Applies ToWindows 10, version 1511, all editions Windows 10 Windows Server 2012 R2 Datacenter Windows Server 2012 R2 Standard Windows Server 2012 R2 Essentials Windows Server 2012 R2 Foundation Windows 8.1 Enterprise Windows 8.1 Pro Windows 8.1 Windows RT 8.1 Windows Server 2012 Datacenter Windows Server 2012 Standard Windows Server 2012 Essentials Windows Server 2012 Foundation

Summary

This security update resolves vulnerabilities in Adobe Flash Player when it is installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511. For more information, see the "Affected Software" section. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries that are contained in Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. To learn more about the vulnerability, see Microsoft Security Bulletin MS16-022.

More Information

Important

  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

For more information, visit the following Adobe website:

https://helpx.adobe.com/flash-player/release-note/fp_20_air_20_release_notes.htmlMicrosoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, seeGet security updates automatically. Note For Windows RT 8.1, this update is available through Windows Update only.

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update. Click the download link in Microsoft Security Bulletin MS16-022 that corresponds to the version of Windows that you are running.

More Information

Security CentralYou can manage the software and security updates that you have to deploy to the servers, desktops, and mobile systems in your organization. For more information, see the TechNet Update Management Center. TheMicrosoft TechNet Security website provides more information about security in Microsoft products. Security updates are available fromMicrosoft Update andWindows Update. Security updates are also available from theMicrosoft Download Center. You can find security updates most easily by doing a keyword search for "security update."You can download security updates from theMicrosoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content that is made available through Windows Update and Microsoft Update. This includes security updates, drivers, and service packs. For more information about the Microsoft Update Catalog, see theMicrosoft Update Catalog FAQ.

Detection and deployment guidanceMicrosoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, seeMicrosoft Knowledge Base article 961747.

Microsoft Baseline Security AnalyzerMicrosoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates and common security misconfigurations. For more information, seeMicrosoft Baseline Security Analyzer. The following table provides the MBSA detection summary for this security update.

Software

MBSA

Windows 8.1 for 32-bit systems

No

Windows 8.1 for 64-bit systems

No

Windows Server 2012 and Windows Server 2012 R2

No

Note Customers who use legacy software that is not supported by the latest release of MBSA, Microsoft Update, and Windows Server Update Services should see the "Legacy Product Support" section ofMicrosoft Baseline Security Analyzer. Here they will find information about how to create comprehensive security update detection by using legacy tools.

Windows Server Update ServicesWindows Server Update Services (WSUS) lets information technology administrators deploy the latest Microsoft product updates to computers that are running Windows. For more information about how to deploy security updates by using Windows Server Update Services, see the following Microsoft TechNet article:

Windows Server Update Services

Systems Management ServerThe following table provides the Microsoft Systems Management Server (SMS) detection and deployment summary for this security update.

Software

SMS 2003 with ITMU

System Center Configuration Manager

Windows 8.1 for 32-bit systems

No

Yes

Windows 8.1 for 64-bit systems

No

Yes

Windows Server 2012 and Windows Server 2012 R2

No

Yes

Note Microsoft discontinued support for SMS 2.0 on April 12, 2011. For SMS 2003, Microsoft also discontinued support for the Security Update Inventory Tool (SUIT) on April 12, 2011. Customers are encouraged to upgrade toSystem Center Configuration Manager. For customers who remain on SMS 2003 Service Pack 3, the Inventory Tool for Microsoft Updates (ITMU) is also an option. For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered byMicrosoft Update and that are supported byWindows Server Update Services. For more information, see Systems Management Server 2003. For more information about SMS scanning tools, seeSystems Management Server 2003 Software Update Scanning Tools. See also Downloads for Systems Management Server 2003. System Center Configuration Manager uses WSUS 3.0 for detection of updates. For more information, seeSystem Center. For detailed information, seeMicrosoft Knowledge Base article 910723: Summary list of monthly detection and deployment guidance articles. Update Compatibility Evaluator and Application Compatibility ToolkitUpdates frequently write to the same files and registry settings that are required for your applications to run. This can trigger incompatibilities and increase the time that is required to deploy security updates. You can streamline the testing and validating of Windows updates against installed applications by using theUpdate Compatibility Evaluator components that are included in Application Compatibility Toolkit. The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and decrease application compatibility issues before you deploy Windows Vista, a Windows update, a Microsoft Security update, or a new version of Windows Internet Explorer in your environment.

Windows 8.1 (all editions)

Reference tableThe following table contains the security update information for this software. You can find more information in the "Deployment information" section.

Deployment

Information

For Adobe Flash Player in Internet Explorer 11 on all supported 32-bit editions of Windows 8.1:Windows8.1-KB3135782-x86.msu /quiet

For Adobe Flash Player in Internet Explorer 11 on all supported x64-based editions of Windows 8.1:Windows8.1-KB3135782-x64.msu /quiet

For Adobe Flash Player in Internet Explorer 11 on all supported 32-bit editions of Windows 8.1:Windows8.1-KB3135782-x86.msu /quiet /norestart

For Adobe Flash Player in Internet Explorer 11 on all supported x64-based editions of Windows 8.1:Windows8.1-KB3135782-x64.msu /quiet /norestart

More information

See the "Detection and deployment tools and guidance" subsection.

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update requires a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, you should stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, seeMicrosoft Knowledge Base Article 887012.

Hotpatching

Not applicable

Removal information

To uninstall an update that was installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

Registry key verification

There is no registry key to validate the presence of this update.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.

Deployment information

Installing the updateWhen you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix. For more information about the terminology that appears in this Knowledge Base article, such as "hotfix," seeMicrosoft Knowledge Base article 824684. This security update supports the following installation switches.

Switch

Description

/?, /h, /help

Displays help about supported switches.

/quiet

Suppresses the display of status or error messages.

/norestart

When it is combined with /quiet, the system is not restarted after installation even if a restart is required to complete installation.

/warnrestart:<seconds>

When it is combined with /quiet, the installer warns the user before it begins the restart.

/promptrestart

When it is combined with /quiet, the installer prompts before it begins restart.

/forcerestart

When it is combined with /quiet, the installer forcibly closes applications and begins the restart.

/log:<file name>

Enables logging to the specified file.

/extract:<destination>

Extracts the package contents to the destination folder.

/uninstall /kb:<KB number>

Uninstalls the security update.

Note For more information about the Wusa.exe installer, see the "Windows Update Stand-alone Installer" section in the TechNet articleMiscellaneous Changes in Windows 7.

Verifying that the update was appliedBecause there are several editions of Windows, the following steps may be different on your system. If they are different, see your product documentation to complete these steps. Verifying the file version

  1. Click Start, and then type an update file name in the Search box.

  2. When the file appears under Programs, right-click the file name, and then click Properties.

  3. On the General tab, compare the file size with the file information tables that are provided in the Microsoft Knowledge Base article. Note Depending on the edition of the operating system or the programs that are installed on your system, some files that are listed in the file information table may not be installed.

  4. You can also click the Details tab and compare information, such as file version and date changed, with the file information tables that are provided in the Microsoft Knowledge Base article. Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files are renamed during installation. If the file or version information does not exist, use one of the other available methods to verify update installation.

  5. Finally, you can also click the Previous Versions tab and compare file information for the earlier version of the file together with the file information for the new, or updated, version of the file.

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference tableThe following table contains the security update information for this software. You can find more information in the "Deployment information" subsection in this section.

Deployment

Information

Installing without requiring user intervention

For Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:Windows8-RT-KB3135782-x64.msu /quiet

For Adobe Flash Player in Internet Explorer 11 on all supported editions of Windows Server 2012 R2:Windows8.1-KB3135782-x64.msu /quiet

Installing without restarting

For Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:Windows8-RT-KB3135782-x64.msu /quiet /norestart

For Adobe Flash Player in Internet Explorer 11 on all supported editions of Windows Server 2012 R2:Windows8.1-KB3135782-x64.msu /quiet /norestart

More information

See the "Detection and deployment tools and Guidance" subsection.

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update requires a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, you should stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, seeMicrosoft Knowledge Base article 887012.

Hotpatching

Not applicable

Removal information

To uninstall an update that was installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

Registry key verification

A registry key does not exist to validate the presence of this update.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.

Deployment information

Installing the updateWhen you install this security update, the installer checks whether one or more of the files that are being updated on your system were previously updated by a Microsoft hotfix. For more information about the terminology that appears in this Knowledge Base article, such as "hotfix," seeMicrosoft Knowledge Base article 824684. This security update supports the following installation switches.

Switch

Description

/?, /h, /help

Displays help about supported switches.

/quiet

Suppresses the display of status or error messages.

/norestart

When it is combined with/quiet, the system does not restart after the installation even if a restart is required to complete installation.

/warnrestart:<seconds>

When it is combined with /quiet, the installer warns the user before it begins the restart.

/promptrestart

When it is combined with /quiet, the installer prompts the user before it begins the restart.

/forcerestart

When it is combined with /quiet, the installer forcibly closes applications and begins the restart.

/log:<file name>

Enables logging to the specified file.

/extract:<destination>

Extracts the package contents to the destination folder.

/uninstall /kb:<KB number>

Uninstalls the security update.

Note For more information about the Wusa.exe installer, see "Windows Update Stand-alone Installer" in the following Microsoft TechNet article:

Miscellaneous Changes in Windows 7

Verifying that the update was appliedBecause there are several editions of Windows, the following steps may be different in your system. If they are different, see your product documentation to complete these steps. Verifying the file version

  1. Click Start, and then type an update file name in the Start Search box.

  2. When the file appears under Programs, right-click the file name, and then click Properties.

  3. On the General tab, compare the file size with the file information tables that are provided in the Knowledge Base article. Note Depending on the edition of the operating system or the programs that are installed in your system, some files that are listed in the file information table may not be installed.

  4. You can also click the Details tab to compare information, such as file version and date changed, with the file information tables that are provided in the Knowledge Base article. Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files may be renamed during installation. If the file or version information does not exist, use one of the other available methods to verify update installation.

  5. Finally, you can also click the Previous Versions tab, and then compare file information for the earlier version of the file with the file information for the new or updated version of the file.

Help for installing updates: Support for Microsoft UpdateSecurity solutions for IT professionals: TechNet Security Troubleshooting and SupportHelp for protecting your Windows-based computer from viruses and malware: Virus Solution and Security CenterLocal support according to your country: International Support

File Information

File name

SHA1 hash

SHA256 hash

Windows8.1-KB3135782-arm.msu

759BF364FE05705A67414B61BF974CA2A19905D4

51BF87EE1EAA8D556280106011742026452610A4876B1A009D7011F4CA227890

Windows10.0-KB3135782-x86.msu

8FDF7BAC7217BB2808E36001C3E801BCD6EF0E56

99A1BFF72E86EAD9A27DEF0648357451EE09DC6524AFE92D9476058FB91D7601

Windows10.0-KB3135782-x64.msu

CB25B54692A55922AB2A6ED1F932FF4D60844FE9

FD55BB691C4B2F20EC9EB16A4087C298B354029815FC6070C987F59B1994EBE7

Windows8.1-KB3135782-x86.msu

BB5EF5E18AC46CC7E9C0D923F9987EA2FCED6A81

498AC506D93640A354D4B5649EA26C15C14FB1711C69A5835150E338BBFB8313

Windows8.1-KB3135782-x64.msu

9F0F8AE7ADD183CC68D31B38AC1F1625452F4133

EDB95D49796D47533FE04A14C5317F356BA50E0DADC7EC0014ACF08EBE4556C3

Windows8-RT-KB3135782-x64.msu

EACED4A6D363A0D8CE35BF80A81B7EAB66591C00

05B053917E9451C6971E29981BBA5CD4CC6F909F392F294FCB704B6697994F62

Windows10.0-KB3135782-x86.msu (version 1511)

DFBC40FD54720B89281A9E4EF99B247F763E36D4

DA2EA9ADED478A48FD544A25B9A9B0EF0380DBC4CDFDE56759710964851D1A30

Windows10.0-KB3135782-x64.msu (version 1511)

7600ED9C6F42E0F9E2D31B27DF67FF5E267EFCD3

E7CB3FE9288DC3046DB56D1A22FD023A225AAFDF21D621DF98B02270E8936AB8

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 (version 1511) file information

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

641,938

03-Feb-2016

19:01

Not applicable

Flash.ocx

20.0.0.306

19,963,896

03-Feb-2016

19:01

x86

Flashplayerapp.exe

20.0.0.306

828,920

03-Feb-2016

19:01

x86

Flashplayercplapp.cpl

20.0.0.306

176,632

03-Feb-2016

19:01

Not applicable

Flashutil_activex.dll

20.0.0.306

560,120

03-Feb-2016

19:01

x86

Flashutil_activex.exe

20.0.0.306

1,220,600

03-Feb-2016

19:01

x86

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

148,770

03-Feb-2016

19:01

Not applicable

Flash.ocx

20.0.0.306

25,924,088

03-Feb-2016

19:01

x64

Flashutil_activex.dll

20.0.0.306

631,800

03-Feb-2016

19:01

x64

Flashutil_activex.exe

20.0.0.306

886,264

03-Feb-2016

19:01

x64

Activex.vch

Not applicable

641,938

03-Feb-2016

19:01

Not applicable

Flash.ocx

20.0.0.306

19,963,896

03-Feb-2016

19:01

x86

Flashplayerapp.exe

20.0.0.306

828,920

03-Feb-2016

19:01

x86

Flashplayercplapp.cpl

20.0.0.306

176,632

03-Feb-2016

19:01

Not applicable

Flashutil_activex.dll

20.0.0.306

560,120

03-Feb-2016

19:01

x86

Flashutil_activex.exe

20.0.0.306

1,220,600

03-Feb-2016

19:01

x86

Windows 10 file information

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

641,938

02-Feb-2016

22:47

Not applicable

Flash.ocx

20.0.0.306

19,963,896

02-Feb-2016

22:47

x86

Flashplayerapp.exe

20.0.0.306

828,920

02-Feb-2016

22:47

x86

Flashplayercplapp.cpl

20.0.0.306

176,632

02-Feb-2016

22:47

Not applicable

Flashutil_activex.dll

20.0.0.306

560,120

02-Feb-2016

22:47

x86

Flashutil_activex.exe

20.0.0.306

1,220,600

02-Feb-2016

22:47

x86

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

148,770

02-Feb-2016

22:47

Not applicable

Flash.ocx

20.0.0.306

25,924,088

02-Feb-2016

22:47

x64

Flashutil_activex.dll

20.0.0.306

631,800

02-Feb-2016

22:47

x64

Flashutil_activex.exe

20.0.0.306

886,264

02-Feb-2016

22:47

x64

Activex.vch

Not applicable

641,938

02-Feb-2016

22:47

Not applicable

Flash.ocx

20.0.0.306

19,963,896

02-Feb-2016

22:47

x86

Flashplayerapp.exe

20.0.0.306

828,920

02-Feb-2016

22:47

x86

Flashplayercplapp.cpl

20.0.0.306

176,632

02-Feb-2016

22:47

Not applicable

Flashutil_activex.dll

20.0.0.306

560,120

02-Feb-2016

22:47

x86

Flashutil_activex.exe

20.0.0.306

1,220,600

02-Feb-2016

22:47

x86

Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.3.960 0.17 xxx

    Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

    RTM

    GDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported ARM-based versions

File name

File version

File size

Date

Time

Platform

Flash.ocx

20.0.0.306

17,276,920

02-Feb-2016

02:37

Not applicable

Flashplayerapp.exe

20.0.0.306

809,464

02-Feb-2016

02:37

Not applicable

Flashplayercplapp.cpl

20.0.0.306

162,296

02-Feb-2016

02:37

Not applicable

Flashutil_activex.dll

20.0.0.306

507,896

02-Feb-2016

02:37

Not applicable

Flashutil_activex.exe

20.0.0.306

766,968

02-Feb-2016

02:37

Not applicable

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

641,938

02-Feb-2016

02:37

Not applicable

Flash.ocx

20.0.0.306

19,963,896

02-Feb-2016

02:37

x86

Flashplayerapp.exe

20.0.0.306

828,920

02-Feb-2016

02:37

x86

Flashplayercplapp.cpl

20.0.0.306

176,632

02-Feb-2016

02:37

Not applicable

Flashutil_activex.dll

20.0.0.306

560,120

02-Feb-2016

02:37

x86

Flashutil_activex.exe

20.0.0.306

1,220,600

02-Feb-2016

02:37

x86

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

148,770

02-Feb-2016

02:37

Not applicable

Flash.ocx

20.0.0.306

25,924,088

02-Feb-2016

02:37

x64

Flashutil_activex.dll

20.0.0.306

631,800

02-Feb-2016

02:37

x64

Flashutil_activex.exe

20.0.0.306

886,264

02-Feb-2016

02:37

x64

Activex.vch

Not applicable

641,938

02-Feb-2016

02:37

Not applicable

Flash.ocx

20.0.0.306

19,963,896

02-Feb-2016

02:37

x86

Flashplayerapp.exe

20.0.0.306

828,920

02-Feb-2016

02:37

x86

Flashplayercplapp.cpl

20.0.0.306

176,632

02-Feb-2016

02:37

Not applicable

Flashutil_activex.dll

20.0.0.306

560,120

02-Feb-2016

02:37

x86

Flashutil_activex.exe

20.0.0.306

1,220,600

02-Feb-2016

02:37

x86

Windows Server 2012 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.17xxx

    Windows 8, Windows RT, or Windows Server 2012

    RTM

    GDR

    6.2.920 0.21xxx

    Windows 8, Windows RT, or Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

148,770

02-Feb-2016

06:54

Not applicable

Flash.ocx

20.0.0.306

25,923,552

02-Feb-2016

06:54

x64

Flashutil_activex.dll

20.0.0.306

631,264

02-Feb-2016

06:54

x64

Flashutil_activex.exe

20.0.0.306

885,728

02-Feb-2016

06:54

x64

Activex.vch

Not applicable

148,770

02-Feb-2016

06:55

Not applicable

Flash.ocx

20.0.0.306

25,923,552

02-Feb-2016

06:55

x64

Flashutil_activex.dll

20.0.0.306

631,264

02-Feb-2016

06:55

x64

Flashutil_activex.exe

20.0.0.306

885,728

02-Feb-2016

06:55

x64

Activex.vch

Not applicable

641,938

02-Feb-2016

06:54

Not applicable

Flash.ocx

20.0.0.306

19,963,360

02-Feb-2016

06:54

x86

Flashplayerapp.exe

20.0.0.306

828,384

02-Feb-2016

06:54

x86

Flashplayercplapp.cpl

20.0.0.306

176,096

02-Feb-2016

06:54

Not applicable

Flashutil_activex.dll

20.0.0.306

559,576

02-Feb-2016

06:54

x86

Flashutil_activex.exe

20.0.0.306

1,220,064

02-Feb-2016

06:54

x86

Activex.vch

Not applicable

641,938

02-Feb-2016

06:55

Not applicable

Flash.ocx

20.0.0.306

19,963,360

02-Feb-2016

06:55

x86

Flashplayerapp.exe

20.0.0.306

828,384

02-Feb-2016

06:55

x86

Flashplayercplapp.cpl

20.0.0.306

176,096

02-Feb-2016

06:55

Not applicable

Flashutil_activex.dll

20.0.0.306

559,576

02-Feb-2016

06:55

x86

Flashutil_activex.exe

20.0.0.306

1,220,064

02-Feb-2016

06:55

x86

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.