Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Is it Time to Uninstall Flash? (If you haven't already) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Is it Time to Uninstall Flash? (If you haven't already)

If you haven't uninstalled Flash yet, maybe today should be that day.  The update posted yesterday has a remote code exec proof-of-concept already here:
https://github.com/smgorelik/Windows-RCE-exploits/blob/master/Documents/Office%2BFlash/CVE-2018-15982_%23PoC%23.zip

And Gigamon has posted that it's being seen in the wild already:
https://atr-blog.gigamon.com/2018/12/05/adobe-flash-zero-day-exploited-in-the-wild/

 

===============
Rob VandenBrink
Compugen

Rob VandenBrink

485 Posts
ISC Handler
Are there Registry Hacks to kill off Flash in Windows 10?
PaulOutBox

7 Posts
Yes, Flash doesn't show up correctly in the "wmic product" list, so the standard powershell uninstall methods can be a problem.
Most application managers do handle Flash correctly, but if you don't have a software inventory / mgt app, Adobe has a "this uninstalls all versions" executable here:
download.macromedia.com/get/flashplayer/current/support/…
Once it's downloaded, run (with admin rights) "uninstall_flash_player -uninstall" (this bypasses the "OK" user prompt)
It's not 100%, but I've had good luck with it so far (including on Windows 10).
Rob VandenBrink

485 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!