Microsoft releases KB 3163207, retires KB 3157993, reissues Flash patch MS16-064

Adobe just released the latest zero-day Flash patch APSB16-15, and Microsoft followed suit

Microsoft releases KB 3163207, retires KB 3157993, reissues Flash patch MS16-064
Credit: Yaffa Phillips (modified)

We knew an Adobe Flash zero-day hole was about to be plugged, and sure enough, we got the corresponding Windows update.

The patch is unusual in that it involves a change in KB number -- Microsoft's old MS16-064 patch (which didn't cover this Flash hole) was KB 3157993. This new patch, which covers the latest ASPB16-15 megapatch from Adobe, is known as KB 3163207.

If you installed the old patch, you still need to install the new patch. If you didn't install the old patch, this new one touches all the bases.

ASPB16-15 covers 25 separately identified security holes (gotta love Flash), but one in particular has folks worried. It's identified as CVE-2016-4117, and it's out in the wild. Adobe Security Advisory 16-02, released three days ago, dishes the dirt:

A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.

I've been pushing to get rid of Flash for five years now. It's time, folks. If you visit a site that demands Flash, find a way around it, then write a flaming missive to the folks who insist on sullying their site with such crapware.

Chris Hoffman at How to Geek has a full rundown on how to exorcise Flash from your Windows system.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon