Hi,
I am seeing a lot of CVE vulnerabilities on computers like the following:
"Adobe Flash Player 14.x through 16.0.0.257 and 13.x through 13.0.0.260 could be used to circumvent memory randomization mitigations on the Windows platform"
However, the current Flash Player version is 28.0.0.161. How do I resolve this vulnerability using BigFix if the Flash is already upgraded and the advice just says to upgrade it to resolve?
Any advice on how to mitigate the Adobe Flash vulnerabilities for Windows would be helpful.
Also, I am having trouble getting Windows 10 (embedded Flash) to be relevant on any fixlets to upgrade to version 28. What is the best way to upgrade Win 10 boxes to the latest version of Adobe Flash?
Thanks in advance.
The embedded flash won’t become relevant for the Flash upgrade fixlets in the “Updates for Windows Applications” site, but should get patched via the MS-xx security update fixlets in the “Patches for Windows” site.
Thanks, Jason. How do you use BigFix to get it from 18 (for example) to the latest version then?
Use whichever of these fixlets from the “Patches for Windows” site are relevant:
|407459529|MS18-FEB: Security update for Adobe Flash Player - Windows 8.1 - Adobe Flash Player - KB4074595|Critical|Patches for Windows|
|407459527|MS18-FEB: Security update for Adobe Flash Player - Windows 8.1 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459523|MS18-FEB: Security update for Adobe Flash Player - Windows Server 2012 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459525|MS18-FEB: Security update for Adobe Flash Player - Windows Server 2012 R2 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459531|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1507 - Windows 10 Version 1507 LTSB - Adobe Flash Player - KB4074595|Critical|Patches for Windows|
|407459501|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1507 - Windows 10 Version 1507 LTSB - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459513|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1511 - Windows 10 Version 1511 - Adobe Flash Player - KB4074595|Critical|Patches for Windows|
|407459503|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1511 - Windows 10 Version 1511 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459521|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1607 - Windows 10 Version 1607 - Adobe Flash Player - KB4074595|Critical|Patches for Windows|
|407459509|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1607 - Windows 10 Version 1607 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459517|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1703 - Windows 10 Version 1703 - Adobe Flash Player - KB4074595|Critical|Patches for Windows|
|407459511|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1703 - Windows 10 Version 1703 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459519|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1709 - Windows 10 Version 1709 - Adobe Flash Player - KB4074595|Critical|Patches for Windows|
|407459507|MS18-FEB: Security Update for Adobe Flash Player for Windows 10 Version 1709 - Windows 10 Version 1709 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
|407459515|MS18-FEB: Security Update for Adobe Flash Player for Windows Server 2016 - Windows Server 2016 - Adobe Flash Player - KB4074595 (x64)|Critical|Patches for Windows|
Note these patch only the version of Flash that Microsoft is distributing, embedded in the OS. If you’ve additionally installed Adobe Flash plugins for Firefox or Chrome, you’d also need to patch those plugins (in which case you should be able to use the “Flash Player XXXX - Internet Explorer / Plugin-based / PPAPI” fixlets from the “Updates for Windows Applications” sites.