Running software past its end of life introduces risk to your organization. It means you will no longer receive security updates and patches for newly discovered vulnerabilities. Sometimes the business requires that you continue to use an unsupported product. Adobe Flash is a case in point.Microsoft recently announced plans to phase out Flash support in its operating systems by the end of 2020. As more firms and websites move to HTML5, WebGL, and WebAssembly, the need for Flash has diminished. Microsoft is ending support for Adobe Flash Player on Microsoft Edge (both the new Microsoft Edge and Microsoft Edge Legacy) and Internet Explorer 11.In fall 2020, an \u201cUpdate for Removal of Adobe Flash Player\u201d will be available via Microsoft Update Catalog, Windows Update and WSUS that permanently removes Adobe Flash Player as a component of Windows OS devices.Secure options for using Flash past Windows end of supportIf your enterprise relies on Flash, what are your options? Adobe is working with licensing partner Harman to provide enterprises with support and security options for Flash. Among the options is the ability to create a list of approved domains that Flash may run. Starting with the June 2020 release of Flash, you can configure Flash player to allow content only from a list of allowed URLs you trust and block all other content. Allowed content will continue to work on your system past the end-of-life deadline but is not recommended and should be done only as a last resort. Attackers will look for Flash and try to exploit it. The June release also provides logging capabilities to determine what Flash content is being used by client systems. Enterprise enablement allows you to turn on preferences such as AllowListPreview, TraceOutputEcho, EnableAllowList and AllowListRootMovieOnly.You may wish to block the end-of-life notifications that will begin in the latter half of 2020. As noted in the Flash administration guide, you can set the properties in the mms.cfg to disable the prompt. Either set AutoUpdateDisable = 1 or add the value of EOLUninstallDisable = 1. The file is located at C:WindowsSysWOW64MacromedFlashmms.cfg for 64-bit installations and C:WindowsSystem32MacromedFlashmms.cfg. Susan BradleyLocation of mms.cfgIn the new release of Microsoft Edge (Chromium), Flash is disabled by default. If you need to enable it, go to \u201cSettings\u201d and \u201cmore > Settings\u201d. In the left navigation, select \u201cSite permissions\u201d and then\u201dAdobe Flash\u201d. Set the toggle on for the \u201cAsk before running Flash\u201d option.You can proactively disable Flash now in your Windows 10 Edge deployments to ensure that no one can use it. Review your Group Policy settings to ensure you have the proper ADM template deployed. Download the templates from the Microsoft website and deploy them into your Group Policy central store. In the Edge Group Policy setting for \u201cAllow Adobe Flash\u201d, set the value to disabled to block Flash on Windows 10. Susan BradleyEdge Group Policy settingsOther Windows applications reaching end of lifeThe Center for Internet Security (CIS) posts a list of software that is nearing its end of life. Use the list to track software that is coming to its end of life. Past reports include October 2019, December 2019, February 2020, March 2020 and June 2020. As noted in the CISA tips on patching software, using unsupported software risks having vulnerabilities that can\u2019t be fixed. It can also cause software compatibility issues as well as decreased system performance and productivity.It\u2019s recommended that you stop using software that is no longer supported. At a minimum, isolate end of life software products and block their ability to access the internet or interact with systems that connect with the web.For those of you still running Office 2010, be aware that as of October 13, 2020, Office 2010 will no longer receive security updates. Microsoft indicates that the following Office applications will no longer be patched:Access 2010Dynamics GP 2010Excel 2010Excel Mobile 2010Exchange Server 2010 (all editions)FAST Search Server 2010 (all editions)Groove Server 2010Office 2010 (all editions)OneNote 2010PowerPoint 2010Project 2010Publisher 2010Search Server 2010System Center Data Protection Manager 2010System Center Essentials 2010Visio 2010 (all editions)Word 2010Windows Embedded Standard 7Office 2016 for Mac (all editions)Excel 2016 for MacOutlook 2016 for MacPowerPoint 2016 for MacWord 2016 for MacIf you use any of these platforms, plan on migrating away from them as soon as possible. Office is risky to run after it\u2019s been placed into end of life and will no longer be patched. Attackers often use Office to gain more access to a system. Office typically has at least one remote code execution every month. September 2020\u2019s security updates fixed 13 vulnerabilities that could enable remote attackers to execute arbitrary code on vulnerable systems. Office 2010 will not offer the ability to purchase extended support.Exploiting those vulnerabilities would usually require opening a specially crafted file. If you use Outlook, or any mail program that shows previews for attachments, this could happen even without user interaction. Just viewing the email (with preview) could trigger an exploit. If you consider using Office 2010 after October, understand that your risk level will slowly but steadily grow, as more and more vulnerabilities will be discovered in the product.Take the time to review your organization for any out of date or soon to be out of date software. Examine your options and review what risks you face from the software you are running on your systems.