Microsoft publishes long-awaited February 2017 Flash update KB4010250
Microsoft announced last week that it would not release security patches on February's Patch Day. In fact, the February Patch Day was canceled completely by the company; a first in the Patch Day's history.
Microsoft revealed that it would delay the February Patch Day to the March Patch Day. This means that the February 2017 security patches will be released alongside the March 2017 patches by the company.
This would not be a problem where it not for known unpatched security issues. A SMB security issue was revealed on February 3rd, 2017 that affects Windows 8, Windows 10 and Windows Server.
Google published a security vulnerability two weeks later that is affecting Windows as well. Google notified Microsoft about the vulnerability 90 days earlier, and published it publicly after Microsoft failed to produce a patch for the issue in the 90 days.
Two unpatched issues that attackers may exploit is serious already; but there is also Flash Player. Adobe published Flash Player version 24.0.0.221 on the February Patch Day. Google did update the integrated Flash Player in Chrome, and downloads were provided for other browsers to install the Flash Player update.
Only, Microsoft Edge did not get that update up until today because of the postponed February Patch Day.
This means that the version of Flash in Edge is vulnerable currently to attacks that target vulnerabilities that Adobe patched in the latest version.
The big issue is that users and admins cannot upgrade Adobe Flash Player on their own. If Microsoft does not release a patch for Flash, Flash cannot be upgraded to the latest version.
We recommended back then to disable Flash in Edge until Microsoft fixes the issue.
Today is Flash Patch Day
It appears though that Microsoft plans to release the Flash Player update today to all systems with integrated Flash Players.
The company sent an email yesterday to high profile partners announcing today's release of the Flash Player update for Edge and Internet Explorer on all supported operating systems. (via Woody @ InfoWorld)
Microsoft is planning to release security updates for Adobe Flash Player. These updates will be offered to the following operating systems: Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016...
No other security updates are scheduled for release until the next scheduled monthly update release on March 14, 2017.
Microsoft released the security bulletin MS17-005 just a moment ago.
MS17-005: Security update for Adobe Flash Player: February 21, 2017 -- This security update resolves vulnerabilities in Adobe Flash Player if Flash Player is installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1.
The update KB4010250 is available through Windows Update and the Microsoft Update Catalog.
