New Windows Update Removes Adobe Flash & Google Discloses Windows Exploit
Optrics Insider Shaun Sturby & Scott Young
New Windows Update Removes Adobe Flash & Google Discloses Windows Exploit
Scott: Well, good afternoon. My name is Scott Young with Optrics Engineering, and with me IÂ Â have Shaun Sturby, our Technical Services Manager. This is another edition of the Optrics Insider. Today we have two updates we'd like to discuss with you. The rst one is that the new Windows update removes Adobe Flash, which is coming up, to be removed anyway. Plus Google discloses a Windows zero-day exploit. So Shaun, let's talk about this new windows update that removes a Adobe Flash from your computer.
Shaun: Sure. So it's, Microsoft has published knowledge base article 4577586.
www.OptricsInsider.com
New Windows Update Removes Adobe Flash & Google Discloses Windows Exploit
They're actually pre-releasing it because Flash is still actually supported until the end of the year. So what they've done is they've made it so this is the pack that's going to be deployed in the new year, that will permanently remove Adobe Flash and you won't be able to re-install it. After that they're making this patch available early so that people like myself that are in I.T. can try it out in their test environment or their lab environment. So, it will be available and pushed out to corporate environments and to end-users running Windows 10 Home in early 2021. So this is, let's disable it. Let's see what gets broken and nd xes for it or updates because it's such an insecure technology. Microsoft does not want to support it any further.
Scott: One of the services I use to do graphics is called Youzign and, they use Adobe Flash to run. So I would imagine that because Adobe Flashes is going end-of-life and proactively being removed from Windows, they'll have to gure a way to continue to offer the service, but just be aware of that (using HTML5). Just be aware that some of the tools that you might use, especially online tools still might use Adobe Flash. So in the coming few months, you might see some things change.
www.OptricsInsider.com
New Windows Update Removes Adobe Flash & Google Discloses Windows Exploit
Shaun: So if you still need to use Flash, the recommendation is to use some sort of a tool like a ManageEngine's Desktop Central, that you can approve or disapprove particular patches and not approve the one that includes Flash that's the number given earlier. Microsoft has two recommendations for how to continue to use Flash after the update is installed, neither of them are really great. if you have the ability and if things are properly set up that you can do this, you can roll back to a previous restore point before the patch was applied. If you don't have that set up, then the other option is to completely wipe your computer and re-install Windows, and then don't apply that patch,
Scott: But even better would be to nd a way not to use Adobe Flash on of computer. Our second and nal topic that we wanted to do today was that Google discloses a Windows zero-day exploit.
Shaun: Google has Project Zero, which is looking for exploits in the wild, and they use their vast infrastructure to nd things that the hackers are doing. What they've done is because hackers are actively exploiting this particular zero day, they've only given Microsoft seven days to x it or come up with a patch before they publicly disclosed it. Typically, they would give 90 days. In this case, they've only given them the seven days and we should look forward to a patch here probably, either within patch Tuesday, which is the second Tuesday of the month or shortly thereafter as an out of band.
www.OptricsInsider.com
New Windows Update Removes Adobe Flash & Google Discloses Windows Exploit
Scott: So, sorry. You were saying that Google gives Microsoft 90 days to patch it before they announced it, or are you saying the hackers do?
Shaun: Google's Project Zero.
Scott: I was going to say, I wouldn't think that hackers would say, "I'm going to give you 90 days to patch this before we use it against you."
Shaun: I forget what it's called, but it's the, the industry has come up with, you know, let's give each other 90 days to solve problems before we go public with them publicly shaming. I guess now in this particular case, while it is being actively exploited, the one write-up I saw said that it's not one that you have to worry about extensively because it's still going to come in via phishing email, or it's going to come in via some other way. While it does go all the way back to Windows 7, it actually requires a couple of different aws to be exploited in a chain before this one gets exploited. The ones that the hackers have been using previously have already been xed. So as long as you're fairly up to date, and you've got a good antivirus solution in place, you shouldn't be vulnerable to this.
www.OptricsInsider.com
New Windows Update Removes Adobe Flash & Google Discloses Windows Exploit
Scott: Now this might be a silly question, Shaun, but I'm going to ask it anyways. Do you think there will ever be a day where there won't be the, the amount of, vulnerabilities, will be reduced drastically? I totally get that all these patches try to solve one problem but then they create another one that's unintended. Where is this headed Is there any hope that that, lots of doors will be shut or is that just the nature of software ?
Shaun: Until the industry comes together and says, we are going to program for security rst and functionality second, instead of here's the latest whizzbang blinking lights feature and that, Oh, we should put security on just to make sure that things don't go out the back door, it's going to continue to be the same way.
Scott: Well maybe at some point we'll get to that, but don't hold your breath from the sounds of it.
www.OptricsInsider.com
Optrics Engineering Optrics Engineering is a licensed engineering rm specializing in network hardware, software consulting and training solutions coupled with a successful Internet-based technology-marketing company. Vendors we represent include: A10, Extreme Networks / Aerohive, Castle Rock Computing, Cisco, Dell, Ekahau Wi-Fi Design, HP, KnowBe4, HelpSystems, Kemp Technologies, Loadbalancer.org, MailStore, ManageEngine, Microsoft, Quest, Ruckus, Sophos, Trend Micro, Ubiquiti, Unitrends & WatchGuard For a full listing of our partners go to: Optrics.com/partners To watch full episodes of the Optrics Insider go to:Â OptricsInsider.com/category/videos Learn more about Optrics and how we can help solve your IT problems by going to: www.Optrics.com or call us at 1-877-386-3763. We can also be found on: - Facebook - Twitter - Youtube