Microsoft To Block Flash In Office 365 Starting January 2019 (bleepingcomputer.com) 42
An anonymous reader writes: Microsoft plans to soon block Flash, Shockwave, and Silverlight content from activating in Office 365, it said. The block, however, will only be applicable in Office 365 subscription clients -- and not in Office 2016, Office 2013, or Office 2010 distributions, the company added. The change is set to come into effect starting January 2019. This is a full-on block, and not just Microsoft disabling problematic controls with the option to click on a button and view its content, BleepingComputer reports. The block means that Office 365 will prevent Flash, Shockwave, or Silverlight content from playing inside Office documents altogether.
Microsoft cited various reasons for taking this decision. It said that malware authors have abused this mechanism for exploit campaigns, but also that Office users rarely used these features. In addition, Microsoft said it was also taking this decision after Adobe announced Flash's end-of-life for 2020.
Microsoft cited various reasons for taking this decision. It said that malware authors have abused this mechanism for exploit campaigns, but also that Office users rarely used these features. In addition, Microsoft said it was also taking this decision after Adobe announced Flash's end-of-life for 2020.
Why was it there in the first place (Score:5, Insightful)
Whilst I have to commend MS taking the action to remove these nasties from Office, I have to ask... ... why did it allow them in the first place?
Re:Why was it there in the first place (Score:4, Interesting)
Likely for HTML emails. And yes, that's still stupid.
Re: (Score:3)
why did it allow them in the first place
I remember once the goal of computers was to be able to do anything anywhere regardless of whether it made sense to do so. Complete seamlessness on both an application and content level. It's a logical extension of OLE allowing native editing of spreadsheets embedded in word documents for instance. Not a crap goal by any means, but one that in its generic case may not make a lot of sense for individual specific use cases.
It stands to reason that a content element completely ballsed up from a security point
Re: (Score:2)
you lived in microsoft's fantasy world
It wasn't Microsoft's fantasy world. It was everyone's fantasy world. Hell Microsoft and computer companies in general were trying to replicate what science fiction writing had been showing us for many years. Apple was doing it to, they did it on a hardware / product interaction level and it worked a treat.
Everyone swallowed the coolaid.
oh man what a stinker, take this nonsense elsewhere
Oh I did. I closed my browser, turned off my computer, opened my phone and kept going typing this message. I'm sorry your nose is so sensitive. It must be hard living in the
Re:Why was it there in the first place (Score:4, Insightful)
Well lets go back 20 years.
HTML 3 was the common version of HTML. Which had a lot of necessary features missing, So tools like Java Applets, Active X Controls and Macromedia Flash were made to fill in the Gaps. It wasn't great but it solved the problems that was happening.
Java Applets were always really slow, Active X was insecure and dangerous, Flash was the fastest at the time, and worked across platforms.
Microsoft later made Silverlight to try to take over Flash, with minimum success.
Active X and Silverlight were part of Microsoft Browser War arsenal. Because Microsoft was hoping by winning the browser war, they would have control of the standards. While they won the war by IE 6, their objective to control the standards didn't pan out too well. However its attempt created a large number of legacy programs that used such plugins. That is hard to get rid of.
Now that HTML 5 Supports most of what These legacy plugins did. They are no longer needed, but removing them needs to be a gradual planned event.
Why did they start in the first place? Because the standard wasn't fully supporting the features that were needed.
Re: (Score:2)
HTML 3 was the common version of HTML. Which had a lot of necessary features missing, So tools like Java Applets, Active X Controls and Macromedia Flash were made to fill in the Gaps.
Yes, there were some gaps in HTML's styling model, which CSS eventually resolved. But quite a few vocal Slashdot users, particularly those who have disabled JavaScript, would argue that there were no serious gaps in a document format to begin with.
Re: (Score:2)
Except that general users were being told that downloading and installing apps was a surefire way to get a virus. Something that just ran in the browser was seen as safe (for a while anyway).
Re: (Score:1)
Will they also block MS Office documents? (Score:1)
If they're worried about security, shouldn't they also block virus vectors such as MS Word and Excel?
Re: (Score:1)
Then you should probably stick with only fantasizing about their cocks and maybe visit a doctor of the listening kind to deal with your penis envy.
Microsoft Blocks Microsoft Silverlight (Score:1)
Houston, we think we found the problem, and it is us.
Re: (Score:3)
At the company I work for we use a sever products that have exclusive interface with Flash or Sliverlight. Our concern is what happens when these products have reached thier End of Life. I know the first thing a lot of people will say is 'switch vendors'. It's not that easy.
We would love to but we have contracts, working relations, and thousands of hours of setup and training on these products. We are looking for alternatives. But until we find them we have to launch VM's for these applications.
Re: (Score:2)
I still use HP LaserJet 2100 printers in production. They are a little slow and clunky, but are otherwise perfect. No maintenance needed after setup other than paper filling once a week and toner every several months. They have a "web" based configuration interface though, and by web I mean it loads a bunch of Java applets (one per menu, and another for the main body). I keep a WinXP VM around with Java 6 and Internet Explorer 6 just for this particular case. I'd honestly suggest building things like this n
Microsoft: "The whole world is our beta tester." (Score:2)
Re: (Score:2)
They were able to play in *office*? (Score:2)
They were able to play in *Office* before? Seriously? Why?
Re: (Score:2)
Someone will find another way to get in (Score:2)
Great! (Score:2)
Ok, Javascript next, please.
Oh. Wait...
Re: (Score:2)
Say you are designing a form into which a user can enter data, and the requirements for this form include quickly validating data on the client side to give feedback that is faster than a round-trip for authoritative server-side validation. Not all users of this form are using the same operating system. Other than JavaScript, what means for real-time client-side validation would you prefer?
Re: (Score:2)
Javascript in a web application, using a browser for input that runs in a sandbox.
Next question.
Re: (Score:2)
Question 2: A vocal minority of users file support tickets to the following effect: "I don't want any JavaScript. I liked HTML better back when it was a document format." What should I tell them?
Re: (Score:2)
(noscript)
Get out of the fucking time machine
(/noscript)
Now take Silverlight out of Windows Server. (Score:4, Interesting)
Yet they still try to cram Silverlight down our throats continuously on Windows Server updates (yes, I know that with enough hassle this can be turned off, but...). There are probably like six people using it for some oddball VDI application; for the rest of us it's a stupid nuisance.
Re: (Score:3)
Netflix used to use that silver light crap. I remember every few months I would have to pull it out by the roots because it would go off the rails. Giving some drm error.
Good riddance to bad rubbish.
Re:Now take Silverlight out of everything! (Score:2)
Is Silverlight even used today? I haven't seen any web sites using it for years.
Re: (Score:2)
Those technologies still run on Windows. Just not inside of MS-Word.
Re: (Score:2)
which is why they are only disabling it for new versions of Office?
I'm not saying you need to read the article, but please at least read the HEADLINE.
It's not the techologies stupid! (Score:2)
It's not the technologies, it's the platforms that implement the technologies and the crappy code they represent that create the exposure. But it's
easier to just block the technologies.
On a positive note, I guess this shows folks on O365 how easily their TOS can be fucked with.
Re: (Score:2)
So what you are saying, is that Flash would be completely excellent if it weren't for every flawed and exploitable version of Flash Player, and every web browser it ever plugged into, and every OS that ever ran it.
But Flash is just fine, guys!
In case you are sarcasm-impaired: Flash-specific security exploits don't work if Flash isn't there.
Things I did not know... (Score:2)
I didn't know you could even do this. So it won't be missed by me.
Apparently the hackers knew though !
I wonder if they'll get rid of all DCOM stuff though?!
They've also blocked EPS images recently (Score:2)
In an Office 365 update last month, Microsoft removed EPS image support. The EPS filter had been defaulting to 'off' since last year (could only be enabled via the Registry), but now they've removed support altogether. Without warning, and without indicating to the user what has happened (the user just gets a red cross instead of an image).
This has bitten us in the ass bigtime, as we have libraries containing thousands of EPS files, which are used for publishing to Word files. Needless to say, we're migrati
Too bad, so sad, big tear, right here. (Score:1)
Adios, you motherflashing software cesspool.