Windows 10 Creators Update To Let Users Block Flash

Future versions of Windows 10 will give users the means to block the Flash browser plug-in, Microsoft said this week.

In an announcement, Microsoft said that users will get the choice to either block or use Flash when they visit Web sites through a dialog box. The changes Microsoft will be making will be similar to "updates coming from our friends at Apple, Mozilla, and Google," Microsoft explained.

One difference with Microsoft's approach, though, is that users will be able to use Flash, if wanted, "for any site they visit." Microsoft currently includes Flash in Windows, but it's not part of the long-term picture, at least for use with the Microsoft Edge browser. In April, the Microsoft Edge team stated that "we are planning for and look forward to a future where Flash is no longer necessary as a default experience in Microsoft Edge."

Microsoft's announcement urged Web site developers to move toward using Flash alternatives "in the coming months." They can use "mechanisms like JavaScript and HTML5 Encrypted Media Extensions, Media Source Extensions, Canvas, Web Audio, and RTC" in their content, Microsoft suggested.

No exact timeline was indicated, but Microsoft's announcement suggested that it would evolve the Flash user notification approach with subsequent Windows 10 releases. The target for its appearance will be the Windows 10 "creators update," which is planned for arrival in the spring of 2017 (and rumored for a March release).

Flash is seen as security target, at least in the cases where it wasn't kept updated. It's also considered to be a battery hog for mobile devices since Flash powers ads on Web sites. The Microsoft Edge browser is already automatically pausing Flash ad content that's deemed nonessential, which kicked off with the Windows 10 anniversary update release.

Ironically, Flash exploits have declined, year over year, according to the latest Microsoft Security Intelligence Report, which covers the first half of 2016.

"Fewer zero-day Flash Player exploits were discovered in 1H16 than during comparable periods in 2015, and fewer post-update exploits were incorporated into exploit kits," Microsoft's SIR report stated.

The report attributed the decline to Adobe's latest exploit mitigations, as well as the use of "Control Flow Guard technology in Windows 10, which makes memory corruption vulnerabilities harder to exploit."

However, the Adobe Flash Player was exploited in early May by the Promethium and Neodymium activity groups. These groups used a zero-day Flash flaw to target individuals, mostly in Europe. The Promethium group delivered malicious links in instant messaging software, while the Neodymium group used phishing campaigns and e-mail attachments, according to Microsoft.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Pilot Begins of Microsoft Teams-Salesforce CRM Integration

    A new capability that lets Microsoft Teams users access information from the customer relationship management (CRM) platform debuted this week.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft's Azure Space Program Gets 'Modular' Datacenters

    Microsoft recently unveiled its new Azure Modular Datacenters, boxcar-like structures that can deliver compute and storage capabilities anywhere on earth.