{"id":2182,"date":"2020-12-31T07:57:13","date_gmt":"2020-12-30T23:57:13","guid":{"rendered":"http:\/\/www.jhouseconsulting.com\/?p=2182"},"modified":"2023-06-16T05:06:16","modified_gmt":"2023-06-15T21:06:16","slug":"how-to-extend-the-adobe-flash-player-eol-to-prevent-it-from-blocking-flash-beyond-12-january-2021","status":"publish","type":"post","link":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/2020\/12\/31\/how-to-extend-the-adobe-flash-player-eol-to-prevent-it-from-blocking-flash-beyond-12-january-2021-2182","title":{"rendered":"How to extend the Adobe Flash Player EOL to prevent it from blocking flash beyond 12 January 2021"},"content":{"rendered":"<p>With the fast approaching <a href=\"https:\/\/www.adobe.com\/products\/flashplayer\/end-of-life.html\" target=\"_blank\">end of life for Adobe Flash Player<\/a>, some organisations have been caught out with legacy apps that have yet to be decommissioned or migrated to HTML5, etc. Some of these apps may be business critical. Unless you take action by the 11th January 2021, this is what your users will see on 12th January 2021.<\/p>\n<p><a href=\"http:\/\/www.jhouseconsulting.com\/2020\/12\/31\/how-to-extend-the-adobe-flash-player-eol-to-prevent-it-from-blocking-flash-beyond-12-january-2021-2182\/flash-blocked\" rel=\"attachment wp-att-2185\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-full wp-image-2185\" src=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/Flash-Blocked-e1609371914492.png\" alt=\"Flash Blocked\" width=\"640\" height=\"330\" srcset=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/Flash-Blocked-e1609371914492.png 640w, https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/Flash-Blocked-e1609371914492-300x155.png 300w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>Don&#8217;t panic! We can temporality fix this and you can continue to use&nbsp;Adobe Flash Player if correctly configured in a locked down state using the mms.cfg file.<\/p>\n<p>Update: As of July 2021 all monthly and cumulative updates contain the Adobe Flash Removal Package. Therefore, deploying it will remove Adobe Flash. So if you do have an urgent need to test or work on an old Adobe Flash app, don&#8217;t patch beyond June 2021. This is not advice I would normally provide, but helps you get to a point should you need to revisit and use an Adobe Flash app.<\/p>\n<p><!--more--><\/p>\n<p>Here&#8217;s how you do it.<\/p>\n<ul>\n<li>You must be running Adobe Flash Player version 32.0.0.445, which is the 2nd October Microsoft patch <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4580325\/security-update\" target=\"_blank\">KB4580325<\/a>.<\/li>\n<li>Earlier versions, such as 32.0.0.387, do not seem to correctly adhere to, honour and respect the mms.cfg settings. I believe this may have just been a bug according to several forum posts.<\/li>\n<li>You can download the update from the <a href=\"https:\/\/www.catalog.update.microsoft.com\/Search.aspx?q=KB4580325\" target=\"_blank\">Microsoft Update Catalog<\/a> website.<\/li>\n<li>Installing it does not require a reboot and the new version works immediately.<\/li>\n<li>You should also block update <a href=\"https:\/\/support.microsoft.com\/en-au\/help\/4577586\/update-for-removal-of-adobe-flash-player\" target=\"_blank\">KB4577586<\/a>, which will remove Adobe Flash Player. This update is currently not available in Windows Server Update Service (WSUS). It will be made available in early 2021. According to the documentation when KB4577586 will be distributed it will delete Flash for IE11 and will prevent it to be installed again.<\/li>\n<li>Create an mms.cfg as per the example below. The&nbsp;settings in the mms.cfg are documented in the <a href=\"https:\/\/www.adobe.com\/devnet\/flashplayer\/articles\/flash_player_admin_guide.html\" target=\"_blank\">Administration Guide<\/a>.<\/li>\n<li>The&nbsp;AllowListUrlPattern acts like a whitelist.<\/li>\n<li>Once you have the&nbsp;AllowListUrlPattern set, you can test it by rolling the date&nbsp;forward beyond 11th January 2021 to ensure it continues to work for you.<\/li>\n<\/ul>\n<p>So your folder structure should end up looking like this&#8230;<\/p>\n<p><a href=\"http:\/\/www.jhouseconsulting.com\/2020\/12\/31\/how-to-extend-the-adobe-flash-player-eol-to-prevent-it-from-blocking-flash-beyond-12-january-2021-2182\/flash-installed-with-mms-cfg\" rel=\"attachment wp-att-2186\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-2186\" src=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/Flash-Installed-with-mms.cfg_.png\" alt=\"Flash Installed with mms.cfg\" width=\"505\" height=\"403\" srcset=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/Flash-Installed-with-mms.cfg_.png 505w, https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/Flash-Installed-with-mms.cfg_-300x239.png 300w\" sizes=\"(max-width: 505px) 100vw, 505px\" \/><\/a><\/p>\n<p>An example mms.cfg file may look like this&#8230;<\/p>\n<p><a href=\"http:\/\/www.jhouseconsulting.com\/2020\/12\/31\/how-to-extend-the-adobe-flash-player-eol-to-prevent-it-from-blocking-flash-beyond-12-january-2021-2182\/mms-cfg-example\" rel=\"attachment wp-att-2187\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-2187\" src=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/mms.cfg-example.png\" alt=\"mms.cfg example\" width=\"481\" height=\"249\" srcset=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/mms.cfg-example.png 481w, https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2020\/12\/mms.cfg-example-300x155.png 300w\" sizes=\"(max-width: 481px) 100vw, 481px\" \/><\/a><\/p>\n<p>Note that you can have multiple&nbsp;AllowListUrlPattern lines and also use wildcards for pattern matching. Refer to the&nbsp;<a href=\"https:\/\/www.adobe.com\/devnet\/flashplayer\/articles\/flash_player_admin_guide.html\" target=\"_blank\">Administration Guide<\/a>&nbsp;for further details. Not every pattern match will work. For example, http will always assume port 80. Hence why I have specified port 8080 in the example above.<\/p>\n<p>In summary you need to:<\/p>\n<ul>\n<li>Deploy <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4580325\/security-update\" target=\"_blank\">KB4580325<\/a><\/li>\n<li>Deploy the mms.cfg files with the correct AllowListUrlPattern(s) set.<\/li>\n<li>Block <a href=\"https:\/\/support.microsoft.com\/en-au\/help\/4577586\/update-for-removal-of-adobe-flash-player\" target=\"_blank\">KB4577586<\/a><\/li>\n<\/ul>\n<p>This is not a long term fix. As I understand it Microsoft may include the removal in a cumulative security update by mid 2021. However, this should buy you some time and get you out of trouble in the short term.<\/p>\n<p>Hope this helps.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the fast approaching end of life for Adobe Flash Player, some organisations have been caught out with legacy apps that have yet to be decommissioned or migrated to HTML5, etc. Some of these apps may be business critical. Unless you take action by the 11th January 2021, this is what your users will see &#8230; <a title=\"How to extend the Adobe Flash Player EOL to prevent it from blocking flash beyond 12 January 2021\" class=\"read-more\" href=\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/2020\/12\/31\/how-to-extend-the-adobe-flash-player-eol-to-prevent-it-from-blocking-flash-beyond-12-january-2021-2182\" aria-label=\"Read more about How to extend the Adobe Flash Player EOL to prevent it from blocking flash beyond 12 January 2021\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[235],"tags":[604,603,602,597,594,599,596,325,595,601,600,598],"class_list":["post-2182","post","type-post","status-publish","format-standard","hentry","category-adobe","tag-12-january-2021","tag-12th-january-2021","tag-32-0-0-387","tag-32-0-0-445","tag-adobe-flash-player","tag-allowlisturlpattern","tag-end-of-life","tag-eol","tag-flash-player","tag-kb4577586","tag-kb4580325","tag-mms-cfg"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/2182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/comments?post=2182"}],"version-history":[{"count":5,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/2182\/revisions"}],"predecessor-version":[{"id":2478,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/2182\/revisions\/2478"}],"wp:attachment":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/media?parent=2182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/categories?post=2182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/tags?post=2182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}