Blocking out-of-date Flash ActiveX controls on IE11

Discussion in 'Live RSS Feeds' started by News, Sep 13, 2016.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,216
    Likes Received:
    20
    Note: Customers running Windows Server 2012 R2, Windows 8.1, and Windows 10 are not impacted by this change. By default, Windows Update will automatically install important Flash updates as they become available for Internet Explorer and Microsoft Edge on those systems.

    Starting on October 11, 2016, we’re expanding the out-of-date ActiveX control blocking feature to include outdated versions of Adobe Flash Player. This update notifies you when a Web page tries to load a Flash ActiveX control older than (but not including):

    • Adobe Flash Player version 21.0.0.198
    • Adobe Flash Player Extended Support Release version 18.0.0.241

    You can continue to view the complete list of out-of-date ActiveX controls being blocked by this feature here.

    Supported configurations and scope of out-of-date Flash ActiveX control blocking


    Unlike out-of-date Java and Silverlight blocking, the following caveats are additionally applicable to out-of-date Flash ActiveX control blocking.

    Supported configurations


    Out-of-date Flash ActiveX control blocking only applies to Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2.

    Scope


    First, with out-of-date Flash ActiveX control blocking, Internet Explorer will only warn you once per tab process. All subsequent out-of-date Flash ActiveX controls will be allowed.

    Second, users who are not members of the Local Administrators group on the PC will not see any out-of-date Flash ActiveX control blocks.


    Security note:

    If you would like out-of-date Flash blocking to apply to all users, including non-members of the Administrators group, run the following command from a command prompt:

    reg add "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExt" /v NonAdminSuppressEnabled /t REG_DWORD /d 0 /f

    Finally, the term of out-of-date Flash ActiveX control blocking will end on November 10, 2016.

    Enterprise testing for out-of-date Flash ActiveX control blocking


    Remember, out-of-date ActiveX controls aren’t blocked in the Local Intranet Zone or the Trusted Sites Zone, so your intranet sites and trusted line-of-business apps should continue to use ActiveX controls without any disruption.

    If you want to see what happens when a user goes to a Web page with an out-of-date Flash ActiveX control after October 11, 2016, you can run this test:

    • On a test computer, install the most recent cumulative update for Internet Explorer.
    • Open a command prompt and run this command to stop downloading updated versions of the versionlist.xml file:
      reg add "HKCUSoftwareMicrosoftInternet ExplorerVersionManager" /v DownloadVersionList /t REG_DWORD /d 0 /f

      Important: After you’re done testing, delete this registry key. If you don’t, this computer will stop receiving the updated VersionList.xml file with all of the out-of-date ActiveX controls. Because of this, we don’t recommend setting this registry key in your production environment.
    • Copy the test versionlist-TEST.xml file from here to %LOCALAPPDATA%MicrosoftInternet ExplorerVersionManager
    • Rename this file to versionlist.xml. Make sure you agree to overwrite any existing file.
      Important: After you’re done testing, replace this file with its production version from here. We don’t recommend manually changing the versionlist.xml file in your production environment.
      • Restart Internet Explorer.

    You’ll now get an out-of-date ActiveX control blocking notice when a Web site tries to load an outdated Flash ActiveX control.

    [​IMG]

    If you need more time to minimize your reliance on outdated Flash ActiveX controls, see the Out-of-date ActiveX control blocking on managed devices section of the Out-of-date ActiveX control blocking topic.

    ― Jasika Bawa, Program Manager, Enterprise & Security

    Continue reading...
     

Share This Page

Loading...