(imported topic written by nberger91)
Is BigFix intending on releasing content for the following critical flash player update http://www.adobe.com/support/security/bulletins/apsb11-26.html ?
or should i say, can you urgently pls…
Thanks.
(imported comment written by SystemAdmin)
The Fixlets for Adobe security advisory APSB11-26 have been published.
- Flash Player 10.3.183.10 Available - Internet Explorer (ID: 1091017)
- Flash Player 10.3.183.10 Available - Firefox/Mozilla (ID: 1091018)
(imported comment written by SystemAdmin)
These Fixlet use to have something like this in their relevance, to check if the exe was currently running.
(not (exists true whose (if true then (exists running application “iexplore.exe”) else false)))
or
(not (exists true whose (if true then (exists running application “firefox.exe”) else false)))
Does anyone know why they don’t come like these directly from IBM. I know I can add it myself, but maybe it was taken out for a technical reason.
(imported comment written by SystemAdmin)
I checked the published Fixlets for Flash Player dating back to v9.x of the player. The Fixlets didn’t have an a relevance to check if Internet Explorer was running. Such relevance would prevent the Fixlets from being applicable on systems that have Internet Explorer running.
But as of now, the Fixlets do have a non-default action available to terminate IE if it is currently running and then apply the patch.
(imported comment written by SystemAdmin)
Thank you for the quick response. I was looking at Fixlet ID 1396 “Flash Player 9 Availble - Firefox/Mozilla” it’s last line is (not exists running application “firefox.exe”)
Do you foresee any issues if I include
(not (exists true whose (if true then (exists running application “iexplore.exe”) else false)))
or
(not (exists true whose (if true then (exists running application “firefox.exe”) else false)))
We know that machines running IE or Firefox at the time will not be affected, which is what we are aiming for since this will be deployed during production hours.
(imported comment written by SystemAdmin)
I’ve been adding that check to the relevance for the Flash Player/Firefox for a while with no issues. I haven’t run in to any problems with upgrading Flash Player/IE while IE is running.
(imported comment written by SystemAdmin)
The extra relevance checks mentioned above look appropriate for your scenario. I don’t foresee any issues.
(imported comment written by bendernet91)
Still do not have these updates. Refreshed cache in the console. Still no luck. Please help!
Steve
(imported comment written by SystemAdmin)
Steve,
The current version of the ‘Updates for Windows Applications’ site (380) has the Fixlets for the latest Flash Player patches. The Fixlet IDs are as mentioned in the comment above.
What’s the version of the site displayed on your console?
(imported comment written by mbp911)
It seems that when a new adobe update is made available, the old one is superseded and the download is no longer available. This causes issue as if you are rolling out the previous version in a controlled and certified environment, the install will fail as the SHA1 and File size has changed.
The client I manage has a process in place to validate each patch or update to the environment and usually begins this process 1 week following MS Patch Tuesday. The validation takes one week and includes MS and Adobe Updates. After the validation, all patches and updates are deployed in a baseline.
The problem is that Adobe, though following a Microsoft like release schedule, does not support previous versions if an update has been published on their site and TEM changes relevance to prohibit further installations of a superseded version.
The only course of action that you can take is to download the update and package it up for future use. I think that it is understood that we want to ensure that we have the most current fixes for vulnerabilities; however, this is problematic when the environment is heavily scrutinized and controlled on the content that is delivered.
I was hoping that I could somehow extract the file in the SHA1 folder with BFArchive, but, to no avail, as it is not a TMP file. Is there a way to extract a file in the SHA1 Directory that is not a TMP File? This would help greatly.
(imported comment written by BenKus)
Hi mpb911,
The file in the sha1 folder is simply a renamed version of the file itself (no extraction necessary).
Ben
(imported comment written by mbp911)
So to state the obvious, where is the renamed file if a prefetch statement is used in the action script?
(imported comment written by SystemAdmin)
Hi mbp911,
If I understand correctly, you are probably trying to use the manual caching approach for deploying an older version of the Flash Player Fixlet.
You can find more information on manual caching here: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=390
The article mentions the location of the sha1 folder on the BES server. You will have to place the older installer file renamed with its sha1 value into the sha1 folder.