Flash (KB923789) detection?
Posted 17 February 2009 - 09:33 AM
I see that KB923789 is for flash.ocx version 6 and less, yet autopatcher still insists on installing it???
after checking the macromed folder i saw i have flash.ocx (from an old install) that is inactive, and a flash10a.ocx that is active. Programs such as Print Shop and Britanica will silently place Flash 6 files although they won't register because there's a newer version installed.
if i try to run the update manually it says "This version of Flash you have installed dosen't match the updates you are trying to install".
What code would detect newer Flash*.ocx and skip the update?
dosen't help for future versions eg. flash10b.ocx
I have seen this problem at a few customers (probally all have decomissioned flash.ocx)
What are your opinions?
Posted 17 February 2009 - 10:25 AM
i had an discussion about it with other release maintainers some time ago. personally, i see this update also obsolete because it was replaced by adobe long ago. but also they have moved the flash player to other package and, if you remove this obsolete thing, you are missing an critical update that automatic updates will download as soon as your IC is online. basically, i don't have an extras package, making the removal of this one very easy. the only one thing that i had to do is set this one also critical, but mostly, they didn't greed with that.
> dosen't help for future versions eg. flash10b.ocx
in fact, no. all the release maintainers that have this kb need update those detections each time that flash player has an update. the script will know that when it happen and do the proper updates for you. but still, this one is a waste of time
Posted 17 February 2009 - 07:01 PM
If there are later files in the Flash folder then the insecure flash.ocx should be removed. It should not be there at all on a proper Flash update.
Unfortunately a number of Macromedia and Adobe Flash updaters betwee version 6 and 10 were very very buggy, which is why there is now a separate Flash UNinstaller program to remove all the junk before updating to the latest version.
The only code that will solve this problem is a complete Registry analysis that will say which version of Flash is actully registered. however, there is a much easier test: if the test page that you mentioned (http://www.macromedi...re/flash/about/) says a later version is installed, then the file flash.ocx should definitely be deleted from the HD. Otherwise it is still a security risk.
Posted 17 February 2009 - 08:35 PM
that doesn't work all times. i've found a dozen of times already systems that someone tried to update to flash 10 from 9 and quit at the middle or something, that prevent the new install to resume and the original uninstaller and the stand alone flash uninstaller to work. in all those cases, i had to manually remove the old flash files and then the new installer works. so, from my point of view, even their uninstaller doesn't work properly.
Posted 17 February 2009 - 10:41 PM
The only unsalvagable problems were with version 8 over a network, because it popped up a box that you could not answer remotely.
Every time that Adobe update the Flash version, you have to throw away the existing Uninstaller and update the Uninstaller to the new version too, because the old one never works with a newer Flash version.
Posted 18 February 2009 - 12:43 AM
you are lucky. from times to times, i found this kind of issue. and the worst thing: even the uninstaller hangs in some point. they could at least test their product before release it
> because the old one never works with a newer Flash version
yes, of course. but in some cases, it doesn't work anyway. when i found this kind of issue, i us to download the brand new version, doesn't matter if i have it already or not. and it doesn't work (and that is the main reason why i don't care about that file). but an linux live cd and a simple "delete" of the folder allows the new installer works again. interesting, isn't? you don't need even unregister the files, just delete. but there's another issue: sometimes, when you update flash or shockwave, their installer say that the install process is done and still, you can't remove the folder where is that file or even the file himself. then, you look at the process list and you will found the installer, that just forgot to quit himself. really, they could at least test their software...
Posted 18 February 2009 - 03:50 PM
To get back to the original question: if you still have flash.ocx in C:\WINDOWS\system32\Macromed\Flash as well as anything later, then the file flash.ocx must be removed.
Every time that Windows XP SP3 is reinstalled this file flash.ocx comes back again, so you have to either patch it again (using KB923789) or update it again using the latest Version 10 or the latest Version 9 from Adobe. The only good point in all this is that the KB923789 patch and every later update from Macromedia or Adobe changes the name of the file, so it is very easy to check if you have the vulnerable file (flash.ocx) or not
I really don't care what is done just so long as flash.ocx is removed. Both applying the patch and installing anything later are supposed to do this. If a third-party program comes along and puts the old version back, it must be removed again.
As soon as flash.ocx is removed from C:\WINDOWS\system32\Macromed\Flash, then AutoPatcher.exe will stop offering to patch it.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users