Adobe Flash Player updated to fix 0 day exploit
February 20, 2014
Today, Adobe released an unscheduled updated version of its Flash Player; the one that nearly every computer and hand held device except Apple iPhones and iPads use to view videos and animations online. The new releases are version 12,0,0,70 for all Windows and Mac OS X operating systems, version 11.2.202.341 for Linux, and 11.2.202.223 for Solaris.
Adobe strongly recommends that users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70 and folks using 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341.
You can find out what, if any, version of Flash your various browsers are running on the Adobe About Flash page. It contains a link to download the newest version of Flash for you browser and any others you may have installed. Firefox, Internet Explorer and Google Chrome all use different builds of Flash. You update Flash plug-in for Firefox, an ActiveX version for Internet Explorer and Google Chrome itself is updated to include new builds of Flash.
Adobe normally releases updated versions of Flash on a monthly cycle, on the second Tuesday of every month, soon after Microsoft pushes out its Patch Tuesday Windows Updates. However, as fate would have it, the Flash exploit patched today is directly linked to Microsoft's Internet Explorer browsers, but currently, only IE 9 and 10 and only on particular versions of Windows, from Vista up.
So, Microsoft joined with Adobe to plug their interconnected "zero day" vulnerability being exploited in online attacks against specifically targeted entities. While Microsoft hasn't pushed out an out-of-cycle patch yet, they have published a "Microsoft Fix it 51007 as a so-called "MSHTML Shim Workaround." Security Advisory 2934088 lists all of the impacted operating systems and IE browsers.
There is a negative impact after installing the Fix it solution above. According to the Microsoft Security Advisory 2934088, "after you install this Fix it solution, you may experience increased memory usage when you use Internet Explorer to browse the web. This behavior occurs until you restart Internet Explorer."
In the event that the affect of the Fix it tool is worse than your perceived risk, you can run Microsoft Fix it 51008 to undo the changes. They really should call these secondary tools "Undo" tools.
Rest assured that Microsoft is working up an official patch that will probably be ready come the next Patch Tuesday, in March, 2014.
N.B.: As I have mentioned before in many of my articles, running your computer as a less privileged user, rather than an administrator, greatly reduces the likelihood or at least the severity of infection from a "drive-by" exploit attack. This is in line with Microsoft's own advice, as found on the security advisory page:
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.