Update: 28th February 2017
Apologies for not updating this post sooner.
On the 21st of February Microsoft made available their re-packaged update of Adobe Flash Player kb4010250 for Windows 8.1 and Windows 10 systems.
The Adobe Flash Player within Google Chrome should have automatically updated earlier this month. If this link shows the version installed older than v22.214.171.124, you can use the steps within this article to quickly update Google Chrome Flash Player using it’s component updater to the latest version.
An alternative which I have not tried is to use this download from Softpedia to take the place of the Microsoft update (mentioned above) but this shouldn’t be necessary since month long postponements of security updates should be extremely rare.
It’s very likely next month’s Update Tuesday will be busy. There were very few updates in January and no Microsoft updates in February. On the 23rd of February Google’s Project Zero team publically disclosed a second unpatched security vulnerability in Microsoft Internet Explorer and Edge. They also recently disclosed a vulnerability in Windows GDI. Combine this with an existing zero day (defined) Windows Server Message Block (SMB) vulnerability, a Firefox update expected on the 6th of March and Pwn2Own on the 15th to 17th of March; this will be a busy month!
As always, I will be here to guide you through it. Thank you.
As I am sure you are aware the release of Microsoft’s security updates were delayed as per their blog post. I will detail Adobe’s scheduled updates below and update this post when they are available.
Adobe made 3 security bulletins available for Adobe Flash , Adobe Digital Editions and Adobe Campaign. The Flash Player bulletin resolves 12x priority 1 vulnerabilities. The Digital Editions and Campaign updates addressing 9 and 2 vulnerabilities respectively (both sets are priority 3). Adobe’s priority rating are explained in this link.
Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin (link to be added when available) as appropriate and apply the recommended updates. Google Chrome users will have the updated installed automatically alongside the updated version of Google Chrome which will most likely be made available by Google either later today or in the next 1 to 2 days.
If you use any of the above Adobe products, please review the security bulletins linked to above and apply the necessary updates. The Flash update should be installed as soon as possible since exploit kits (defined) tend to take advantage of newly disclosed vulnerabilities very quickly.
You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.
While there may only be 3 Microsoft bulletins this month, I will prioritise the order of updates for you below:
Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.51) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.
Please note that Microsoft EMET is in the process of being retired with the end of support scheduled for the 31st of July 2018.
As always, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.