Yesterday, January, 27. , 2015 Microsoft has released a extra security update KB 3035034 for Windows 8, Windows 8.1 and it’s Server pendants. This security update patches the vulnerable Adobe Flash player.
I’ve discussed the Flash player security issues last week within my German blog post Stopp: Flash-Sicherheitslücke, Flash-Player deaktivieren!. Based on findings in the article Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK I recommended, disabling Flash player in Google Chrome, Windows 8 and Windows 8.1. It took a few days, before security updates are available.
Adobe has rolled out Flash updates last weekend
Adobe has rolled out a security update for Flash last weekend (see my German blog post Adobe Flash-Player Sicherheits-Update). There I wrote: The following versions of Adobe Flash player are vulnerable.
- Adobe Flash Player 126.96.36.1997 and earlier (Windows and Macintosh)
- Adobe Flash Player 188.8.131.522 and earlier 13.x versions
- Adobe Flash Player 184.108.40.2068 and earlier for Linux
Adobe has updated Flash player to version 220.127.116.116 on January, 24. 2014 (see this Adobe page). Version 18.104.22.1686 includes (according to Adobe) also a fix for vulnerability CVE-2015-0311. Flash user under Windows up to Windows 7, Linux and Macintosh are recommended to update immediately.
This update isn’t available for a) Google Chrome (you need an updated Chrome browser build) and b) for Windows 8, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2 (because Microsoft issues Flash updates).
Microsoft Flash Security-Update KB 3035034 for Windows
Yesterday, January 27. 2015, Microsoft has issued Security Update KB 3035034 for Windows. Microsoft’s KB 3035034 page details this update. This update will be distributed by Windows Update. But Microsoft provides also download packages via Microsoft Download :
- Windows8.1-KB3035034-x86.msu: 32-Bit-Update for Internet Explorer Flash Player for Windows 8.1 (KB3035034)
- Windows8.1-KB3035034-x64.msu: 64-Bit-Update for Internet Explorer Flash Player for Windows 8.1 (KB3035034)
- Windows8-RT-KB3035034-x86.msu: 32-Bit-Update for Internet Explorer Flash Player for Windows 8 (KB3035034)
- Windows8-RT-KB3035034-x64.msu : 64-Bit-Update for Internet Explorer Flash Player for Windows 8 (KB3035034)
- Windows8-RT-KB3035034-x64.msu: Update for Internet Explorer Flash Player for Windows Server 2012 (KB3035034)
- Windows8.1-KB3035034-x64.msu: Update for Internet Explorer Flash Player for Windows Server 2012 R2 (KB3035034)
Also Windows 10 Technical Preview and Windows Server Technical Preview are affected. But Microsoft will distribute KB3035034 for these platforms only via Windows Update. I just have tested it in Build 9926: Instead of controlling new updates via control panel, you need to open startmenu and select Settings. Within the Settings windows you need to select Update & Recovery (I still have a German build installed).
Install update KB 3035034 via category Windows Update. Beside the Flash update, my machine received also a definition update for Windows Defender and another stability update KB3035129.
According to neowin.net, this update will force Windows 10 Technical Preview to load (unintendently) the next Build 9932.