Windows Server 2012 R2 and Adobe Flash

My vulnerability scanner keeps screaming that one of my Server 2012 R2 Standard servers is running a vulnerable version of Flash, which I can't find.  The server has all the latest Windows Updates and I have uninstalled the User Experience feature and rebooted and rescanned, don't know what else to try on this one.
bsjj2727Asked:
Who is Participating?
 
bbaoConnect With a Mentor IT ConsultantCommented:
> My vulnerability scanner keeps screaming that one of my Server ... is running a vulnerable version of Flash

i guess you the scanner does have a log showing what have found and from where? just please check the scanner's options first.
0
 
MacleanSystem EngineerCommented:
Check windows updates for Flash KB's. Flash updates for Edge on Win8/10/2012 are done through Windows Updates (Or download on the Update Catalog)
0
 
Network ZeroCloud Engineer Commented:
Why not just update flash on the adobe site.  There's  a version for is/edge and one for  chrome and Firefox
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
bsjj2727Author Commented:
I can't install from the flash site manually because it won't install because it's embedded in server 2012r2 when you enable the desktop experience. I ran windows updates and it shows I'm up to date I searched the Microsoft catalog for the lasted adobe flash update kb4034662 and it's already installed. Don't no what else to try on here.
0
 
MacleanSystem EngineerCommented:
I reviewed the revision number for KB4034662, which is identical to the most current version from Adobe (Version 26.0.0.151)

Does your security scan show which version it is referring to perhaps? I wonder if the deployment installed, but is failing to work.
If so the only error I am aware of is when your event viewer has Event ID 1001 logged. If so, run sfc /scannow and when done review the c:\windows\system32\cbs\cbs.log file, search for "flash" I wonder if it might refer to error code 8007010b.
(Might be easier skipping the scan and browsing to c:\windows\system32 and check that the folders Macromed\Flash exist. (e.g. c:\windows\system32\Macromed\Flash) If not, uninstall the KB, manually create the folders, and re-run the update.

If none apply then again review the security warning, it usually tells you which Flash version it detected.
0
 
compdigit44Commented:
Is it possible that your security scanner it looking for a flawed update on Windows 2012 R2?

https://forums.adobe.com/thread/1926060
0
 
bsjj2727Author Commented:
The server is also a vcenter server, I think it may be related to that, I'm still looking into that
0
 
compdigit44Commented:
Can you please post what version of Adobe is running on the server. Please see the following link on how to check this: http://renshollanders.nl/2016/10/check-adobe-flash-version-internet-explorer-active-x-on-server-20122016-and-windows-8-110/

I have not check this myself but wondering if Windows 2012 R2 has 32 and 64bit versions of Adobe Flash and if so are they the same version on your server
0
 
bsjj2727Author Commented:
I called the vendor and got them involved, turns out there was one file that was buried that I had to manually remove to clear the finding.  The vendor had to turn on debugging for me to see the exact location of the file, thanks for the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.