Have a Flash vulnerability when Flash is not installed?
The Flash library has historically be included by many 3rd party applications and developers. Understanding which application is leveraging the Flash library can sometimes be a task in and of itself.
Searching for the FLASH.OCX or FLASH*.OCX file is a good place to start.
Additional info provided by Microsoft
Microsoft historically had included an installation of Flash by default for use with Internet Explorer and Edge. This instance of Flash was maintained by Microsoft through Windows updates. With the End of Life for Flash on December 31, 2020, all instances of Flash are considered unsupported and should be removed if not needed. This includes Microsoft's default install.
This installation of Flash can be identified by checking the plugin output of plugin 59196. Instances of Flash in the following Paths are maintained by Microsoft, and will not be removed using Adobe's Flash uninstaller:
C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx C:\Windows\System32\Macromed\Flash\Flash.ocx
Microsoft may begin removing these automatically at some point, but as of this writing it requires manual intervention. Microsoft has provided "updates" which will remove their instance of Flash. Please refer to the following link on Microsoft's Update Catalog to obtain the appropriate update for your Windows OS:
http://www.catalog.update.microsoft.com/search.aspx?q=4577586
Google Chrome
Chrome can also be a source of FLASH vulnerabilities warnings, older Chrome browsers use PEPPERFLASH.
Here is a couple quick videos on how to remove or disable PEPPERFLASH / FLASH depending on your version.
Comments
0 comments
Please sign in to leave a comment.