Skip to main content

Outdated installs of Adobe Flash Player soon won’t load in Internet Explorer 11

microsoft browser loss internet explorer
Image used with permission by copyright holder
Although Microsoft Edge takes center stage as the main browser of Windows 10, Internet Explorer 11 still lurks in the background in case the user happens to wander over to an older website. However, it is also provided to customers who refuse to jump on the Windows 10 bandwagon. Because of this, the Microsoft Edge team keeps the older browser up to date, which includes a plan to expand its out-of-date ActiveX control blocking feature on October 11.

According to the team, outdated versions of Adobe Flash Player will be blocked in Internet Explorer 11 starting next month. This ban includes all versions of Adobe Flash Player prior to 21.0.0.198, and all versions of Adobe Flash Player Extended Support Release prior to 18.0.0.241. However, this block will only apply to Internet Explorer 11 on Windows 7 SP1 and Windows Server 2008 R2.

“Customers running Windows Server 2012 R2, Windows 8.1, and Windows 10 are not impacted by this change,” said Jasika Bawa, Program Manager of Enterprise & Security. “By default, Windows Update will automatically install important Flash updates as they become available for Internet Explorer and Microsoft Edge on those systems.”

On the enterprise side, Bawa noted that out-of-date ActiveX controls aren’t blocked in the Local Intranet Zone or the Trusted Sites Zone. Thus, to see what happens when a user wanders onto an older site using out-of-date Flash ActiveX controls, Bawa provided a few steps for administrators to follow in order to generate the Flash-based warning.

First, administrators can install the latest cumulative update for Internet Explorer 11, and then open a command prompt to stop downloading updated versions of the “verionlist.xml” file. After that, they can download a test version of that file from Microsoft to the appropriate destination on the hard drive, rename it, and then restart the browser.

The result will pull up the out-of-date ActiveX control blocking notice, which will state that “Flash Player was blocked because it is out of date and needs to be updated.” Users will be given a button to “Update” or to “Run this time.”

“After you’re done testing, replace this file with its production version from here. We don’t recommend manually changing the versionlist.xml file in your production environment,” Bawa added.

Adobe Flash at one time pushed the Internet into a new generation of how we consume information, moving the World Wide Web from a flat, 2D experience to a visually robust, interactive interface spanning full animations, embedded video, and much more. But over time, the technology seemingly became one security mess after another, and now web pages feel anchored down by the vast amount of Flash content visually and covertly filling up the pages.

Now that the Internet is moving to HTML5, Flash is becoming the secondary medium. However, until Flash is completely wiped from the Internet scene, we’ll have to rely on Adobe to stay on top of the security issues, and companies like Microsoft to keep web surfers safe against running outdated, non-secure versions of Flash Player. The latest version of Flash Player appears to be version 23.0.0.162, which was actually launched on Tuesday.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more