On both my home and work computers, I've followed Microsoft's advisory, linked to Adobe's advisory, and updated Adobe (Macromedia) Flash to their latest version, 8.0.24.0. Unfortunately it now no longer works in my normal, low-privileged accounts!
Digging in the registry shows that the control's keys under CLSID can no longer be read by ordinary users: the permissions have been set so Everyone is denied access. I'm surprised that it works for administrators actually, since Everyone should cover, well,
everyone. Perhaps the ACL was ordered incorrectly, with some of the Allow entries appearing before the Deny entries - the AccessCheck routine will stop parsing the ACL once all requested bits are set, which means it can miss explicit Deny ACEs if they appear
after Allow ACEs.
Well, that's one way to stop exploits of the vulnerabilities, whatever they are. I hope this change wasn't Adobe's 'fix'!
Anyone else seeing this problem?
Loading User Information from Channel 9
Something went wrong getting user information from Channel 9
Loading User Information from MSDN
Something went wrong getting user information from MSDN
Loading Visual Studio Achievements
Something went wrong getting the Visual Studio Achievements
