Microsoft To Block Flash In Office 365 Starting January 2019 (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Microsoft To Block Flash In Office 365 Starting January 2019 (bleepingcomputer.com)

Posted by msmash on Tuesday May 22, 2018 @02:00AM from the up-next dept.

An anonymous reader writes: Microsoft plans to soon block Flash, Shockwave, and Silverlight content from activating in Office 365, it said. The block, however, will only be applicable in Office 365 subscription clients -- and not in Office 2016, Office 2013, or Office 2010 distributions, the company added. The change is set to come into effect starting January 2019. This is a full-on block, and not just Microsoft disabling problematic controls with the option to click on a button and view its content, BleepingComputer reports. The block means that Office 365 will prevent Flash, Shockwave, or Silverlight content from playing inside Office documents altogether.

Microsoft cited various reasons for taking this decision. It said that malware authors have abused this mechanism for exploit campaigns, but also that Office users rarely used these features. In addition, Microsoft said it was also taking this decision after Adobe announced Flash's end-of-life for 2020.

7 of 42 comments (clear)

Min score:

Reason:

Sort:

Why was it there in the first place by Oswald+McWeany · 2018-05-22 02:06 · Score: 5, Insightful

Whilst I have to commend MS taking the action to remove these nasties from Office, I have to ask... ... why did it allow them in the first place?

--
"That's the way to do it" - Punch
1. Re:Why was it there in the first place by MachineShedFred · 2018-05-22 02:10 · Score: 3, Interesting
  
  Likely for HTML emails. And yes, that's still stupid.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
2. Re:Why was it there in the first place by thegarbz · 2018-05-22 02:33 · Score: 2
  
  why did it allow them in the first place
  I remember once the goal of computers was to be able to do anything anywhere regardless of whether it made sense to do so. Complete seamlessness on both an application and content level. It's a logical extension of OLE allowing native editing of spreadsheets embedded in word documents for instance. Not a crap goal by any means, but one that in its generic case may not make a lot of sense for individual specific use cases.
  It stands to reason that a content element completely ballsed up from a security point of view would as such introduce security problems in the systems which allow it to be embedded.
3. Re:Why was it there in the first place by jellomizer · 2018-05-22 03:05 · Score: 3, Insightful
  
  Well lets go back 20 years.
  HTML 3 was the common version of HTML. Which had a lot of necessary features missing, So tools like Java Applets, Active X Controls and Macromedia Flash were made to fill in the Gaps. It wasn't great but it solved the problems that was happening.
  Java Applets were always really slow, Active X was insecure and dangerous, Flash was the fastest at the time, and worked across platforms.
  Microsoft later made Silverlight to try to take over Flash, with minimum success.
  Active X and Silverlight were part of Microsoft Browser War arsenal. Because Microsoft was hoping by winning the browser war, they would have control of the standards. While they won the war by IE 6, their objective to control the standards didn't pan out too well. However its attempt created a large number of legacy programs that used such plugins. That is hard to get rid of.
  Now that HTML 5 Supports most of what These legacy plugins did. They are no longer needed, but removing them needs to be a gradual planned event.
  Why did they start in the first place? Because the standard wasn't fully supporting the features that were needed.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Now take Silverlight out of Windows Server. by ErikTheRed · 2018-05-22 03:34 · Score: 3, Interesting

Yet they still try to cram Silverlight down our throats continuously on Windows Server updates (yes, I know that with enough hassle this can be turned off, but...). There are probably like six people using it for some oddball VDI application; for the rest of us it's a stupid nuisance.

--

Help save the critically endangered Blue Iguana
1. Re:Now take Silverlight out of Windows Server. by jwhyche · 2018-05-22 07:11 · Score: 2
  
  Netflix used to use that silver light crap. I remember every few months I would have to pull it out by the roots because it would go off the rails. Giving some drm error.
  Good riddance to bad rubbish.
  
  --
  I read at +2. If your post doesn't reach that level I will not see or respond to it.
Re:Microsoft Blocks Microsoft Silverlight by randomErr · 2018-05-22 03:45 · Score: 2

At the company I work for we use a sever products that have exclusive interface with Flash or Sliverlight. Our concern is what happens when these products have reached thier End of Life. I know the first thing a lot of people will say is 'switch vendors'. It's not that easy.
We would love to but we have contracts, working relations, and thousands of hours of setup and training on these products. We are looking for alternatives. But until we find them we have to launch VM's for these applications.

--
You say things that offend me and I can deal with it. Can you?