Fix for Flash Player Security Update install failure on Windows 10

Multiple users are reporting that a Flash Player security update that was issued through Windows Update for Internet Explorer and Microsoft Edger is failing to install. We have a solution that allows you to get this important update onto your system immediately.

Richard Hay, Senior Content Producer

September 22, 2015

3 Min Read
Fix for Flash Player Security Update install failure on Windows 10

Yesterday Microsoft issued KB3087040 to address a security vulnerability in Adobe Flash Player that is used on several versions of Windows, Internet Explorer 10/11 and on Microsoft Edge.

While it is great the patch is out users across social media are reporting that the update is failing to install with an error code of 0x80004005.

I can confirm that on all of my Windows 10 systems any attempt to install KB3087040 is failing with this code.

On my Windows RT 8.1 systems this security update installs without any issues.

In order to get around the failed Windows Update install of KB3087040 you can download and install this update as a standalone file using the following links. Just insure you select the file that matches your operating system and architecture (32/64 bit).

The KB3087040 article has full details on how to deploy this security update across your networks.

Here are details of the attack vector with this vulnerability:

In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

Let us know if you are seeing the same errors on your systems.

Source: Microsoft TechNet and KB3087040

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like