Failing security audit due to old flash.ocx version
Hi
Hope someone can help.
I've been asked to gain a security accrediation for my company and during the initial vulnerability scans (Nessus), we have a number of 8.1 PCs (which we will have until early next year so can't just get shot of them) that are failing because of an outdated and unsupported version of Adobe Flash Player, specifically:
The following unsupported Flash player controls were detected :
Product : ActiveX control (for Internet Explorer)
Path : C:\Windows\System32\Macromed\Flash\Flash.ocx
Installed version : 11.8.800.175
Supported versions : 19.x / 18.x
We have installed:
The latest Windows Security Updates for Adobe Flash Player - July 2018 (KB4338832)
The latest Adobe Flash Players (all three types) all at version 30.0.0.134
I need to get flash.ocx, FlashUtil_ActiveX.dll and FlashUtil_ActiveX.exe version 11.8.800.175 updated to at least version 19 but I cannot find any installer or way to do this. I have also tried taking ownership of these files and have on some machines had success at removing them manually, but for some reason its not allowing me to do it on all of the affected PCs.
Could anyone help me figure out a way to update these to the latest version as its going to fail me my security accrediation.
I have seen this: how do i uninstall flash player from window 8.1 and reinstall the newer version so I am not sure if I am just going to have to argue the point with the security assessor. I believe it may be a remnant that only works with IE10 and obviously we have IE11 which in my mind would be a mitigation for the vulnerability?
Any advice appreciated.
Kind regards,
Jonathan
