You must have a trusted and validated process or procedure in place. The first inclination of the security team is often to roll the updates out immediately, but that can often have a devastating impact on the overall business if the patches don’t perform as anticipated.
Some of the factors to consider include your company timeline to install the fixes throughout your network, a risk-based approach to protect the most critical systems, required coordination of activity, and so forth. If last month you were ‘running around with your hair on fire’ as the saying goes, now is the time to plan for the next issue because it is sure to come.įirst, you must have a company policy in place which must be negotiated with and agreed upon by your security and legal teams. The release of zero-day updates, particularly one of this magnitude, provides an excellent opportunity to validate your emergency patching policies and procedures. Extended Security Updates were provided for Windows 7 and Server 2008/2008 R2, but only if you purchased this service. If you use Microsoft’s security only updates each month, be sure to include the security only out-of-band updates for your operating systems, because they must be installed for the PrintNightmare fix they were not included in the Patch Tuesday set of security only updates. If you’re still in an active patch cycle, ensure you install the latest cumulative (or monthly rollup) to address this vulnerability.
This means if you use third-party solutions or installed the player manually, it will not be removed.The PrintNightmare print spooler vulnerability, CVE-2021-34527, caused a lot of excitement last month. It’s also important to understand that Microsoft will only remove the Flash Player components automatically included in Windows. The last resort is running a completely separate environment (virtual machine) on an old version of Windows. The other option is to reinstall Windows without applying the update.
If they want to use Flash Player, they’ll need to hit the brake on Windows Update services.
If you upgrade to the May 2021 Update, Flash Player will automatically stop working on your system.Īfter these changes, users can no longer continue using Adobe Flash Player.
Windows 10 21H1 will not ship with Flash PlayerĪs expected, Windows 10 version 21H1, otherwise known as the May 2021 Update, would be the first version of the OS to ship without Adobe Flash Player. If you skip the optional update, Flash Player will be removed with July Patch Tuesday Update. These updates are completely optional and they include the majority of non-security updates that will be shipped to everyone with mandatory Patch Tuesday update, internally known as “B” release. Windows 10’s optional “C” and “D” updates, which will be released in June, will remove the Flash Player.įor those unaware, C or D releases of Windows 10 updates come out on the third or fourth week of the month. As per the updated roadmap, a separate update is no longer required to remove Flash Player. On April 27, Microsoft quietly updated the original announcement with new changes that will go live in June and July. Uninstall option missing Patch Tuesday update will hammer the final nail in Flash Player’s coffin