Uninstall Adobe Flash with KB4577586

Microsoft has released a Windows update (KB4577568) that removes Adobe’s Flash Player before it reaches end of support on December 31, 2020. However, it isn’t rolling out via Windows Server Update Service (WSUS) yet, and the update needs to be downloaded and installed from the Microsoft Update Catalog. It will become available to WSUS in early 2021. In this post I will show how you can Import this update in WSUS and deploy it with MECM (Software Update Point).

Import

Because the update KB4577586 isn’t yet available in WSUS we can import the update from the Microsoft Update Catalog in WSUS and then start the sync in MECM in order to be able to deploy the update with MECM.

Log into the server with the WSUS role installed on it and start WSUS with run as administrator.

This image has an empty alt attribute; its file name is image-91.png

On the right side click on Import Updates and the Microsoft Update Catalog will be opened.

Now search for KB4577586 and Add the version(s) you want to import. I have added the Windows 10 1809, 1909 x64 versions. After adding the updates click view basket.

Click on the import button on the right side.

If the import fails.

Add the following regkey and restart the server:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"SchUseStrongCrypto"=dword:00000001
This image has an empty alt attribute; its file name is image-97-1024x282.png


Now do the same steps again from starting WSUS and import the update. The error is gone!

Now open the MECM console and go to: \Software Library\Overview\Software Updates\All Software Updates.

Right click All Software Updates and select Synchronize Software Updates.

This image has an empty alt attribute; its file name is image-99.png

Click Yes.

This image has an empty alt attribute; its file name is image-100.png

After a few minutes the updates will be available in your All software updates search result:

You can now deploy this update to the desired devices.

Deploy the updates

Select the updates, select Deploy

Give the deployment Name: Update for Removal Flash player. Click Browse and select the collection to deploy the updates to. Click Next.

Select the Type of deployment (available or required) and use Wake-on-LAN wake up clients for required deployments if you want and select the detail level of the state messages. Click Next.

Set the Software available time and the Installation deadline. (In this case I will select As soon as possible). Click Next.

Set the User notifications. Click Next.

Set an update alert, if you want. Click Next.

In this case we will select a deployment packages we already have created, but you can also create a new deployment package. Click Next.

Click Next.

Click Next.

Click Next.

Click Next.

User Experience

Now lets see what the user will see when opening Software Center:

After the installation (there is no reboot required) The flash plugin will me removed. You can check this by opening control panel and see that the flash player plugin is gone.

INFO: This flash removal update will remove the embedded flash plugin of Edge and IE11 and ALSO will remove manually installed NPAPI flash plugins (Firefox/Chrome).

The update can’t be uninstalled.

Theme: Overlay by Kaira