An attacker could also embed an Active X control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine.The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.Two sites in particular that you may want to add are *.windowsupdate.and *.update.

how to prevent flash from updating-75

How to prevent flash from updating video

For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.

Note The vulnerabilities discussed in this bulletin affect Windows Server 2016 Technical Preview 5.

To be protected from the vulnerabilities, Microsoft recommends that customers running this operating system apply the current update, which is available exclusively from Windows Update.

Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list.If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".Note Add any sites that you trust not to take malicious action on your system.The following mitigating factors may be helpful in your situation: Note You must restart Internet Explorer for your changes to take effect. There is no impact as long as the object is not intended to be used in Internet Explorer. Delete the registry keys that were added in implementing this workaround. Office documents that use embedded Active X controls may not display as intended. To re-enable Active X controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps: Note If no slider is visible, click Default Level, and then move the slider to High.Note Setting the level to High may cause some websites to work incorrectly.For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements.