Adobe Flash 11.2 Background Updates from an Internal Server

One major problem with Adobe Flash Player is that the software often has vulnerability which allow code to take control of a users system. The issue is gets worse by the fact most enterprise environments wont allow their users to have Administrator user rights to reduce the amount of viruses, malware and spyware installed thus not allowing the same users to install the latest version of Adobe Flash Player and leaving them with outdated versions which are vulnerable.

After GOOGLING to try and find a workable restitution I found http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html which talked about a new option in Adobe Flash Player called SilentAutoUpdate. This new option allows System administrators to push settings to Adobe Flash Player by creating a text file called mms.cfg in the users C:\Windows\System32\Macromed\Flash for Windows 32bit or C:\Windows\SysWOW64\Macromed\Flash for Windows 64bit. I’m not going to go into to much detail but I at my work I could use Group Policy to copy this file I’ve created to all my users computer to allow SilentAutoUpdate. SilentAutoUpdate works by a task in the systems Task Scheduler being created and running once a day. This task starts a service called  AdobeFlashPlayerUpdateSvc. The service program is located in the same location as the mms.cfg file called FlashPlayerUpdateService.exe. The FlashPlayerUpdateService.exe reads the mms.cfg file. To enable the SilentAutoUpdate option to log add SilentAutoUpdateVerboseLogging=1 into the mms.cfg file.

The only issue I have with the SilentAutoUpdate option is that the software must have direct access to the internet via ports 443 and 80. In some enterprise environments such as mine must access the internet via a proxy which causes the SilentAutoUpdate to fail to update.

1 way around the SilentAutoUpdate not working via a web proxy is to create an internal mirror. This can be done by following the instructions on the http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_11_2_admin_guide.pdf pages 17-19. Once creating a local mirror you can add the option SilentAutoUpdateServerDomain=server.domain.com to your mms.cfg file which tells your FlashPlayerUpdateService access the update files via your web server rather than the internet directly.

My MMS.CFG file for testing looks like this but once working I would remove the VerboseLoging option to reduce the log file size. The settings below turn off gui updates and enable silent updates:

AutoUpdateDisable=0
SilentAutoUpdateEnable=1
SilentAutoUpdateServerDomain=firewall.cloudportal.local
SilentAutoUpdateVerboseLogging=1

Then my other issue was how to I keep my mirror synced with Adobes so I created a Shell Script to do it for me in a daily cron job. The script creates the folder structure, uses wget to download the files and logs everything it does. Save the text below as adobe-flash-background-updates.sh and ensure the paths are correct before running. To run the script run the command sudo sh ./adobe-flash-background-updates.sh once you know to the script is working for you add it to cron.

#!/bin/sh

########## INTOMATION ABOUT SCRIPT ##########

# This Script Titled adobe-flash-background-updates and was written by Tyrone Wyatt of www.cloudportal.org.
# This Script is open to use by everyone and is not under any licence.
# See flash_player_11_2_admin_guide.pdf for more infomation on how this script is required to function.

########## SCRIPT CONFIG ##########

# The TITLE option is the scripts name
TITLE=adobe-flash-background-updates

# The LOG option is the log file.
LOG=/var/log/$TITLE.log

# The SOURCE option is the mirror on which you would like to download the flash files from.
SOURCE=http://fpdownload2.macromedia.com

# The DESTINATION option is where you would like your downloaded files to go so they are accessable by your web service.
DESTINATION=/var/www

# The VERSION option is the current major version of Flash Player (for Flash Player 11.2, the major version is 11).
VERSION=11

########## SCRIPT CORE ##########

touch $LOG

echo “Welcome to $TITLE Script!”
echo “=O====== $(date) ========” >> $LOG 2>&1

if [ -d $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml ];
then
echo ‘Skipping destination folder structure creation.’
else
echo ‘Creating destination folder structure.’
sudo mkdir -v $DESTINATION/pub/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/ >> $LOG 2>&1
fi

echo ‘Downloading files…’
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z >> $LOG 2>&1

echo “Script complete! See log file for more infomation $LOG”
echo “=X====== $(date) ========” >> $LOG 2>&1

echo ‘ ‘ >> $LOG 2>&1

########## END OF SCRIPT ##########

I have been testing the script and am pleased to see it works well. The log file that the script creates looks much like the flashinstall.log for ease of reading.

If you require more infomation as I sometimes cut corners on documenting then you should read these other usful pages

Adobe Announces Plans To Abandon Flash On Linux

This announcement has come as a bit of a shock to me. Adobe only recently released their first stable Linux 64bit flash plugin months ago and now this announcement that the plugin is going to be discontinued. While I am pleased that Adobes partnership with Google has meant that a 64bit flash plugin will exist on Linux for Google Chrome users such as myself. This is news is very bad for the Firefox users and Linux Distributions like Ubuntu.

I hope that Adobe wakes and a smells the roses. The Flash plugin is a thing of the past with HTML5 video and JavaScript  its replacement. Pulling stunts like this gives web designers even less reasons to use flash content.

http://blogs.adobe.com/flashplayer/2012/02/adobe-and-google-partnering-for-flash-player-on-linux.html