrect ActiveX info
Member 22nd Feb, 2017 15:22
Score: 21
Posts: 78
User Since: 4th Dec 2008
System Score: N/A
Location: US
After reading that the Flash update was finally available from M$ I downloaded it and installed it. Ran a Secunia scan and it still listed the insecure flash. I then did a restart, even though the update didn't say to do it, and Secunia then reported no more insecure flash. Took a re-start to fully implement the update.

My computer is running: Windows 10/64/pro/Anniversary Edition
Was this reply relevant?
+0
-0

This thread has been marked as locked.