1. Introduction
MS KB2837385 addresses vulnerabilities in Adobe Flash Player ActiveX control. This update is important because unpatched systems are at risk of code execution via memory corruption flaws within the Flash player. Systems running a vulnerable version of Adobe Flash Player, particularly those with ActiveX controls enabled, are affected. Successful exploitation could compromise confidentiality, integrity and availability.
2. Technical Explanation
The vulnerability stems from missing security update KB2837385 for the installed Adobe Flash ActiveX control. Attackers can exploit memory corruption issues within this control to execute arbitrary code on a vulnerable system. Exploitation requires a user to visit a malicious webpage containing an exploited Flash object. The CVEs listed below detail specific flaws addressed by this patch.
- Root cause: Missing security update KB2837385 for the Adobe Flash ActiveX control, leading to multiple memory corruption vulnerabilities.
- Exploit mechanism: An attacker crafts a malicious webpage containing an exploited Flash object that triggers memory corruption when visited by a user with a vulnerable browser and enabled ActiveX controls.
- Scope: Windows systems running a version of Adobe Flash Player susceptible to the identified vulnerabilities, specifically those using the ActiveX control.
3. Detection and Assessment
Confirming vulnerability involves checking for the presence of KB2837385 or identifying vulnerable Flash versions. A quick check can be done via Windows Update history. More thorough assessment requires reviewing installed components.
- Quick checks: Check Windows Update History for successful installation of KB2837385.
- Scanning: Nessus plugin 69410 and OpenVAS scanner ID 93648 may identify vulnerable systems, but results should be verified.
- Logs and evidence: Review Application event logs for errors related to Adobe Flash Player or ActiveX controls.
wmic qfe list where hotfixid="KB2837385"4. Solution / Remediation Steps
The solution is to install Microsoft KB2837385. This patch addresses the identified vulnerabilities in Adobe Flash Player. Follow these steps for a safe and effective remediation.
4.1 Preparation
- No services need to be stopped, but close all browser windows during installation.
- Roll back plan: Uninstall KB2837385 via Windows Update if issues occur. A change window may be needed depending on your organisation’s policy.
4.2 Implementation
- Step 1: Download KB2837385 from the Microsoft Update Catalog or use WSUS/SCCM to deploy it.
- Step 2: Install the update via the downloaded file or through your central management system.
4.3 Config or Code Example
No config changes are needed, this is a patch install.
Before
N/A - Vulnerable SystemAfter
wmic qfe list where hotfixid="KB2837385"4.4 Security Practices Relevant to This Vulnerability
Practices like least privilege and a regular patch cadence are relevant here. Limiting ActiveX control use reduces the attack surface, while timely patching prevents exploitation of known flaws.
- Practice 1: Least privilege – restrict user accounts with unnecessary administrative rights to reduce potential impact if exploited.
- Practice 2: Patch cadence – Implement a regular schedule for applying security updates from Microsoft and Adobe to address vulnerabilities promptly.
4.5 Automation (Optional)
PowerShell can be used to check patch status across multiple systems.
# Check if KB2837385 is installed on remote computers
$computers = @("computer1", "computer2") # Replace with your computer names
foreach ($computer in $computers) {
if (Get-HotFix -ComputerName $computer -ID KB2837385) {
Write-Host "$computer: KB2837385 is installed"
} else {
Write-Host "$computer: KB2837385 is NOT installed"
}
}5. Verification / Validation
Verify the fix by confirming KB2837385 installation and retesting for vulnerabilities. A simple service smoke test can be performed to ensure Flash functionality remains intact.
- Post-fix check: Run `wmic qfe list where hotfixid=”KB2837385″` and confirm the update is listed.
- Re-test: Re-run the quick check from Section 3 to verify KB2837385 is now installed.
- Smoke test: Open a trusted website using Flash content to ensure it loads correctly.
wmic qfe list where hotfixid="KB2837385"6. Preventive Measures and Monitoring
Update security baselines to include this patch, and incorporate vulnerability scanning into CI/CD pipelines. A regular asset inventory process helps identify vulnerable systems quickly.
- Baselines: Update your Windows baseline configuration to require KB2837385 installation.
- Asset and patch process: Review systems weekly for missing security updates, prioritizing critical vulnerabilities.
7. Risks, Side Effects, and Roll Back
Potential risks include compatibility issues with older applications using Flash. Roll back by uninstalling KB2837385 through Windows Update.
- Risk or side effect 2: Reboot required may cause brief service interruption – schedule during a maintenance window.
- Roll back: Uninstall KB2837385 via Windows Update History, then reboot the system.
8. References and Resources
Refer to official Microsoft and Adobe advisories for detailed information about this vulnerability.
- Vendor advisory or bulletin: http://www.adobe.com/support/security/bulletins/apsb13-14.html
- NVD or CVE entry: N/A – Multiple CVEs listed in Third Party Links section.
- Product or platform documentation relevant to the fix: https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801