Coffeehouse Thread

2 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

That's one secure patch, all right...

Back to Forum: Coffeehouse
  • User profile image
    Mike Dimmick

    On both my home and work computers, I've followed Microsoft's advisory, linked to Adobe's advisory, and updated Adobe (Macromedia) Flash to their latest version, 8.0.24.0. Unfortunately it now no longer works in my normal, low-privileged accounts!

    Digging in the registry shows that the control's keys under CLSID can no longer be read by ordinary users: the permissions have been set so Everyone is denied access. I'm surprised that it works for administrators actually, since Everyone should cover, well, everyone. Perhaps the ACL was ordered incorrectly, with some of the Allow entries appearing before the Deny entries - the AccessCheck routine will stop parsing the ACL once all requested bits are set, which means it can miss explicit Deny ACEs if they appear after Allow ACEs.

    Well, that's one way to stop exploits of the vulnerabilities, whatever they are. I hope this change wasn't Adobe's 'fix'!

    Anyone else seeing this problem?

  • User profile image
    Minh

    I've got Flash 8.0.24 installed & running as non-admin user -- and it's working OK.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.