Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. MS16-154: Security update for Adobe Flash Player: December 13, 2016

MS16-154: Security update for Adobe Flash Player: December 13, 2016

Summary

This security update resolves vulnerabilities in Adobe Flash Player if it is installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-154.

↑ Back to the top

More Information

Important

  • All future security and non-security updates for Windows Server 2012 R2, Windows 8.1, and Windows RT 8.1 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows Server 2012 R2-based, Windows 8.1-based, or Windows RT 8.1-based, or computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you require before you install this update. For more information, see Add language packs to Windows.
  • This security update applies to the Windows operating systems that are listed in the "Applies to" section in this article. If you want to install Adobe Flash Player update on an earlier version of Windows, try Adobe Flash Player Download.

↑ Back to the top

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

↑ Back to the top

More Information

Detection and deployment tools and guidance

Security Central

You can manage the software and security updates that you have to deploy to the servers, desktops, and mobile systems in your organization. For more information, see the TechNet Update Management Center. The
Microsoft TechNet Security website provides more information about security in Microsoft products.

You can download security updates from the
Microsoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content that is made available through Windows Update and Microsoft Update. This includes security updates, drivers, and service packs. For more information about the Microsoft Update Catalog, see the
Microsoft Update Catalog FAQ.

Detection and deployment guidance

Microsoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, see
Microsoft Knowledge Base article 961747.

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates and common security misconfigurations. For more information, see
Microsoft Baseline Security Analyzer.

Note Customers who use legacy software that is not supported by the latest release of MBSA, Microsoft Update, or Windows Server Update Services should see the "Legacy Product Support" section of Microsoft Baseline Security Analyzer. Here, you can find information about how to create comprehensive security update detection by using legacy tools.

Windows Server Update Services

Windows Server Update Services (WSUS) lets information technology administrators deploy the latest Microsoft product updates to computers that are running Windows. For more information about how to deploy security updates by using Windows Server Update Services, see the following Microsoft TechNet topic:
Windows Server Update Services

Systems Management Server

The following table provides the Microsoft Systems Management Server (SMS) detection and deployment summary for this security update.


SoftwareSMS 2003 with ITMUSystem Center Configuration Manager
Windows 8.1 for 32-bit systems NoYes
Windows 8.1 for 64-bit systemsNoYes
Windows Server 2012 and Windows Server 2012 R2NoYes


Note Microsoft discontinued support for SMS 2.0 on April 12, 2011. For SMS 2003, Microsoft also discontinued support for the Security Update Inventory Tool (SUIT) on April 12, 2011. Customers are encouraged to upgrade to System Center Configuration Manager.

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are supported by
Windows Server Update Services. For more information, see Systems Management Server 2003.

System Center Configuration Manager uses WSUS 3.0 to detect updates. For more information, see System Center.

For more detailed information, see Microsoft Knowledge Base article 910723: Summary list of monthly detection and deployment guidance articles.

Update Compatibility Evaluator and Application Compatibility Toolkit

Updates frequently write to the same files and registry settings that are required for your applications to run. This can trigger incompatibilities and increase the time that is required to deploy security updates. You can streamline the testing and validation of Windows updates against installed applications by using the Update Compatibility Evaluator components that are included in the Application Compatibility Toolkit (ACT).

The Application Compatibility Toolkit contains the necessary tools and documentation to evaluate and decrease application compatibility issues before you deploy Windows Vista, a Windows update, a Microsoft Security update, or a new version of Windows Internet Explorer in your environment.

Security update deployment


Windows 8.1 (all editions)



Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" section.

DeploymentInformation
For Adobe Flash Player in Internet Explorer 11 on all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3209498-x86.msu /quiet
For Adobe Flash Player in Internet Explorer 11 on all supported x64-based editions of Windows 8.1:
Windows8.1-KB3209498-x64.msu /quiet
For Adobe Flash Player in Internet Explorer 11 on all supported 32-bit editions of Windows 8.1:

Windows8.1-KB3209498-x86.msu /quiet /norestart
For Adobe Flash Player in Internet Explorer 11 on all supported x64-based editions of Windows 8.1:

Windows8.1-KB3209498-x64.msu /quiet /norestart
More informationSee the "Detection and deployment tools and guidance" subsection.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update requires a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, you should stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see
Microsoft Knowledge Base article 887012.
HotpatchingNot applicable
Removal informationTo uninstall an update that was installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.
Registry key verificationThere is no registry key to validate the presence of this update.
Inclusion in future service packsThe update for this issue will be included in a future service pack or update rollup.


Deployment information

Installing the update
When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix.

For more information about the terminology, such as "hotfix," that appears in this Knowledge Base article, see Microsoft Knowledge Base article 824684.

This security update supports the following installation switches.


SwitchDescription
/?, /h, /helpDisplays help about supported switches.
/quietSuppresses the display of status or error messages.
/norestartWhen it is combined with /quiet, the system is not restarted after installation even if a restart is required to complete installation.
/warnrestart:<seconds>When it is combined with /quiet, the installer warns the user before it begins the restart.
/promptrestartWhen it is combined with /quiet, the installer prompts the user before it begins the restart.
/forcerestartWhen it is combined with /quiet, the installer forcibly closes applications and begins the restart.
/log:<file name>Enables logging to the specified file.
/extract:<destination>Extracts the package contents to the destination folder.
/uninstall /kb:<KB number>Uninstalls the security update.


Note For more information about the Wusa.exe installer, see the "Windows Update Stand-alone Installer" section in the following TechNet topic:
Miscellaneous Changes in Windows 7
Verifying that the update was applied
Because there are several editions of Windows, the following steps may be different on your system. If they are different, see your product documentation to complete these steps.

Verifying the file version

  1. Click Start, and then type an update file name in the Search box.
  2. When the file appears under Programs, right-click the file name, and then click Properties.
  3. On the General tab, compare the file size to the size that is listed in the file information tables that are provided in this Knowledge Base article.

    Note Depending on the edition of the operating system or the programs that are installed on your system, some files that are listed in the file information table may not be installed.
  4. You can also click the Details tab to compare such information as file version and date changed to the information that is listed in the file information tables that are provided in the Knowledge Base article.

    Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files are renamed during installation. If the file or version information does not exist, use one of the other available methods to verify update installation.
  5. You can also click the Previous Versions tab to compare file information for the earlier version of the file to the file information for the new, or updated, version of the file.


Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference table
The following table contains the security update information for this software. You can find more information in the "Deployment information" subsection in this section.


DeploymentInformation
Installing without requiring user interventionFor Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:
Windows8-RT-KB3209498-x64.msu /quiet
For Adobe Flash Player in Internet Explorer 11 on all supported editions of Windows Server 2012 R2:

Windows8.1-KB3209498-x64.msu /quiet
Installing without restartingFor Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows Server 2012:
Windows8-RT-KB3209498-x64.msu /quiet /norestart
For Adobe Flash Player in Internet Explorer 11 on all supported editions of Windows Server 2012 R2:

Windows8.1-KB3209498-x64.msu /quiet /norestart
More informationSee the "Detection and deployment tools and Guidance" subsection.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update requires a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, you should stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
HotpatchingNot applicable
Removal informationTo uninstall an update that was installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.
Registry key verificationThere is no registry key to validate the presence of this update.
Inclusion in future service packsThe update for this issue will be included in a future service pack or update rollup.


Deployment information

Installing the update
When you install this security update, the installer checks whether one or more of the files that are being updated on your system were previously updated by a Microsoft hotfix.

For more information about the terminology, such as "hotfix," that appears in this Knowledge Base article, see Microsoft Knowledge Base article 824684.

This security update supports the following installation switches.


SwitchDescription
/?, /h, /helpDisplays help about supported switches.
/quietSuppresses the display of status or error messages.
/norestartWhen it is combined with/quiet, the system does not restart after the installation even if a restart is required to complete installation.
/warnrestart:<seconds>When it is combined with /quiet, the installer warns the user before it begins the restart.
/promptrestartWhen it is combined with /quiet, the installer prompts the user before it begins the restart.
/forcerestartWhen it is combined with /quiet, the installer forcibly closes applications and begins the restart.
/log:<file name>Enables logging to the specified file.
/extract:<destination>Extracts the package contents to the destination folder.
/uninstall /kb:<KB number>Uninstalls the security update.


Note For more information about the Wusa.exe installer, see "Windows Update Stand-alone Installer" in the following Microsoft TechNet topic:
Miscellaneous Changes in Windows 7
Verifying that the update was applied
Because there are several editions of Windows, the following steps may be different on your system. If they are different, see your product documentation to complete these steps.

Verifying the file version

  1. Click Start, and then type an update file name in the Start Search box.
  2. When the file appears under Programs, right-click the file name, and then click Properties.
  3. On the General tab, compare the file size to the file size that is listed in the file information tables that are provided in the Knowledge Base article.

    Note Depending on the edition of the operating system or the programs that are installed in your system, some files that are listed in the file information table may not be installed.
  4. You can also click the Details tab to compare such information as file version and date changed to the information that is listed in the file information tables that are provided in the Knowledge Base article.

    Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update was applied. Also, in certain cases, files may be renamed during installation. If the file or version information does not exist, use one of the other available methods to verify update installation.
  5. You can also click the Previous Versions tab, and then compare file information for the earlier version of the file to the file information for the new or updated version of the file.

How to obtain help and support for this security update
Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top

Windows 8.1 and Windows Server 2012 R2 file information

File hash information
File nameSHA1 hashSHA256 hash
Windows8.1-KB3209498-x64.msu0F111BC1B57F18E45DCCE01A73D4E209E17B817F8FEDCEBFFB71A200DEFA261945BF4D02624DCFFB310908DB705D0B18D7C26EBD
Windows8.1-KB3209498-arm.msuD8166EC9FF20CD29CA85C27BC26B0DBB77E0C4E3B3BA82F310C4118A0CA1960CE794E90EBAD0882ECB9F177C9D71E159CB790D0C
Windows8.1-KB3209498-x86.msu0E3B1A4F9AAC4378FB7E7FF3D0A8AFF1D14631CC0ECB9AEA8324A9B21CF3CC2C60FA84D09B4906C8E2A54F021EE7CA789994B9F1
File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 file information

Notes: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable161,20611-Dec-201623:00Not applicable
Flash.ocx24.0.0.18628,313,08011-Dec-201623:00x64
Flashutil_activex.dll24.0.0.186697,33611-Dec-201623:00x64
Flashutil_activex.exe24.0.0.186964,60011-Dec-201623:00x64
Activex.vchNot applicable740,11011-Dec-201623:00Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:00x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:00x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:00Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:00x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:00x86
For all supported ARM-based versions
File nameFile versionFile sizeDateTimePlatform
Flash.ocx24.0.0.18618,848,24811-Dec-201623:00Not applicable
Flashplayerapp.exe24.0.0.186814,58411-Dec-201623:00Not applicable
Flashplayercplapp.cpl24.0.0.186163,32011-Dec-201623:00Not applicable
Flashutil_activex.dll24.0.0.186540,15211-Dec-201623:00Not applicable
Flashutil_activex.exe24.0.0.186824,31211-Dec-201623:00Not applicable
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable740,11011-Dec-201623:00Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:00x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:00x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:00Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:00x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:00x86

↑ Back to the top

Windows 10 RTM file information

File hash information
File nameSHA1 hashSHA256 hash
Windows10.0-KB3209498-x64.msu2C7B42CDFBAAAEC1A33FD9E178E82FF339DE333981F82E02AB770A2CE5CC72E296F1234B4D11EA4665D73A31CB1BC1BD1143B8F7
Windows10.0-KB3209498-x86.msuAED11785F87D250E11EDB2D65865CF64228CE18D640A6F9A00506708C4FBD7C8B02CDEDCFB0999667B3CCDF050581BD1B5C55178
File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable161,20611-Dec-201623:02Not applicable
Flash.ocx24.0.0.18628,313,08011-Dec-201623:02x64
Flashutil_activex.dll24.0.0.186697,33611-Dec-201623:02x64
Flashutil_activex.exe24.0.0.186964,60011-Dec-201623:02x64
Activex.vchNot applicable740,11011-Dec-201623:02Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:02x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:02x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:02Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:02x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:02x86
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable740,11011-Dec-201623:02Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:02x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:02x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:02Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:02x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:02x86

↑ Back to the top

Windows 10 Version 1511 file information

File hash information
File nameSHA1 hashSHA256 hash
Windows10.0-KB3209498-x64.msu9D113D46069745052FE8A705029F1D5285E2417E6721489816ED162FEB0976209E2D8B64531440D483010E963533E63F963C30E3
Windows10.0-KB3209498-x86.msuC66F837093E8CFB2813FE72E2E77ECEDFC4742D36119C8496AFBB4B456F776488EAD4B94FCC8B55AFC02938821CB1B365F621624
File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable161,20611-Dec-201623:03Not applicable
Flash.ocx24.0.0.18628,313,08011-Dec-201623:03x64
Flashutil_activex.dll24.0.0.186697,33611-Dec-201623:03x64
Flashutil_activex.exe24.0.0.186964,60011-Dec-201623:03x64
Activex.vchNot applicable740,11011-Dec-201623:03Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:03x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:03x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:03Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:03x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:03x86
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable740,11011-Dec-201623:03Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:03x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:03x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:03Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:03x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:03x86

↑ Back to the top

Windows 10 Version 1607 and Windows Server 2016 file information

File hash information
File nameSHA1 hashSHA256 hash
Windows10.0-KB3209498-x64.msu3B7904AAF59958AFFA7F48F0FF53EBEEE262AFB102FA01752E1D17D60AFDF05F8ED3383C8F66D71E0045C58564F2AF8A8D14C64E
Windows10.0-KB3209498-x86.msuBAE59DBCF29EABF788A3EF5F870B3306E2182A627EED99E4CACBD6DE56F427992C5FD2CB14BDAC268FB49B6FB02376231E5679BE
File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable161,20611-Dec-201623:56Not applicable
Flash.ocx24.0.0.18628,313,08011-Dec-201623:56x64
Flashutil_activex.dll24.0.0.186697,33611-Dec-201623:56x64
Flashutil_activex.exe24.0.0.186964,60011-Dec-201623:56x64
Activex.vchNot applicable740,11011-Dec-201623:56Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:56x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:56x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:56Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:56x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:56x86
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable740,11011-Dec-201623:56Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:56x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:56x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:56Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:56x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:56x86

↑ Back to the top

Windows Server 2016 Windows Server 2016 TP5 file information

File hash information
File nameSHA1 hashSHA256 hash
Windows10.0-KB3209498-x64.msuF3B3015F24ECDEE5A8E1C64F7062265A8E0AF5F669261F25AA7CBD4091770CF0A4888198891DD5004F81BBFB532A285FD0EE8497
File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 10 file information

For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Activex.vchNot applicable161,20611-Dec-201623:08Not applicable
Flash.ocx24.0.0.18628,313,08011-Dec-201623:08x64
Flashutil_activex.dll24.0.0.186697,33611-Dec-201623:08x64
Flashutil_activex.exe24.0.0.186964,60011-Dec-201623:08x64
Activex.vchNot applicable740,11011-Dec-201623:08Not applicable
Flash.ocx24.0.0.18621,883,38411-Dec-201623:08x86
Flashplayerapp.exe24.0.0.186835,57611-Dec-201623:08x86
Flashplayercplapp.cpl24.0.0.186177,65611-Dec-201623:08Not applicable
Flashutil_activex.dll24.0.0.186615,41611-Dec-201623:08x86
Flashutil_activex.exe24.0.0.1861,342,96811-Dec-201623:08x86

↑ Back to the top

Keywords: atdownload, kbbug, kbexpertiseinter, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew, kb, kbfix

↑ Back to the top

Article Info
Article ID : 3209498
Revision : 5
Created on : 4/13/2020
Published on : 4/16/2020
Exists online : False
Views : 74