Jump to content
exile360

Patch Tuesday? Don't forget your Flash

Recommended Posts

Every second Tuesday of each month Microsoft rolls out a new series of updates and patches for Windows and their various products and technologies, and to coincide with this, Adobe, the makers of Adobe Flash Player also publish updates for the popular Flash Player plugin for web browsers on the same day.  It's important to remember to update your Flash Player along with your normal Windows Updates/Microsoft Updates because the bad guys love to exploit vulnerabilities in Flash Player and other browser plugins, especially since such vulnerabilities are typically operating system and sometimes even browser agnostic, meaning you're vulnerable to it no matter what version of Windows you may be using and regardless of which web browser you might use to access the internet.

While there are scheduled update checks for Flash by default upon installation and while the version integrated into Edge gets updated through Windows Update/Microsoft Update, it's important to remember to update the plugin yourself if you use any other browsers and to check to see if your Flash might be out of date regularly, at least once a month on Patch Tuesday when dealing with the monthly Windows Updates.

To that end, the following links may prove useful, especially if you're like me and you handle the updating yourself and disable the scheduled update checks for Flash Player.  I keep them in my Favorites/Bookmarks to make checking and updating Flash easy.

First, you can check to see if the version of Flash you have installed is the latest or not by visiting the following page with your browser:

Check Flash Player Version

http://get.adobe.com/flashplayer/about/

Next, assuming you're like me and prefer to perform a clean uninstall of any old Flash Player versions prior to upgrading to the latest, you'll want to run this tool from Adobe designed for that purpose (it will uninstall all downloadable versions of Flash for all browsers so you only need to run it once even if, like me, you have Flash installed for Chrome, Firefox and Internet Explorer):

Flash Player Uninstaller

http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Note: I've also attached a tool of my own that I always use when upgrading Flash.  If you decide to use it yourself, be sure to follow the included instructions in the text file in the attached archive and that you only run it after you have already either run the above Flash uninstall tool linked above, or after having already removed all versions of Flash Player via Programs and Features/Add/Remove Programs; I will NOT be held responsible if you accidentally break your Flash plugin by using the attached tool incorrectly (though if you do, all you should need to do is reinstall the version of Flash appropriate to your browser to fix it so it isn't the end of the world).

Flash Post-Uninstall Clean Tool.zip

Now for the installers.  Currently there are 3 separate Flash Player downloads for Windows depending on which browser you use.  Also note that some of these apply to more than one browser.  For example, all Chromium based browsers such as Google Chrome and SRWare Iron use the PPAPI version of Flash Player, while Firefox and other browsers based on its open source code use the NPAPI plugin version and Internet Explorer uses the ActiveX version (Microsoft Edge, which ships with newer Windows versions has its own version of Flash integrated into it which gets patched through Windows Update/Microsoft Update).  These are the standalone installers which include no toolbars, browsers or any other bundled or add-on applications (the stuff offered by Adobe when you download Flash and their other free tools from their normal webpage):

Flash Player Chromium based browsers (PPAPI)

http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash Player Firefox (NPAPI)

http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe

Flash Player ActiveX for Internet Explorer

http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe

While the day is rapidly approaching that the web will no longer rely on such plugins (thankfully, since they have pretty much been a constant source of vulnerabilities for exploits), the fact remains that many sites still rely on Flash Player as it is one of the last lingering plugins which still has yet to be almost completely phased out of use (if you still have the Java browser plugin installed, PLEASE REMOVE IT NOW!) so if you need to have Flash, as I still do, then you need to be responsible and keep it patched for the security of your system as well as others' because malware spreads.

So remember to keep not only your operating system patched each month, but also your web facing plugins like Flash if you use them, especially if you don't have the Premium version of Malwarebytes (its anti-exploit technology tends to prevent the kinds of 0-day vulnerabilities that Flash and other browser plugins tend to contain) because you don't want to give the bad guys an easy target when you go out there surfing the web.

I hope you found this information useful.  Happy surfing and remember to stay safe out there :) !

Share this post


Link to post
Share on other sites

:lol: sure, patch Flash every Patch Tuesday, not just Windows, feel free to use the provided links for each version (installers free of any additional "gifts" from Adobe such as toolbars, browsers or other bundleware etc.), use the official Flash Uninstall tool from Adobe if you, like me, desire to do a clean uninstall prior to updating/upgrading your Flash, and also feel free to use my own custom batch tool (attached) to remove any potential Flash leftovers following uninstall to ensure the upgrade goes smoothly and that no pesky outdated Flash plugin files get left behind/fail to be replaced by their newer counterparts.

Oh yeah, and please UNINSTALL JAVA!

That's about it :) 

Share this post


Link to post
Share on other sites

I just removed JAVA. Thank you for the reminder. Also updated both my browser's flash with your links, thanks again. I don't think I need flash any more to be honest. The only reason I needed the Chrome version before was XSplit Broadcaster for audio. I use OBS now so it is not needed I think. 

Now that I think about it, I am going to use your link to remove Flash entirely and will post back here if I run into any issues. (for others to know about if it is required for normal things etc)

Thanks for posting the wall of text ( i read it all :lol:

:wub: 

 

EDIT: Chrome has it's own built in flash, which I disabled. 

Edited by Access Denied
fixed error I made

Share this post


Link to post
Share on other sites
Quote

Oh yeah, and please UNINSTALL JAVA!

So many companies still runs Java-based apps and programs, it makes me want to cry :( 

Share this post


Link to post
Share on other sites
25 minutes ago, Access Denied said:

I just removed JAVA. Thank you for the reminder. Also updated both my browser's flash with your links, thanks again. I don't think I need flash any more to be honest. The only reason I needed the Chrome version before was XSplit Broadcaster for audio. I use OBS now so it is not needed I think. 

Now that I think about it, I am going to use your link to remove Flash entirely and will post back here if I run into any issues. (for others to know about if it is required for normal things etc)

Thanks for posting the wall of text ( i read it all :lol:

:wub: 

 

EDIT: Chrome has it's own built in flash, which I disabled. 

You're welcome :)

Yeah, if you really don't need Flash there's no need to keep it.  One less thing to worry about.

Yep, Chrome comes with it built in and I believe when you patch Flash with the PPAPI version, it also updates the version that Chrome will use so that you're using the latest (at least that's how SRWare Iron seems to work, which is based on the same source code).

15 minutes ago, Aura said:

So many companies still runs Java-based apps and programs, it makes me want to cry :( 

Yep, it's unfortunate that so many organizations still depend on it.  It's not a problem if they're only using it for server-side stuff, but if they require the browser plugin to be active on their endpoints they're just asking for trouble.

Share this post


Link to post
Share on other sites

Thanks  ?

Share this post


Link to post
Share on other sites

Oracle Java and Adobe Air, Flash and Shockwave happily updated and running here.

 

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

A new version of Flash is available again (version 30.0.0.113) so don't forget to update if you use Flash in your browsers (run Windows Update/Microsoft Update if you use Microsoft Edge which has Flash integrated).  Refer to this post for detailed instructions on how to check your currently installed Flash Player version as well as how to perform a clean uninstall/update/upgrade of Flash for all of your web browsers, including my special post-uninstall cleanup tool for removing remnants/leftovers not removed by the normal uninstaller or Adobe's dedicated Flash uninstall tool (also linked on that post) as well as ensuring that no Flash plugin components from the old version are left behind to help make certain that when you do update/upgrade you're actually running all the latest, most secure Flash components/modules.

Edited by exile360

Share this post


Link to post
Share on other sites

Thanks David :)

I haven't used AIR in ages (used to use it for 1 web streaming service but they no longer require it as they've now switched over to Flash).

I tried to dig up a generic "latest" URL for downloading AIR but couldn't find one anywhere.  The best I could do was this, which you must know the version # for the latest release in order for it to work (in this case 30.0):

https://airdownload.adobe.com/air/win/download/30.0/AdobeAIRInstaller.exe

If you change the 30.0 in that URL to whatever the build is that you wish to download it should work to provide you with the standalone offline installer without having to go through all the offers from Adobe's advertisers/partners etc.

So to sum up, whenever a new version of Adobe AIR is released, use the following URL, modifying the ##.# section to match the version of the latest build that you're trying to download/install:

https://airdownload.adobe.com/air/win/download/##.#/AdobeAIRInstaller.exe

I don't know if they ever use the last number following the decimal (.) so I left it there just in case, should they ever publish point version updates (like minor patch releases etc., for example, version 30.1 etc.) but assuming they don't, then all you should need to do is modify the first 2 numbers to match the build then leave the third number (the one following the .) as 0.

I've also got the direct links for the various versions of Reader, however they use an FTP server for that and currently I believe the old free Reader has been discontinued/replaced by Adobe Reader DC, so you should be able to use the internal updater to patch it more easily (I just occasionally launch reader then click Help>Check for Updates... then allow it to download/install any updates if available, though there haven't been any for at least a few months now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.