vSphere Web Client “ Shockwave Flash has crashed”

Over the weekend Google pushed out an update to Flash (27.0.0.170) with an update to Chrome (61.0.3163.100) and now vSphere Web Client is broken once again! 

VMware is asking us (VMware KB 2151945) to use an older (read: deprecated, insecure) version of Shockwave Flash as a workaround. You can find excellent instructions to implement this workaround on virtuallyGhetto.

According to RHEL, the version of Flash that VMware is asking us to use is vulnerable to CVE-2017-11292, with exploits known to exist in the wild.

All of this goes to underscore the need for a standards-based client for VMware vSphere, as well as the comonly-held opinion that VMware should not have obsoleted the C# Client until such a standards-based client was fully functional.

I will not recommend upgrading VMware vSphere beyond version 6.0 until a standards-based client is available!

Here are some steps you can take to smooth your vSphere Management experience:

  1. Make sure that vSphere Management runs on a secure network, separate from other servers and with access only by a limited number of workstations.
    1. This will mitigate danger from running outdated versions of Shockwave Flash and other utilities; it is not an excuse to disregard updates
  2. Disable automatic Chrome updates: Set the value of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\AutoUpdateCheckPeriodMinutes to the REG_DWORD value of “0”.
    1. This will place the when and where aspect of client (Google Chrome) updates back in control of the administrator
  3. Upgrade to VMware vSphere 6.5 only if absolutely necessary!
  4. Use the Windows C# Client whenever possible with vSphere 6, and previous supported versions of vSphere

About: John Borhek

John Borhek is the CEO and Lead Solutions Architect at VMsources Group Inc. John has soup-to-nuts experience in Mission Critical Infrastructure, specializing in hyper-convergence and Cloud Computing, engaging with organizations all over the United States and throughout the Americas.


Leave a Reply

Your email address will not be published. Required fields are marked *