Microsoft Security Advisory: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Article ID: 2796096 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:
http://technet.microsoft.com/security/advisory/2755801
(http://technet.microsoft.com/security/advisory/2755801)
Back to the top | Give Feedback

Resolution

The following files are available for download from the Microsoft Download Center:

Update for Internet Explorer Flash Player for Windows 8 (KB2796096)

Collapse this imageExpand this image
Download
Download the Windows8-RT-KB2796096-x86.msu package now.
(http://www.microsoft.com/downloads/details.aspx?FamilyId=ad9d5352-6522-4f9d-b826-d3015b4aa87b)

Update for Internet Explorer Flash Player for Windows 8 x64-based systems (KB2796096)

Collapse this imageExpand this image
Download
Download the Windows8-RT-KB2796096-x64.msu package now.
(http://www.microsoft.com/downloads/details.aspx?FamilyId=450ea482-2edc-42c5-8df2-5fac1f2c8819)

Update for Internet Explorer Flash Player for Windows Server 2012 (KB2796096)

Collapse this imageExpand this image
Download
Download the Windows8-RT-KB2796096-x64.msu package now.
(http://www.microsoft.com/downloads/details.aspx?FamilyId=425e45cc-ea20-4ff8-9ff1-26c1016a2301)


Release Date: January 8, 2013

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591
(http://support.microsoft.com/kb/119591/ )
How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Back to the top | Give Feedback

Update Information

Detection and deployment tools and guidance

Security Central

Manage the software and security updates that you have to deploy to the servers, desktop, and mobile systems in your organization. For more information, see the TechNet Update Management Center
(http://technet.microsoft.com/en-us/updatemanagement/bb245732)
. The Microsoft TechNet Security website
(http://technet.microsoft.com/en-US/security/default.aspx)
provides additional information about security in Microsoft products.

Security updates are available from Microsoft Update
(http://go.microsoft.com/fwlink/?LinkID=40747)
and Windows Update
(http://go.microsoft.com/fwlink/?LinkId=21130)
. Security updates are also available from the Microsoft Download Center
(http://go.microsoft.com/fwlink/?LinkId=21129)
. You can find them most easily by doing a keyword search for "security update."

Finally, you can download security updates from the Microsoft Update Catalog
(http://go.microsoft.com/fwlink/?LinkId=96155)
. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update. This includes security updates, drivers and service packs. For more information about the Microsoft Update Catalog, see the Microsoft Update Catalog FAQ
(http://go.microsoft.com/fwlink/?LinkId=97900)
.

Detection and deployment guidance

Microsoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, see Microsoft Knowledge Base article 961747
(http://support.microsoft.com/kb/961747)
.

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates and also common security misconfigurations. For more information, see Microsoft Baseline Security Analyzer
(http://go.microsoft.com/fwlink/?linkid=20567)
.

The following table provides the MBSA detection summary for this security update.
Collapse this tableExpand this table
SoftwareMBSA
Windows 8 for 32-bit SystemsNo
Windows 8 for 64-bit SystemsNo
Windows Server 2012No
Note Customers who use legacy software that is not supported by the latest release of MBSA, Microsoft Update, and Windows Server Update Services, should see Microsoft Baseline Security Analyzer
(http://go.microsoft.com/fwlink/?linkid=20567)
and reference the "Legacy Product Support" section to find information about how to create comprehensive security update detection with legacy tools.

Windows Server Update Services

Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. For more information about how to deploy security updates by using Windows Server Update Services, see the TechNet article, Windows Server Update Services
(http://technet.microsoft.com/wsus/default.aspx)
.

Systems Management Server

The following table provides the SMS detection and deployment summary for this security update.
Collapse this tableExpand this table
SoftwareSMS 2003 with ITMUSystem Center Configuration Manager
Windows 8 for 32-bit SystemsNoYes
Windows 8 for 64-bit SystemsNoYes
Windows Server 2012NoYes
Note Microsoft discontinued support for SMS 2.0 on April 12, 2011. For SMS 2003, Microsoft also discontinued support for the Security Update Inventory Tool (SUIT) on April 12, 2011. Customers are encouraged to upgrade to System Center Configuration Manager
(http://technet.microsoft.com/systemcenter/bb980621)
. For customers remaining on SMS 2003 Service Pack 3, the Inventory Tool for Microsoft Updates
(http://technet.microsoft.com/sms/bb676783.aspx)
(ITMU) is also an option.

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update
(http://go.microsoft.com/fwlink/?LinkID=40747)
and that are supported by Windows Server Update Services
(http://technet.microsoft.com/wsus/default.aspx)
. For more information about the SMS 2003 ITMU, see SMS 2003 Inventory Tool for Microsoft Updates
(http://technet.microsoft.com/sms/bb676783.aspx)
. For more information about SMS scanning tools, see SMS 2003 Software Update Scanning Tools
(http://technet.microsoft.com/sms/bb676786.aspx)
. See also Downloads for Systems Management Server 2003
(http://technet.microsoft.com/sms/bb676766.aspx)
.

System Center Configuration Manager uses WSUS 3.0 for detection of updates. For more information, see System Center
(http://technet.microsoft.com/systemcenter/bb980621)
.

For detailed information, see Microsoft Knowledge Base article 910723
(http://technet.microsoft.com/sms/bb676766.aspx)
: Summary list of monthly detection and deployment guidance articles.

Update Compatibility Evaluator and Application Compatibility Toolkit

Updates frequently write to the same files and registry settings required for your applications to run. This can trigger incompatibilities and increase the time that is required to deploy security updates. You can streamline testing and validating Windows updates against installed applications by using the Update Compatibility Evaluator
(http://technet.microsoft.com/library/cc749197)
components that are included with Application Compatibility Toolkit
(http://www.microsoft.com/downloads/details.aspx?FamilyId=24DA89E9-B581-47B0-B45E-492DD6DA2971)
.

The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and lessen application compatibility issues before you deploy Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.

Security Update Deployment

Windows 8 (all editions)

Reference table
The following table contains the security update information for this software. You can find additional information in the subsection, Deployment information, in this section.
Collapse this tableExpand this table
Inclusion in future service packsThe update for this issue will be included in a future service pack or update rollup
Deployment
Installing without requiring user interventionFor Adobe Flash Player in Internet Explorer 10 on all supported 32-bit editions of Windows 8:
Windows8-RT-KB2796096-x86.msu /quiet
For Adobe Flash Player in Internet Explorer 10 on all supported 64-bit editions of Windows 8:
Windows8-RT-KB2796096-x64.msu /quiet
Installing without restartingFor Adobe Flash Player in Internet Explorer 10 on all supported 32-bit editions of Windows 8:
Windows8-RT-KB2796096-x86.msu /quiet /norestart
For Adobe Flash Player in Internet Explorer 10 on all supported x64-bit editions of Windows 8:
Windows8-RT-KB2796096-x64.msu /quiet /norestart
Additional informationSee the Detection and deployment tools and guidance subsection.
Restart requirement
Restart required?In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012
(http://support.microsoft.com/kb/887012)
.
HotPatchingNot applicable.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Deployment information

Installing the update
When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.

For more information about the terminology that appears in this Knowledge Base Article, such as hotfix, see Microsoft Knowledge Base article 824684
(http://support.microsoft.com/kb/824684)
.

This security update supports the following setup switches.
Collapse this tableExpand this table
Supported security update installation switches
SwitchDescription
/?, /h, /helpDisplays help on supported switches.
/quietSuppresses the display of status or error messages.
/norestartWhen it is combined with/quiet, the system is not restarted after installation even if a restart is required to complete installation.
/warnrestart:<seconds>When it is combined with /quiet, the installer warns the user before it begins the restart.
/promptrestartWhen it is combined with /quiet, the installer prompts before it begins restart.
/forcerestartWhen it is combined with /quiet, the installer forcibly closes applications and begins the restart.
/log:<file name>Enables logging to specified file.
/extract:<destination>Extracts the package contents to the destination folder.
/uninstall /kb:<KB number>Uninstalls the security update.
Note For more information about the Wusa.exe installer, see "Windows Update Stand-alone Installer" in the TechNet article, Miscellaneous Changes in Windows 7
(http://technet.microsoft.com/library/dd871148.aspx)
.
Verifying that the update was applied
Because there are several editions of Microsoft Windows, the following steps may be different on your system. If they are, see your product documentation to complete these steps.

File version verification
  1. Click Start, and then type an update file name in the Search box.
  2. When the file appears under Programs, right-click the file name, and then click Properties.
  3. On the General tab, compare the file size with the file information tables that are provided in the Microsoft Knowledge Base article.

    Note Depending on the edition of the operating system or the programs that are installed on your system, some files that are listed in the file information table may not be installed.
  4. You can also click the Details tab and compare information, such as file version and date modified, with the file information tables provided in the Microsoft Knowledge Base article.

    Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.
  5. Finally, you can also click the Previous Versions tab and compare file information for the previous version of the file together with the file information for the new, or updated, version of the file.

Windows Server 2012 (all editions)

Reference table
The following table contains the security update information for this software. You can find additional information in the subsection, Deployment information, in this section.
Collapse this tableExpand this table
Inclusion in future service packsThe update for this issue will be included in a future service pack or update rollup
Deployment
Installing without requiring user interventionFor Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:
Windows8-RT-KB2796096-x64.msu /quiet
Installing without restartingFor Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2008 R2:
Windows8-RT-KB2796096-x64.msu /quiet /norestart
Additional informationSee the Detection and deployment tools and Guidance subsection.
Restart requirement
Restart required?In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012
(http://support.microsoft.com/kb/887012)
.
HotPatchingNot applicable.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
Registry key verification

Note A registry key does not exist to validate the presence of this update.

Deployment information

Installing the update
When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.

For more information about the terminology that appears in this Knowledge Base article, such as hotfix, see Microsoft Knowledge Base article 824684
(http://support.microsoft.com/kb/824684)
.

This security update supports the following setup switches.
Collapse this tableExpand this table
Supported security update installation switches
SwitchDescription
/?, /h, /helpDisplays help on supported switches.
/quietSuppresses the display of status or error messages.
/norestartWhen it is combined with/quiet, the system is not restarted after installation even if a restart is required to complete installation.
/warnrestart:<seconds>When it is combined with /quiet, the installer warns the user before it begins the restart.
/promptrestartWhen it is combined with /quiet, the installer prompts before it begins restart.
/forcerestartWhen it is combined with /quiet, the installer forcibly closes applications and begins the restart.
/log:<file name>Enables logging to specified file.
/extract:<destination>Extracts the package contents to the destination folder.
/uninstall /kb:<KB number>Uninstalls the security update.
Note For more information about the Wusa.exe installer, see "Windows Update Stand-alone Installer" in the TechNet article, Miscellaneous Changes in Windows 7
(http://technet.microsoft.com/library/dd871148.aspx)
.
Verifying that the update was applied
Because there are several editions of Microsoft Windows, the following steps may be different on your system. If they are, see your product documentation to complete these steps.

File version verification
  1. Click Start, and then type an update file name in the Start Search box.
  2. When the file appears under Programs, right-click the file name and then click Properties.
  3. On the General tab, compare the file size with the file information tables provided in the Microsoft Knowledge Base article.

    Note Depending on the edition of the operating system, or the programs that are installed on your system, some files that are listed in the file information table may not be installed.
  4. You can also click the Details tab and compare information, such as file version and date modified, with the file information tables provided in the Microsoft Knowledge Base article.

    Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.
  5. Finally, you can also click the Previous Versions tab and compare file information for the previous version of the file together with the file information for the new, or updated, version of the file.
Back to the top | Give Feedback

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

For Internet Explorer Flash Player for x86-based versions of Windows 8 (KB2796096)

Collapse this imageExpand this image
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Flash.ocx11.3.378.510,673,49618-Dec-201223:32x86
Flashplayerapp.exe11.3.378.5695,64018-Dec-201223:32x86
Flashplayercplapp.cpl11.3.378.580,72818-Dec-201223:32Not Applicable
Flashutil_activex.dll11.3.378.5474,96818-Dec-201223:32x86
Flashutil_activex.exe11.3.378.5701,78418-Dec-201223:32x86
Flash.ocx11.3.378.510,673,49618-Dec-201223:32x86
Flashplayerapp.exe11.3.378.5695,64018-Dec-201223:32x86
Flashplayercplapp.cpl11.3.378.580,72818-Dec-201223:32Not Applicable
Flashutil_activex.dll11.3.378.5474,96818-Dec-201223:32x86
Flashutil_activex.exe11.3.378.5701,78418-Dec-201223:32x86
Collapse this imageExpand this image

For Internet Explorer Flash Player for x64-based versions of Windows 8 and for Windows Server 2012 (KB2796096)

Collapse this imageExpand this image
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Flash.ocx11.3.378.512,975,44818-Dec-201223:32x64
Flashutil_activex.dll11.3.378.5523,09618-Dec-201223:32x64
Flashutil_activex.exe11.3.378.5430,93618-Dec-201223:32x64
Flash.ocx11.3.378.512,975,44818-Dec-201223:32x64
Flashutil_activex.dll11.3.378.5523,09618-Dec-201223:32x64
Flashutil_activex.exe11.3.378.5430,93618-Dec-201223:32x64
Flash.ocx11.3.378.510,673,49618-Dec-201223:32x86
Flashplayerapp.exe11.3.378.5695,64018-Dec-201223:32x86
Flashplayercplapp.cpl11.3.378.580,72818-Dec-201223:32Not Applicable
Flashutil_activex.dll11.3.378.5474,96818-Dec-201223:32x86
Flashutil_activex.exe11.3.378.5701,78418-Dec-201223:32x86
Flash.ocx11.3.378.510,673,49618-Dec-201223:32x86
Flashplayerapp.exe11.3.378.5695,64018-Dec-201223:32x86
Flashplayercplapp.cpl11.3.378.580,72818-Dec-201223:32Not Applicable
Flashutil_activex.dll11.3.378.5474,96818-Dec-201223:32x86
Flashutil_activex.exe11.3.378.5701,78418-Dec-201223:32x86
Collapse this imageExpand this image
Back to the top | Give Feedback

Properties

Article ID: 2796096 - Last Review: January 8, 2013 - Revision: 1.0
Applies to
  • Windows 8
  • Windows 8 Release Preview
  • Windows 8 Enterprise
  • Windows 8 Enterprise N
  • Windows 8 N
  • Windows 8 Pro N
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Microsoft Hyper-V Server 2012
  • Windows Server 2012 Standard
Keywords: 
atdownload kbfix kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB2796096
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top