|CERT-In Vulnerability Note
Microsoft Update for Multiple Vulnerabilities in Adobe Flash Player
Original Issue Date:March 15, 2017
Severity Rating: HIGH
- Windows 8.1 for 32-bit Systems
- Windows 8.1 for x64-based Systems
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT 8.1
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 Version 1511 for 32-bit Systems
- Windows 10 Version 1511 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows Server 2016 for 64-bit Systems
Multiple vulnerabilities have been reported in Adobe Flash Player when installed in windows operating system which could allow a remote attacker to disclose sensitive information or execute arbitrary code on the target system.
These vulnerabilities exists due to buffer overflow/underflow conditions, memory corruptions, random number generator flaws or use-after-free errors caused when specially crafted flash content is loaded by the targeted user and executed by Adobe Flash Player.
Successful exploitation of these vulnerabilities could allow a remote attacker to disclose sensitive information or execute arbitrary code on the targeted system with the context of the affected application.
- Prevent Adobe Flash Player from running.
- Prevent Adobe Flash Player from running in Internet Explorer through Group Policy.
- Prevent Adobe Flash Player from running in Office 2010 on affected systems.
- Prevent ActiveX controls from running in Office 2007 and Office 2010.
- Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
- Add sites that you trust to the Internet Explorer Trusted sites zone.
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003