Patch Management Solution

I obtained the flash player 16.0.0.235 through the APSB14-27 Bulletin. I am in a testing phase with four test computers, two of the tests have flash player ax/pi 12.0.0.3, the other two have 15.0.0.183. The new bulletin will not get applied against either of my test computers in the software update tab of the agent. So far I explored to the server and tried to install flash player 16 ax and pi from where patch mgt. places the files on the server. My result is "please uninstall flash player". This is normally what does not happen going to newer version of flash player, the new version always remove the old first then installs the current version. Am I trying out 16.0.0.183 too soon, or is Adobe creating a different route of their newer versions of flash player?

Hello MJammer,

It is possible the older versions of Flash have supported updates within their respective version. Please view KM: TECH222436, for it details this further.

Review the Compliance by Computer / Bulletin Reports; see if the vendor dropdown renders data for that client and displays current applicable info regarding Adobe. This will help you see which updates are vulnerable to the client pertaining to that vendor software.

Let me know if you have any questions and I will be happy to help.

Hope this helps,

Joshua

That might be correct. I recently noticed one co-worker has flash player 15.0.0.246. He was able to go to 16.0.0.235 without any problem. By way of our hardware independent images, desktops should have either 12.0.0.3 or 15.0.0.159. So how would I go about obtaining 15.0.0.246 in Patch remediation Center?

I have noticed in the Import Patch Data for Windows flash player bulletins come up as 11, 12, 13, 14, 15, 16. You are not sure on which version of 15 lets say, you are going to download. If I download flash 15 I get 15.0.0.239, not 15.0.0.246.

It appears Adobe Flash Player 15.0.0.246 is no longer available from Adobe for download. Adobe provides the link to download http://get.adobe.com/flashplayer on https://forums.adobe.com/thread/1654544, but as you can see that directs to the 16.0.0.235 download. 

Also found: http://helpx.adobe.com/security/products/flash-player/apsb14-27.html, which is the download for APSB14-27, and that is available in the PRC, but it only provides Flash Player v13 & v16, for those are still supported by Adobe.

The best way to utilize the Patch Management product is begin with the Compliance by Bulletin Report, target Vendor dropdown for Adobe, and review the Applicable/Vulnerable updates in the environment. 

Keep in mind that Patch Management is not designed to deploy Software, for it is only going to target if the IsApplicable=TRUE rule is targeting for a vulnerability outlined by the vendor.

If a specific software is needed to be deployed; download it from the vendor and utilize Software Delivery Solution to deploy it to the environment.

Well, I also obtained Bulletin APSB14-26 for Flash Player 15.0.0.239. Let's see how that will go before using APSB14-27. What do you think? So far my Applicable Computers By Bulletin shows 103(Applicable), 33(Installed), 70(Not Installed). I have a bunch of desktops from my HII image that have 15.0.0.183. So I am going to see if I can get a small group of them to get the 14-26 bulletin. Then maybe they can get to the 14-27 bulletin.

I am still new to Patch Mgt. I have understood so far that it is in a way passive. Not like a Managed Software Delivery like I have done in the past for flash player.

This morning I checked my targets that should have received apsb14-26 overnite. They failed as it showed in the software update tab the exit code is 1611. I see the reason why is probably because of flash player needing to be removed first before installing 15.0.0.239. I went to 'C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{2F44A12B-25FF-6B97-111B-00CD5866B785}\cache\install_flash_player_15_plugin.exe' and I also tried the path for activex. See attached screenshot of the error. I cannot see why going from 15.0.0.183 to 15.0.0.239 requires an uninstall. This is a first for my time. I never had to remove flash before, I have delivered flash many times in the past with Managed Software Delivery, and same delivery when I used Novell Zenworks 7.

I hope someone else has come across this recently.

That isn't expected behavior. I expect it to target and clear the old install first and then install the update, for that is the expected behavior with the Adobe products.

If that Software Update was listed in the Windows Compliance by Bulletin Report as Vulnerable, and you created the Software Update Policy to deploy the update, and the Exit Code is 1611 outlined as

ERROR_INDEX_ABSENT       1611   Component qualifier not present.

This is found on http://support.microsoft.com/kb/290158

If you are utilizing only Patch Management to run the install as outlined on KM: HOWTO56242 (basic configuration of Patch Management); I feel a Support Case would be best to have this reviewed. 

I am uncertain if this is a one-off anomaly caused by previous software deployment corruption, and that interfere with the Patch Assessment Scan targeting appropriately, but a Support Case with the Client Data found on KM: HOWTO60789 would be ideal to begin troubleshooting. The Support Team will see if it is reproducable and troubleshoot further.

Tomorrow I'll have to try to get the bulletin for 15.0.0.239 (if it exists) and check out the Report as being vulnerable or not. By the way, today I obtained APSB15-01 (flash player 16.0.0.257, tried a quick install by policy through the patch remediation center, same result. This is applying to a test pc with 15.0.0.239. The software update tab of the agent shows the process of bulletin 15-01 being applied but fails. Obtained the files for the bulletin (activex and plugin) and flash tells me to uninstall my existing flash before installing the new version. Geez, again.

Thought of skipping all this and doing Managed Software Delivery of the flash uninstaller, then run the installers of 16.0.0.235 activex and plugin.