News

Windows 10 Creators Update To Let Users Block Flash

Future versions of Windows 10 will give users the means to block the Flash browser plug-in, Microsoft said this week.

In an announcement, Microsoft said that users will get the choice to either block or use Flash when they visit Web sites through a dialog box. The changes Microsoft will be making will be similar to "updates coming from our friends at Apple, Mozilla, and Google," Microsoft explained.

One difference with Microsoft's approach, though, is that users will be able to use Flash, if wanted, "for any site they visit." Microsoft currently includes Flash in Windows, but it's not part of the long-term picture, at least for use with the Microsoft Edge browser. In April, the Microsoft Edge team stated that "we are planning for and look forward to a future where Flash is no longer necessary as a default experience in Microsoft Edge."

Microsoft's announcement urged Web site developers to move toward using Flash alternatives "in the coming months." They can use "mechanisms like JavaScript and HTML5 Encrypted Media Extensions, Media Source Extensions, Canvas, Web Audio, and RTC" in their content, Microsoft suggested.

No exact timeline was indicated, but Microsoft's announcement suggested that it would evolve the Flash user notification approach with subsequent Windows 10 releases. The target for its appearance will be the Windows 10 "creators update," which is planned for arrival in the spring of 2017 (and rumored for a March release).

Flash is seen as security target, at least in the cases where it wasn't kept updated. It's also considered to be a battery hog for mobile devices since Flash powers ads on Web sites. The Microsoft Edge browser is already automatically pausing Flash ad content that's deemed nonessential, which kicked off with the Windows 10 anniversary update release.

Ironically, Flash exploits have declined, year over year, according to the latest Microsoft Security Intelligence Report, which covers the first half of 2016.

"Fewer zero-day Flash Player exploits were discovered in 1H16 than during comparable periods in 2015, and fewer post-update exploits were incorporated into exploit kits," Microsoft's SIR report stated.

The report attributed the decline to Adobe's latest exploit mitigations, as well as the use of "Control Flow Guard technology in Windows 10, which makes memory corruption vulnerabilities harder to exploit."

However, the Adobe Flash Player was exploited in early May by the Promethium and Neodymium activity groups. These groups used a zero-day Flash flaw to target individuals, mostly in Europe. The Promethium group delivered malicious links in instant messaging software, while the Neodymium group used phishing campaigns and e-mail attachments, according to Microsoft.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Shares Coming Windows Server 20H1 Improvements

    Microsoft recently detailed a few improvements coming to the next release of Windows Server, including faster PowerShell performance and a smaller container size.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft Bringing Teams to Linux in Preview

    A limited preview of the Microsoft Teams app is now available for select Linux desktop operating systems, making it "the first Microsoft 365 app" to run on Linux.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.