MS16-154: Security update for Adobe Flash Player: December 13, 2016

Summary

This security update resolves vulnerabilities in Adobe Flash Player if it is installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-154.

More Information

Important

  • All future security and non-security updates for Windows Server 2012 R2, Windows 8.1, and Windows RT 8.1 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows Server 2012 R2-based, Windows 8.1-based, or Windows RT 8.1-based, or computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you require before you install this update. For more information, see Add language packs to Windows.

  • This security update applies to the Windows operating systems that are listed in the "Applies to" section in this article. If you want to install Adobe Flash Player update on an earlier version of Windows, try Adobe Flash Player Download.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More Information


Security CentralYou can manage the software and security updates that you have to deploy to the servers, desktops, and mobile systems in your organization. For more information, see the TechNet Update Management Center. The
Microsoft TechNet Security website provides more information about security in Microsoft products.

You can download security updates from the
Microsoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content that is made available through Windows Update and Microsoft Update. This includes security updates, drivers, and service packs. For more information about the Microsoft Update Catalog, see the
Microsoft Update Catalog FAQ.

Detection and deployment guidanceMicrosoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, see
Microsoft Knowledge Base article 961747.

Microsoft Baseline Security AnalyzerMicrosoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates and common security misconfigurations. For more information, see
Microsoft Baseline Security Analyzer.

Note Customers who use legacy software that is not supported by the latest release of MBSA, Microsoft Update, or Windows Server Update Services should see the "Legacy Product Support" section of Microsoft Baseline Security Analyzer. Here, you can find information about how to create comprehensive security update detection by using legacy tools.

Windows Server Update ServicesWindows Server Update Services (WSUS) lets information technology administrators deploy the latest Microsoft product updates to computers that are running Windows. For more information about how to deploy security updates by using Windows Server Update Services, see the following Microsoft TechNet topic:

Windows Server Update Services

Systems Management ServerThe following table provides the Microsoft Systems Management Server (SMS) detection and deployment summary for this security update.


Software

SMS 2003 with ITMU

System Center Configuration Manager

Windows 8.1 for 32-bit systems

No

Yes

Windows 8.1 for 64-bit systems

No

Yes

Windows Server 2012 and Windows Server 2012 R2

No

Yes



Note Microsoft discontinued support for SMS 2.0 on April 12, 2011. For SMS 2003, Microsoft also discontinued support for the Security Update Inventory Tool (SUIT) on April 12, 2011. Customers are encouraged to upgrade to System Center Configuration Manager.

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are supported by
Windows Server Update Services. For more information, see Systems Management Server 2003.

System Center Configuration Manager uses WSUS 3.0 to detect updates. For more information, see System Center.

For more detailed information, see Microsoft Knowledge Base article 910723: Summary list of monthly detection and deployment guidance articles.

Update Compatibility Evaluator and Application Compatibility Toolkit

Updates frequently write to the same files and registry settings that are required for your applications to run. This can trigger incompatibilities and increase the time that is required to deploy security updates. You can streamline the testing and validation of Windows updates against installed applications by using the Update Compatibility Evaluator components that are included in the Application Compatibility Toolkit (ACT).

The Application Compatibility Toolkit contains the necessary tools and documentation to evaluate and decrease application compatibility issues before you deploy Windows Vista, a Windows update, a Microsoft Security update, or a new version of Windows Internet Explorer in your environment.



Windows 8.1 (all editions)

Reference tableThe following table contains the security update information for this software. You can find more information in the "Deployment information" section.

Deployment

Information

For Adobe Flash Player in Internet Explorer 11 on all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3209498-x86.msu /quiet

For Adobe Flash Player in Internet Explorer 11 on all supported x64-based editions of Windows 8.1:
Windows8.1-KB3209498-x64.msu /quiet

For Adobe Flash Player in Internet Explorer 11 on all supported 32-bit editions of Windows 8.1:

Windows8.1-KB3209498-x86.msu /quiet /norestart

For Adobe Flash Player in Internet Explorer 11 on all supported x64-based editions of Windows 8.1:

Windows8.1-KB3209498-x64.msu /quiet /norestart

More information

See the "Detection and deployment tools and guidance" subsection.

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update requires a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, you should stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see
Microsoft Knowledge Base article 887012.

Hotpatching

Not applicable

Removal information

To uninstall an update that was installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

Registry key verification

There is no registry key to validate the presence of this update.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.



Deployment information

Installing the updateWhen you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.

For more information about the terminology, such as "hotfix," that appears in this Knowledge Base article, see Microsoft Knowledge Base article 824684.

This security update supports the following installation switches.


Switch

Description

/?, /h, /help

Displays help about supported switches.

/quiet

Suppresses the display of status or error messages.

/norestart

When it is combined with /quiet, the system is not restarted after installation even if a restart is required to complete installation.

/warnrestart:<seconds>

When it is combined with /quiet, the installer warns the user before it begins the restart.

/promptrestart

When it is combined with /quiet, the installer prompts the user before it begins the restart.

/forcerestart

When it is combined with /quiet, the installer forcibly closes applications and begins the restart.

/log:<file name>

Enables logging to the specified file.

/extract:<destination>

Extracts the package contents to the destination folder.

/uninstall /kb:<KB number>

Uninstalls the security update.



Note For more information about the Wusa.exe installer, see the "Windows Update Stand-alone Installer" section in the following TechNet topic:

Miscellaneous Changes in Windows 7

Verifying that the update was appliedBecause there are several editions of Windows, the following steps may be different on your system. If they are different, see your product documentation to complete these steps.

Verifying the file version

  1. Click Start, and then type an update file name in the Search box.

  2. When the file appears under Programs, right-click the file name, and then click Properties.

  3. On the General tab, compare the file size to the size that is listed in the file information tables that are provided in this Knowledge Base article.

    Note Depending on the edition of the operating system or the programs that are installed on your system, some files that are listed in the file information table may not be installed.

  4. You can also click the Details tab to compare such information as file version and date changed to the information that is listed in the file information tables that are provided in the Knowledge Base article.

    Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files are renamed during installation. If the file or version information does not exist, use one of the other available methods to verify update installation.

  5. You can also click the Previous Versions tab to compare file information for the earlier version of the file to the file information for the new, or updated, version of the file.



Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference tableThe following table contains the security update information for this software. You can find more information in the "Deployment information" subsection in this section.


Deployment

Information

Installing without requiring user intervention

For Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:
Windows8-RT-KB3209498-x64.msu /quiet

For Adobe Flash Player in Internet Explorer 11 on all supported editions of Windows Server 2012 R2:

Windows8.1-KB3209498-x64.msu /quiet

Installing without restarting

For Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:
Windows8-RT-KB3209498-x64.msu /quiet /norestart

For Adobe Flash Player in Internet Explorer 11 on all supported editions of Windows Server 2012 R2:

Windows8.1-KB3209498-x64.msu /quiet /norestart

More information

See the "Detection and deployment tools and Guidance" subsection.

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update requires a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, you should stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Hotpatching

Not applicable

Removal information

To uninstall an update that was installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

Registry key verification

There is no registry key to validate the presence of this update.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.



Deployment information

Installing the updateWhen you install this security update, the installer checks whether one or more of the files that are being updated on your system were previously updated by a Microsoft hotfix.

For more information about the terminology, such as "hotfix," that appears in this Knowledge Base article, see Microsoft Knowledge Base article 824684.

This security update supports the following installation switches.


Switch

Description

/?, /h, /help

Displays help about supported switches.

/quiet

Suppresses the display of status or error messages.

/norestart

When it is combined with/quiet, the system does not restart after the installation even if a restart is required to complete installation.

/warnrestart:<seconds>

When it is combined with /quiet, the installer warns the user before it begins the restart.

/promptrestart

When it is combined with /quiet, the installer prompts the user before it begins the restart.

/forcerestart

When it is combined with /quiet, the installer forcibly closes applications and begins the restart.

/log:<file name>

Enables logging to the specified file.

/extract:<destination>

Extracts the package contents to the destination folder.

/uninstall /kb:<KB number>

Uninstalls the security update.



Note For more information about the Wusa.exe installer, see "Windows Update Stand-alone Installer" in the following Microsoft TechNet topic:

Miscellaneous Changes in Windows 7

Verifying that the update was appliedBecause there are several editions of Windows, the following steps may be different on your system. If they are different, see your product documentation to complete these steps.

Verifying the file version

  1. Click Start, and then type an update file name in the Start Search box.

  2. When the file appears under Programs, right-click the file name, and then click Properties.

  3. On the General tab, compare the file size to the file size that is listed in the file information tables that are provided in the Knowledge Base article.

    Note Depending on the edition of the operating system or the programs that are installed in your system, some files that are listed in the file information table may not be installed.

  4. You can also click the Details tab to compare such information as file version and date changed to the information that is listed in the file information tables that are provided in the Knowledge Base article.

    Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files may be renamed during installation. If the file or version information does not exist, use one of the other available methods to verify update installation.

  5. You can also click the Previous Versions tab, and then compare file information for the earlier version of the file to the file information for the new or updated version of the file.


Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Windows 8.1 and Windows Server 2012 R2 file information

File name

SHA1 hash

SHA256 hash

Windows8.1-KB3209498-x64.msu

0F111BC1B57F18E45DCCE01A73D4E209E17B817F

8FEDCEBFFB71A200DEFA261945BF4D02624DCFFB310908DB705D0B18D7C26EBD

Windows8.1-KB3209498-arm.msu

D8166EC9FF20CD29CA85C27BC26B0DBB77E0C4E3

B3BA82F310C4118A0CA1960CE794E90EBAD0882ECB9F177C9D71E159CB790D0C

Windows8.1-KB3209498-x86.msu

0E3B1A4F9AAC4378FB7E7FF3D0A8AFF1D14631CC

0ECB9AEA8324A9B21CF3CC2C60FA84D09B4906C8E2A54F021EE7CA789994B9F1


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 file information

Notes: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

161,206

11-Dec-2016

23:00

Not applicable

Flash.ocx

24.0.0.186

28,313,080

11-Dec-2016

23:00

x64

Flashutil_activex.dll

24.0.0.186

697,336

11-Dec-2016

23:00

x64

Flashutil_activex.exe

24.0.0.186

964,600

11-Dec-2016

23:00

x64

Activex.vch

Not applicable

740,110

11-Dec-2016

23:00

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:00

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:00

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:00

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:00

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:00

x86

For all supported ARM-based versions

File name

File version

File size

Date

Time

Platform

Flash.ocx

24.0.0.186

18,848,248

11-Dec-2016

23:00

Not applicable

Flashplayerapp.exe

24.0.0.186

814,584

11-Dec-2016

23:00

Not applicable

Flashplayercplapp.cpl

24.0.0.186

163,320

11-Dec-2016

23:00

Not applicable

Flashutil_activex.dll

24.0.0.186

540,152

11-Dec-2016

23:00

Not applicable

Flashutil_activex.exe

24.0.0.186

824,312

11-Dec-2016

23:00

Not applicable

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

740,110

11-Dec-2016

23:00

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:00

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:00

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:00

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:00

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:00

x86


Windows 10 RTM file information

File name

SHA1 hash

SHA256 hash

Windows10.0-KB3209498-x64.msu

2C7B42CDFBAAAEC1A33FD9E178E82FF339DE3339

81F82E02AB770A2CE5CC72E296F1234B4D11EA4665D73A31CB1BC1BD1143B8F7

Windows10.0-KB3209498-x86.msu

AED11785F87D250E11EDB2D65865CF64228CE18D

640A6F9A00506708C4FBD7C8B02CDEDCFB0999667B3CCDF050581BD1B5C55178


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

161,206

11-Dec-2016

23:02

Not applicable

Flash.ocx

24.0.0.186

28,313,080

11-Dec-2016

23:02

x64

Flashutil_activex.dll

24.0.0.186

697,336

11-Dec-2016

23:02

x64

Flashutil_activex.exe

24.0.0.186

964,600

11-Dec-2016

23:02

x64

Activex.vch

Not applicable

740,110

11-Dec-2016

23:02

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:02

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:02

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:02

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:02

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:02

x86

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

740,110

11-Dec-2016

23:02

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:02

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:02

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:02

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:02

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:02

x86


Windows 10 Version 1511 file information

File name

SHA1 hash

SHA256 hash

Windows10.0-KB3209498-x64.msu

9D113D46069745052FE8A705029F1D5285E2417E

6721489816ED162FEB0976209E2D8B64531440D483010E963533E63F963C30E3

Windows10.0-KB3209498-x86.msu

C66F837093E8CFB2813FE72E2E77ECEDFC4742D3

6119C8496AFBB4B456F776488EAD4B94FCC8B55AFC02938821CB1B365F621624


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

161,206

11-Dec-2016

23:03

Not applicable

Flash.ocx

24.0.0.186

28,313,080

11-Dec-2016

23:03

x64

Flashutil_activex.dll

24.0.0.186

697,336

11-Dec-2016

23:03

x64

Flashutil_activex.exe

24.0.0.186

964,600

11-Dec-2016

23:03

x64

Activex.vch

Not applicable

740,110

11-Dec-2016

23:03

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:03

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:03

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:03

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:03

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:03

x86

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

740,110

11-Dec-2016

23:03

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:03

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:03

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:03

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:03

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:03

x86


Windows 10 Version 1607 and Windows Server 2016 file information

File name

SHA1 hash

SHA256 hash

Windows10.0-KB3209498-x64.msu

3B7904AAF59958AFFA7F48F0FF53EBEEE262AFB1

02FA01752E1D17D60AFDF05F8ED3383C8F66D71E0045C58564F2AF8A8D14C64E

Windows10.0-KB3209498-x86.msu

BAE59DBCF29EABF788A3EF5F870B3306E2182A62

7EED99E4CACBD6DE56F427992C5FD2CB14BDAC268FB49B6FB02376231E5679BE


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

161,206

11-Dec-2016

23:56

Not applicable

Flash.ocx

24.0.0.186

28,313,080

11-Dec-2016

23:56

x64

Flashutil_activex.dll

24.0.0.186

697,336

11-Dec-2016

23:56

x64

Flashutil_activex.exe

24.0.0.186

964,600

11-Dec-2016

23:56

x64

Activex.vch

Not applicable

740,110

11-Dec-2016

23:56

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:56

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:56

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:56

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:56

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:56

x86

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

740,110

11-Dec-2016

23:56

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:56

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:56

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:56

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:56

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:56

x86


Windows Server 2016 Windows Server 2016 TP5 file information

File name

SHA1 hash

SHA256 hash

Windows10.0-KB3209498-x64.msu

F3B3015F24ECDEE5A8E1C64F7062265A8E0AF5F6

69261F25AA7CBD4091770CF0A4888198891DD5004F81BBFB532A285FD0EE8497


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Activex.vch

Not applicable

161,206

11-Dec-2016

23:08

Not applicable

Flash.ocx

24.0.0.186

28,313,080

11-Dec-2016

23:08

x64

Flashutil_activex.dll

24.0.0.186

697,336

11-Dec-2016

23:08

x64

Flashutil_activex.exe

24.0.0.186

964,600

11-Dec-2016

23:08

x64

Activex.vch

Not applicable

740,110

11-Dec-2016

23:08

Not applicable

Flash.ocx

24.0.0.186

21,883,384

11-Dec-2016

23:08

x86

Flashplayerapp.exe

24.0.0.186

835,576

11-Dec-2016

23:08

x86

Flashplayercplapp.cpl

24.0.0.186

177,656

11-Dec-2016

23:08

Not applicable

Flashutil_activex.dll

24.0.0.186

615,416

11-Dec-2016

23:08

x86

Flashutil_activex.exe

24.0.0.186

1,342,968

11-Dec-2016

23:08

x86


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×