Tag: Zero Day Exploit


It’s Time to Remove Flash Now

The Adobe Flash plugin as long been the standard for internet video and interactive games.  Many sites have used it to distribute video while maintaining some semblance of protection for content.  Flash has enabled websites developers to produce beautiful and interactive websites, but that great power is also the problem.  Flash can also be used to serve up malware due to its many exploits.  Despite Adobe’s constant patching –  sometimes weekly – the number of vulnerabilities keeps climbing.  HTML5 is the new web standard being used to incorporate video content delivery instead of Flash.  Since it is an industry standard instead of a proprietary system, security is placed on the browser and not on plugins.

Flash Vulnerabilities

CVE Details sums up the Flash Player Vulnerabilities:


flash vulnerabilities by year








flash vulnerabilities by type

2015 was a big year for vulnerabilities in Flash.  We’re less than three months into 2016 and this year looks like it could be another big year too.  If you look at the second graph the tallest line is the Execute Code type.  That means that the vulnerability allowed remote code to be run on the victim’s computer.  Not all of those were actually actively exploited, but the fact that there have been so many ways to exploit Flash is frightening.

It’s Time to Remove Flash

The consensus among most IT professionals now is that if you haven’t already, it’s time to remove Flash player from your computer.  There are several different versions of the Flash player and they all should be removed or disabled.  Google Chrome and Microsoft Edge browsers have Flash built into them and so it can’t be removed, but it can be disabled or used selectively.  Check out the screenshot tutorial videos below to learn how to uninstall Flash on your computers:

In Windows:

Go to the control panel and then uninstall programs.  In the list look for Adobe Flash and uninstall it.  That will remove it from all but Chrome and Edge if you are using Windows 10.  Also look for

Disable in Edge:


Disable in Chrome


I missed one step in the video.  When you first enter the settings screen you have to hit the “show advanced settings” at the bottom.

Chrome Let me choose optionI personally leave Flash enabled in Chrome but use the “Let me choose when to run plugin content” that allows me to use when needed.  By using the Chrome version of Flash I keep Flash as current as possible because it’s automatically updated with Chrome.




On a Mac:

time to remove flashAdobe has a uninstaller that will remove Flash.  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

On Linux:

If you are using Linux, then I will assume that you know how to remove Flash already.  Different distros will handle this differently.

Have questions?

Contact me if you have questions or need assistance: Kent Warden, 913-593-8074.

Zero Day Exploits

Zero Day Exploits

What is a Zero Day Exploit?

Simply put a zero day exploit is a software vulnerability that is found by hackers before the software creator.  They can be the worst kind of security hole as they can be exploited until the software creator is made aware and can fix the problem.

Two On The Same Day

This morning I have run across two articles about zero day exploits and the patches that are available.  The first is a security flaw in Microsoft Internet Explorer.  There is temporary fix for this available from Microsoft until they can get a permanent patch distributed.  When available the patch will be pushed out through the normal update channels for Microsoft software.

The second zero day exploit and fix I ran across is Adobe Flash.  They have a technical bulletin out describing which versions are vulnerable and which are not.   This is the Detail from that bulletin:

Adobe has released security updates for Adobe Flash Player and earlier versions for Windows and Macintosh and Adobe Flash Player and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:

Update Your Software

I work with many people on their computers.   One of the comments that I cringe at is “That update window keeps popping up and I just close it.”  Most legitimate software vendors out there provide a mechanism to update the software they create.  The reason they do is not only for improvements but also to patch vulnerabilities.  When a software program you have pops up and says there is a update would you like to install it you should do so.  Software producers are not doing this to pester you, they don’t want to be responsible for a breach of your computer.

Why are there so many updates

Most software we use is very complex as are the computers and operating systems we use.  Our computers unlike 20 years ago that occasionally got online are on all the time.  Surfing the web is commonplace and because of that attacks are primarily going to come from the web.  Software creators try to create a good usable and secure program that you can use for some purpose.  There are people out there that are constantly looking for holes in software to gain access to computers.  You may be one who says I don’t have anything on my computer of any importance so if someone gained access it would be no big deal.  You may not have anything to steal but with the right exploit a hacker could commandeer your computer for their own purposes.  They could use it for sending out spam, which will end up getting you in trouble with your
and probably blacklisted so you can’t send out your own email.  They could use it to host websites of all sorts including for illegal activities.  Which will of course get your into trouble with law enforcement at some level.  They could just use it as a bot in a bonnet for attacking other computers.  There are many reasons and none of them do you want to be a part of.

So the more software titles you use the more you will need to keep updated.  Some occur automatically others require you to do some action.  Take a few minutes and get them done.  As always if you need help with any of these issues I am available to assist.