Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Flash patch management with 7.5

Created: 20 Jun 2014 • Updated: 20 Jun 2014 | 12 comments

In a prior thread I was happy to see that Patch updated my clients from 11 to 12 - https://www-secure.symantec.com/connect/forums/75-patch-management-flash-12

Unfortunately, it doesn't seem to be upgrading clients from 13 to 14.  I pushed APS14-16, and it says my test clients got it, but they are still running 13,0,0,223.

Flash seems to be changing their major version almost monthly at this point.  Shouldn't patch be pushing my clients to 14 versus me having to do it via managed software policy?

Please advise.

Thanks!

Comments 12 CommentsJump to latest comment

cnx_steve's picture

You are correct; it should patch to 14. It does so in our test environment. We have 7.1 in production, and it does so there too. Rather than updating to 14, though, I would prefer to stay on 13 as that is the new extended service release, but that does not appear to be an option in PM. Even manual updates to later 13.x releases are detected as needing to be updated to 14.

http://blogs.adobe.com/flashplayer/2014/03/upcoming-changes-to-flash-players-extended-support-release.html

 

Sally5432's picture

Thanks for replying. I put a ticket in.  Wish it was more clear what expected behaviour was sometimes.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

dougoly's picture

I am running into a similar issue and wondering if you got anywhere with your support ticket? 

Sally5432's picture

Not yet, but will post back when I hear something

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Joshua Rasmussen's picture

To All,

Patch Management targets for most recent deployment as detailed in KM: TECH206151. The vendor provides the latest updates and that is the method used to target for Patch Management. (Note: if a lower version is desired; simply do not deploy the newer version to that client as detailed in this Knowledge Management [KM] Article).

If the clients are not listed in Patch Compliance Reports, nor being targeted by the Software Update Policy; there appears to be an issue with either 1. The Patch Inventories: Client communications to the SMP or the SMP processing the Patch Inventories (KM: HOWTO60750 & TECH194917), or 2. There are problems with the Client's resource associations failing to be made in the database during the Patch Filter update process (KM: HOWTO79488).

There may be some underlying issues in the environment that are not part of the two checks detailed above. Workflow of Patch Management and further troubleshooting steps are outlined on KM: HOWTO79448. You may also try running the SMP Diag Tool provided on KM: TECH202997 to see if there are any other anomalies that would attribute to this in the enivornment.

In an environment configured and deploying with best practice settings as outlined in KM: HOWTO56242: The Software Update Policy for APSB14-13; Avanced tab should display all updates as disabled, for this bulletin was superseded by recent versions and this is cleaned up via processes performed during the PMImport. The newest version provided in APSB14-16 would be the only Flash update listed as vulnerable in Compliance Reports. The Bulletin would then be downloaded and deployed via Software Update Policy per this KM article. 

Additionally: If an alternate means of deployment is being used (e.g. Server Task Job to run the 'AeXPatchUtil.exe /xa'); the process may be failing on some other level not being utilized by Patch Management, for Task Server may have backed up jobs etc., and therefore the Software Update is running but not being installed. 

If the process checks above yield no results; continue working with Tech Support, for overall product processes and environment health may need further troubleshooting.

Hope this helps,

Joshua

Sally5432's picture

Joshua,

Thanks for the response.

<<APSB14-13; Avanced tab should display all updates as disabled>> - in our environment it does. I disabled the update which is my usual step for policies with all updates disabled.  The policy still exists (in disabled state) but would be deleted in a few weeks.

<< APSB14-16 would be the only Flash update listed as vulnerable in Compliance Reports>> Seems to be true here.

meh. still waiting ot hear from support on ticket I put in Friday.

 

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Sally5432's picture

Support was able to replicate the issue and it's now with backline.  Likely to be fixed via pmimport soon.  Was super happy to hear support replicated it before they even called me.  

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Gregg Knudsen's picture

Our users are still being prompted to upgrade to the latest Flash.

I hope that Adobe releases a new patch tomorrow (they usually come out with MS on Patch Tuesday), that actually upgrades computers to ver 14.

I am contemplating setting a policy to never check for upgrades on all these products that like to annoy the users - iTunes, Flash, Java, etc.

 

 

 

Sally5432's picture

We pushed mms.cfg for flash during initial flash install, so users aren't prompted here at least.  Do similar with Java.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Joshua Rasmussen's picture

Update regarding ABSP14-16 failing to deploy v14 updates:

Found the update is a major upgrade release bundled with v13 software update. The current logic ensures that those upgrading v13 are not being forced to upgrade to major release in v14.

This is detailed in KM: TECH222436. Enhancement Request; currently being reviewed the logic can be added for Patch Development to target / deploy v14 to clients on v13. Please subscribe to this article as it will be updated as soon as Patch Dev's review of the logic is concluded.

As of now; this is working as designed. Please utilize the Software Delivery Solution, or other Software Deployment methods, if the v14 needs to be deployed to the environment. 

Thank you,

Joshua

Sally5432's picture

Seems like the 2 TECH articles referenced in the thread are kind of a gray area on when a major released is pushed and when it isn't.

Guess we'll see what tomorrow's patch Tuesday brings.  Hopefully Adobe doesn't continue to update v13 very long and then the major relase path will be more clear.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Sally5432's picture

July Flash has both 13 and 14 installers again. bummer.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.