Windows 10 Creators Update To Let Users Block Flash

Future versions of Windows 10 will give users the means to block the Flash browser plug-in, Microsoft said this week.

In an announcement, Microsoft said that users will get the choice to either block or use Flash when they visit Web sites through a dialog box. The changes Microsoft will be making will be similar to "updates coming from our friends at Apple, Mozilla, and Google," Microsoft explained.

One difference with Microsoft's approach, though, is that users will be able to use Flash, if wanted, "for any site they visit." Microsoft currently includes Flash in Windows, but it's not part of the long-term picture, at least for use with the Microsoft Edge browser. In April, the Microsoft Edge team stated that "we are planning for and look forward to a future where Flash is no longer necessary as a default experience in Microsoft Edge."

Microsoft's announcement urged Web site developers to move toward using Flash alternatives "in the coming months." They can use "mechanisms like JavaScript and HTML5 Encrypted Media Extensions, Media Source Extensions, Canvas, Web Audio, and RTC" in their content, Microsoft suggested.

No exact timeline was indicated, but Microsoft's announcement suggested that it would evolve the Flash user notification approach with subsequent Windows 10 releases. The target for its appearance will be the Windows 10 "creators update," which is planned for arrival in the spring of 2017 (and rumored for a March release).

Flash is seen as security target, at least in the cases where it wasn't kept updated. It's also considered to be a battery hog for mobile devices since Flash powers ads on Web sites. The Microsoft Edge browser is already automatically pausing Flash ad content that's deemed nonessential, which kicked off with the Windows 10 anniversary update release.

Ironically, Flash exploits have declined, year over year, according to the latest Microsoft Security Intelligence Report, which covers the first half of 2016.

"Fewer zero-day Flash Player exploits were discovered in 1H16 than during comparable periods in 2015, and fewer post-update exploits were incorporated into exploit kits," Microsoft's SIR report stated.

The report attributed the decline to Adobe's latest exploit mitigations, as well as the use of "Control Flow Guard technology in Windows 10, which makes memory corruption vulnerabilities harder to exploit."

However, the Adobe Flash Player was exploited in early May by the Promethium and Neodymium activity groups. These groups used a zero-day Flash flaw to target individuals, mostly in Europe. The Promethium group delivered malicious links in instant messaging software, while the Neodymium group used phishing campaigns and e-mail attachments, according to Microsoft.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Releases Dev Box Preview

    Microsoft Dev Box, which lets developers create provisioned workspaces for specific projects, has now hit the preview stage, according to an announcement made this week.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • .NET 6 Support Comes to Linux

    Canonical and Microsoft announced on Tuesday that devs using Ubuntu 22.04 ("Jammy") operating system can now install .NET 6,

  • Microsoft Releases Entra Verified ID Service

    Microsoft announced on Monday the "general availability" of Microsoft Entra Verified ID, a new service that promises a more deliberate way for individuals and organizations to share identity information.