Deploy Adobe Flash Player Update using SCCM/MEMCM or Microsoft Intune – KB4577586
Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.
Benoit Lecours
PresidentTable of Content
Get the latest insights and exclusive content delivered to your inbox
Share
On October 27th, 2020, Microsoft released an update to definitively remove Adobe Flash Player (KB4577586) from all Windows 8.1+ and Windows 10 1607+ Operating System.
This important update is needed for Adobe Flash end of support on December 31, 2020. For now, the only way to deploy his Adobe Flash Player update to your devices is by using SCCM. The update has not been released to Windows Update yet. This means that if you want to use your SCCM Update Point to deploy it, you’ll have to manually import the update first and then create a software update synchronization.
This post will describe every step you need to take in order to Deploy Adobe Flash Player Update to Windows 10 using SCCM/MEMCM or Microsoft Intune.
Here’s the important information you need to know :
- Applying this update will remove Adobe Flash Player from your Windows device
- After this update has been applied, this update cannot be uninstalled
- Microsoft warns that if another security update for Adobe Flash Player is released, customers who take this removal update will still be offered the security update.
The only way to restore Adobe Flash Player after this update is to use a System Restore or reinstall the OS
Downloading the Update
The first step to do add the Adobe Flash Update to your SCCM server or Intune Tenant is to manually download the Adobe Flash update (KB4577586).
For now, it’s not possible to import the update directly in your WSUS. We’ve tried it and get this error.
- Connect to your primary SCCM Server
- Open the Microsoft Update Catalog Web Site
- Type in the hotfix number (4577586) in the search field and click on Search
- In the Search Result, Click on Add for every patch you wish to add to WSUS. In my example, I only needed it for Windows 10 1903, so that’s the one I added. When you are done, press View Basket at the top
- Confirm your choice in your basket and finally, uncheck Import directly into Windows Server Update Services checkbox and click on Download
- Select a download location for the .MSU file. We suggest to save it in your SCCM File Repository as we’ll create a package with it
- You can now close your browser window
If you need the Microsoft Intune Instructions, just skip directly to the Intune section
Create the SCCM Package
We will now create the SCCM Package to deploy this MSU file. Package are soooo 2012, it’s true but in that case, it’s so simple that why add the complexity of creating an application.
- Open the SCCM Console
- Go to Software Library\ Application Management \ Packages
- Right-click and select Create Package
- Select Standard Program, click Next
- Enter a Name for your program and description. Check the This program contains source files. Point your source file on the path you saved the MSU file.
- Enter this as a command line : (change the patch name if you are using another version. We are using Windows 10 1903). You can refer to the Microsoft Documentation for more installation options
- wusa.exe “windows10.0-kb4577586-x64_ec16e118cd8b99df185402c7a0c65a31e031a6f0” /quiet /norestart
- Program can run : Whether or not a user is logged on
- Keep everything else default, click Next
- In the Requirement window, select Windows 10 64bits. Adjust to your Windows version if needed.
- Review and Complete the wizard
- Now, let’s distribute the files to our Distribution Points
- Right-Click your package and select Distribute Content
- Add your prefered Distribution Point and complete the wizard
- We will now deploy the Adobe Flash Update to a Windows 10 1903 machine
- Click on the Program tab at the bottom, select the program for your package and select Deploy
- Select a Collection to deploy your Adobe Update, click Next
- On the deployment setting, select your Purpose. We select Required as we want it to run automatically.
- Set your desired schedule
- In User Experience, we decided to skip Maintenance Windows
- Complete the Wizard
Testing the Adobe Flash Update
We will now test our deployment.
On a Windows 10 Machine, refresh the Machine Policy and wait for the program to execute. You won’t see anything as this is a silent installation.
You can monitor the installation in C:\Windows\CCM\Logs\Execmgr.log.
We are looking for an installation exit code 0 :
Adobe Flash Update deployment using Intune
If you want to deploy the Adobe Flash Update using intune, you must use the Win32 App installation method.
We won’t describe it from the start to the end since our previous blog post is pretty clear.
Here’s the important information to consider :
- Use the Microsoft Win32 Content Prep Tool to convert the .msu file into the .intunewin format.
- The installation command line will be : (change the patch name if you are using another version. We are using Windows 10 1903).
- wusa.exe “windows10.0-kb4577586-x64_ec16e118cd8b99df185402c7a0c65a31e031a6f0” /quiet /norestart -Wait
- Uninstall command: wusa.exe /uninstall /kb:4577586 /quiet
- As a detection rule, use custom detection script :
$result = systeminfo.exe | findstr KB4577586
if ($result)
{
Write-Output "Found KB4577586"
exit 0
}
else
{
exit 1
}Adobe Flash Update SCCM Intune Monitoring
Once you’ve deployed the Adobe Flash Update to your devices. There’s a couple of ways to monitor which machine has the KB4577586 applied.
You can use CMPivot to have live results, using this query :
SoftwareUpdate | summarize countif( (KBArticleIDs == ‘KB4577586’) ) by Device | where (countif_ > 0)
Share
Get the latest insights and exclusive content delivered to your inbox
Only authorized users can leave comments
Log In