The holes in Adobe Flash never seem to get shored up. Once again, Adobe released a statement yesterday about 19 new exploits in Adobe Flash, and today Microsoft rolled out a patch KB3132372 to plug it up.
Microsoft Update Adobe Flash Player Fix (KB3132372)
According to Microsoft, this update fixes vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge for Windows 10 Version 1151 (November Update).
The affected software includes Flash Player in IE 10 and IE 11 in Windows 8, 8.1, RT, Server 2012, and Windows 10 as well as Microsoft Edge in Windows 10.
Here’s the Microsoft support page summary:
Microsoft has released a security advisory for IT professionals about vulnerabilities in Adobe Flash Player in the following web browsers:
- Internet Explorer in Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 10 version 1511
- Microsoft Edge in Windows 10 and Windows 10 version 1511
To learn more about the vulnerability, see Microsoft security advisory 2755801.
All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
As always you’ll get this latest update automatically, but if you don’t want to wait, you can grab it manually by going to Settings > Update & Security > Windows Update.
Of course, you also will need to reboot your PC to complete the update process. But you can always schedule the restart for a time that works best for you. For more on that, read our guide on how to schedule Windows 10 Update restarts.
This Adobe Flash Player flaw affects more than just Windows (of course), and the company has released a security update for it. Adobe says:
Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
You can find out more about everything that on the Adobe Security Bulletin page.
Flash Needs to Die
All security experts will tell you that Flash needs to die because of the ridiculous amount of security holes that keep popping up. As we’ve written in the past, tech companies are taking steps to eliminate Flash and move to the more secure HTML5, but the process is slow going. I’m surprised at the amount of sites that still use it.
Google has officially killed off Flash ads in Chrome. Google AdWords makes it possible to automatically convert ads created with Flash to HTML5, the safe and reliable format that is replacing Flash.
Amazon has banned Flash ads, and it is blocked on most modern mobile device platforms. In fact, on mobile, you need to go through a lot of hoops just to view Flash content.
There is even an Occupy Flash movement with the goal to end the world of the Flash Player plugin.
If you’re in a situation where uninstalling Flash Player completely isn’t an option, I recommend enabling the Click to Play feature in your browsers. That will allow you to decide if or when Flash will work in your browser.
For more information, read our guide: Protect Your Computer from Adobe Flash Exploits in Your Web Browser.