Note: Customers running Windows Server 2012R2, Windows 8.1, and Windows 10 are not impacted by this change. By default, Windows Update will automatically install important Flash updates as they become available for Internet Explorer and Microsoft Edge on those systems.

Starting on October 11, 2016, we’re expanding the out-of-date ActiveX control blocking feature to include outdated versions of Adobe Flash Player. This update notifies you when a Web page tries to load a Flash ActiveX control older than (but not including):

• Adobe Flash Player version 21.0.0.198
• Adobe Flash Player Extended Support Release version 18.0.0.241

You can continue to view the complete list of out-of-date ActiveX controls being blocked by this feature here.

Supported configurations and scope of out-of-date Flash ActiveX control blocking

Unlike out-of-date Java and Silverlight blocking, the following caveats are additionally applicable to out-of-date Flash ActiveX control blocking.

Supported configurations

Out-of-date Flash ActiveX control blocking only applies to Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2.

Scope

First, with out-of-date Flash ActiveX control blocking, Internet Explorer will only warn you once per tab process. All subsequent out-of-date Flash ActiveX controls will be allowed.
Second, users who are not members of the Local Administrators group on the PC will not see any out-of-date Flash ActiveX control blocks.

   Note

Security note:
If you would like out-of-date Flash blocking to apply to all users, including non-members of the Administrators group, run the following command from a command prompt:

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext" /v NonAdminSuppressEnabled /t REG_DWORD /d 0 /f

Finally, the term of out-of-date Flash ActiveX control blocking will end on November 10, 2016.

Enterprise testing for out-of-date Flash ActiveX control blocking

Remember, out-of-date ActiveX controls aren’t blocked in the Local Intranet Zone or the Trusted Sites Zone, so your intranet sites and trusted line-of-business apps should continue to use ActiveX controls without any disruption.

If you want to see what happens when a user goes to a Web page with an out-of-date Flash ActiveX control after October 11, 2016, you can run this test:

• On a test computer, install the most recent cumulative update for Internet Explorer.
• Open a command prompt and run this command to stop downloading updated versions of the versionlist.xml file:
  reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVersionList/t REG_DWORD /d 0 /f
  Important: After you’re done testing, delete this registry key. If you don’t, this computer will stop receiving the updated VersionList.xml file with all of the out-of-date ActiveX controls. Because of this, we don’t recommend setting this registry key in your production environment.
• Copy the test versionlist-TEST.xml file from here to %LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\
• Rename this file to versionlist.xml. Make sure you agree to overwrite any existing file. Important: After you’re done testing, replace this file with its production version from here. We don’t recommend manually changing the versionlist.xml file in your production environment.
• Restart Internet Explorer.

You’ll now get an out-of-date ActiveX control blocking notice when a Web site tries to load an outdated Flash ActiveX control.




If you need more time to minimize your reliance on outdated Flash ActiveX controls, see the Out-of-date ActiveX control blocking on managed devices section of the Out-of-date ActiveX control blocking topic.

― Jasika Bawa, Program Manager, Enterprise & Security

Source: https://blogs.windows.com/msedgedev/...-of-date-flash

Posted By: Brink
13 Sep 2016