Using Flash Beyond the End of Life Date
It really didn't matter how much notice that Adobe gave organizations, there were always going to be applications that were going to live beyond the end of life. It's one of those truisms that you learn when you've been in IT long enough. In this post, I'm going to share what your experience is going to be like with Flash once it goes end of life, what the supported (read: not free) options you have are, and what the quasi-supported option available is.
End of Life Expectations
Unlike most products that go end of life (EOL), Adobe Flash won't just be unsupported or unpatched, it will stop functioning entirely. Nested into the Flash Player for Internet Explorer, Microsoft Edge, and Google Chrome are clocks that are ready to stop loading flash content beginning in January of 2021. You can experience this head of time by setting your clock forward to the end of January and restarting your browser.
In versions of Google Chrome that still run Flash Player, the following image will appear in place of the Flash object.
Clicking on the image will bring you to this Adobe EOL webpage.
Because the code to disable flash is built into Flash itself and not the Chrome browser, downgrading Google Chrome to an earlier version will not resolve this issue. It's also anticipated that Google will remove Flash entirely from distributions of Chrome starting in early 2021.
Microsoft has announced that Flash will be removed started in Edge v88. Setting your clock ahead in the current versions doesn't seem to have the same impact on Edge as it does on Chrome, suggesting that older versions of Edge may still continue to work until Flash is disabled either by some other mechanism or through a Windows Update.
Like Chrome, the Flash add-in for Internet Explorer is timebombed to disable starting in January 2021. The image and link used by Chrome are also being used within Internet Explorer. Flash will remain installed, however, until KB4577586 is installed, which will remove the Flash player entirely. This update is irreversable. Beginning in the summer of 2021, Microsoft has announced that this removal will be included as part of the monthly cummulative updates.
Supported Path Forward
Adobe partner Harman has stepped up to continue support for Flash Player. I haven't experienced their solution, but they claim on their website that they can continue to support the Flash experience within Windows.
The “Packaged Browser" is essentially an application that wraps up a browser engine along with the Flash Player and is locked to your web-based Flash application taking on appropriate branding. It is deployed as a separate application, so it needs to be installed by an end user and accessed as a desktop application. It is like a browser tab without the navigational UI and with a Flash Player isolated from the rest of the system. This application works by loading in the appropriate browser engine and directing this to the predefined URL that hosts the web-based application. The browser engine then loads the custom version of the Flash Player as provided under license by HARMAN. The web-based application is then displayed as if it were running in a normal web page. (Source)
At the time of this writing, pricing information for this offering was not available on the Harmen website.
Unsupported Path Forward
Enter Adobe Enterprise Enablement for Flash Player. Using Enterprise Enablement, organizations that still depend on Flash can enable it on a per-domain basis. Before we go down this path, a quick word on this from our friends at Adobe.
Any use of the domain-level allow list after the EOL Date is strongly discouraged, will not be supported by Adobe, and is entirely at the user’s own risk. (Source)
But, let's face it - it's the third week of January and your business critical system is down because no one supporting the application realized it was Flash, you don't much care for support options, do you?
You can read about Enterprise Enablement in the Flash Player Admin Guide, but I'm going to run you through the steps below to keep it nice and simple.
- Since Chrome & Edge will be removing Flash, this is basically an IE solution. If you're concerned with other browsers, look into IE Mode for Edge and Legacy Browser Support for Chrome, both of which will force domains you specify to open within Internet Explorer.
- You should be running the latest version of Adobe Flash. The admin docs from Adobe seem to suggest this will work in versions released in June 2020 or later. For my testing, I downloaded the latest version for Internet Explorer which was dated October of 2020.
- With everything else in place, you create or modify the file
%WINDIR%\SYSTEM32\MACROMED\FLASH(32-bit systems) or
%WINDIR%\SYSWOW64\MACROMED\FLASH(64-bit sytems) and supply the contnet I've defined below. Lines that start with the pound sign (#) are comments and do not need to be included.
1# Disable prompts to uninstall Adobe Flash 2EOLUninstallDisable=1 3 4# Turn on the Allow List feature for Adobe Flash 5EnableAllowList=1 6 7# Send messages from Flash Player to the browser's built-in console 8TraceOutputEcho=1 9 10# List of Allowed Websites 11AllowListUrlPattern=https://www.example.org/ 12AllowListUrlPattern=*://maybesecure.example.org/ 13AllowListUrlPattern=http://internalsite/ 14AllowListUrlPattern=https://192.168.1.1/
This file must be saved in UTF-8 or ANSI format or it will be ignored (or perhaps just unreadble) by Flash Player.
You can find a full list of available patterns as well as other options you can set in the Flash Player Admin Guide. Once you have this working on your test system, you can deploy the file using any number of systems management tools, such as Configuration Manager.
Troubleshooting the MMS.CFG
To troubleshoot issues, I've found the following helpful:
- Double-check your version first - this doesn't work in older versions
- Confirm the path to your MMS.CFG, remember it needs to be in SYSWOW64 for 64-bit systems
- Remember that the file needs to be ANSI or UTF-8 - if in doubt, check with Notepad++
- Within IE, press F12 to load the console and then refresh the page - Flash will write status messages to the console