rhymeswithmogul/FlashKiller.ps1

## FlashKiller.ps1
<#PSScriptInfo
.VERSION 1.0
.GUID d3aa9909-cd37-4154-81d2-7e6ef3c776ce
.AUTHOR Colin Cogle
.COPYRIGHT (c) 2020 Colin Cogle.  All rights reserved.
.TAGS Adobe, Flash, Player, swf, killer, KB4577586
.LICENSEURI https://www.gnu.org/licenses/agpl-3.0.en.html
.PROJECTURI https://gist.github.com/rhymeswithmogul/1346f32de625962b17adc713d0ac350c
#>

<#
.SYNOPSIS
Permanently remove support for Adobe Flash Player from Windows.

.DESCRIPTION
This cmdlet will download and install the official Microsoft update to permanently remove and block the Microsoft-provided copy of Adobe Flash Player from this computer.  Once this update has been installed, it cannot be removed!  You will need to restore this computer via System Restore or from backup.

.PARAMETER Force
Bypass the big, in-your-face warning and just install the update.  This overrides -Confirm.

.INPUTS
This script takes no input.

.OUTPUTS
This scripts sends no output, only human-readable text.

.EXAMPLE
PS> .\FlashKiller.ps1

Downloads and (after asking the user) installs KB4577586.

.EXAMPLE
PS> .\FlashKiller.ps1 -Force

Downloads and installs KB4577586 with no warning or confirmation.  Be very sure that you want to do this.

.LINK
https://www.powershellgallery.com/packages/FlashKiller/1.0
#>

#Requires -Version 5.0
[CmdletBinding(SupportsShouldProcess, ConfirmImpact='High')]
[OutputType('void')]
Param(
	[Switch] $Force
)

# These update URL's have been taken from the Microsoft Update Catalog.
# Microsoft provided non-secured HTTP URL's, and I've not modified them,
# as trying HTTPS results in a certificate error.
$Win10Updates = @{
	'AMD64' = @{
		'1507' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_a0ff1622de1e30a2400d56903161a3c0757c29d1.msu'
		'1607' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_809b9640d04c5af4c7e78499052abaa936cb670a.msu'
		'1703' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_84ef2e9e7eb6bd2a3cfa5a8aef59adccab988e7d.msu'
		'1709' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_e0921a984710c3992b68e570115b29b9e8e5c708.msu'
		'1803' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_07eba1db5a2cfac83683bd43d727a3195a94b39b.msu'
		'1809' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_d0f434327db9e3308b86591c248c825c03687632.msu'
		'190?' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_ec16e118cd8b99df185402c7a0c65a31e031a6f0.msu'
		'20??' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_c9bb49df325c20ddc147137b3f769fa44d800dde.msu'
	}

	'x86' = @{
		'1507' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_cc1837e27113e5444e025cf2dc2e2ed556ba77f9.msu'
		'1607' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_97a4f342e91e40b921727a8b944a29f7155f3ca1.msu'
		'1703' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_9a3ade6ec24a2627276cbd7df0b39ece8ffee269.msu'
		'1803' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_b737ffa841d2aab5cbf5e00560b93577a6d0b4d2.msu'
		'1809' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_947f151a8bb5a0b0797702e53431c52d56c02c32.msu'
		'190?' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_002b1ffa7fb31836aeaed74007a6949d31a96460.msu'
		'20??' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_238da6b730a3f6a709f31980b87e2d8ecb0a8973.msu'
	}

	'ARM64' = @{
		'1709' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_81d999c5c09cfd4e914cfaaa6f3c80b8ec911a84.msu'
		'1803' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_e6c65b35f640b4541a674b77b064c1e4d066e52d.msu'
		'1809' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_9b954e1ca43f467e324283b8be5e5a8ab929e5a4.msu'
		'190?' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_cacff17e2776c6ade22df2533a674b0b68f13bc1.msu'
		'20??' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_935f62c2ac5987ceda52ca0358664f5b6be381d8.msu'
	}
}

# Yes, Windows 8 and Server 2012, and Windows 8.1 and Server 2012 R2, have the same update URL's.
# That is not a typo.  That is perfectly normal, as they share codebases.
$OtherUpdates = @{
	'AMD64' = @{
		'Windows Embedded 8' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows8-rt-kb4577586-x64_3dde08cdb47cb317ba47a9181fceee09951c614c.msu'
		'Server 2012'        = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows8-rt-kb4577586-x64_3dde08cdb47cb317ba47a9181fceee09951c614c.msu'
		'Windows 8.1'        = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows8.1-kb4577586-x64_1c039dbdafaf12e9163e8d56cf578cc998306ecd.msu'
		'Server 2012 R2'     = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows8.1-kb4577586-x64_1c039dbdafaf12e9163e8d56cf578cc998306ecd.msu'
		'Server 2016'        = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_809b9640d04c5af4c7e78499052abaa936cb670a.msu'
		'Server 2019'        = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_d0f434327db9e3308b86591c248c825c03687632.msu'
	}

	'x86' = @{
		'Windows Embedded 8' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows8-rt-kb4577586-x86_2c105da7125b3d7a33edc8fd07c322261625bd3c.msu'
		'Windows 8.1'        = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows8.1-kb4577586-x86_d81dcb42a9b91d279c0b7510669bc0d556288fd3.msu'
	}
}

# Make sure we don't already have the update.
If (Get-Hotfix -Id 'KB4577586' -ErrorAction SilentlyContinue) {
	Write-Output  'SUCCESS:  KB4577586 is already installed on this device.'
	Write-Verbose 'This system has not been modified.'
	Return
}

# If it's missing, let's figure out what operating system we have.
# This can be read from the registry.
Else {
	$CurrentWindowsVersion = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -ErrorAction Stop
	Write-Verbose "We are running on the ${env:PROCESSOR_ARCHITECTURE} architecture."
	Write-Verbose "The current operating system is $($CurrentWindowsVersion.ProductName)."

	$Uri = $null
	If ($CurrentWindowsVersion.ProductName -CLike 'Windows 10*' -or $CurrentWindowsVersion.ProductName -Like 'Windows Server, version*') {
		ForEach ($Version in $Win10Updates.${env:PROCESSOR_ARCHITECTURE}.Keys) {
			# Almost every version of Windows 10 has its own update.
			# Check the registry to find out the version number.
			Write-Debug "Does our Windows 10 version ($($CurrentWindowsVersion.ReleaseId)) -Match `"$Version`"?"
			If ($CurrentWindowsVersion.ReleaseId -Like $Version) {
				$Uri = $Win10Updates.${env:PROCESSOR_ARCHITECTURE}.Item($Version)
				Break
			}
		}
	}
	Else {
		ForEach ($OSName in $OtherUpdates.${env:PROCESSOR_ARCHITECTURE}.Keys) {
			# Older versions of Windows have one single update, making things easier.
			Write-Debug "Are we running ${OSName}?  (Answer = $($CurrentWindowsVersion.ProductName))"
			If ($CurrentWindowsVersion.ProductName -Match $OSName) {
				$Uri = $OtherUpdates.${env:PROCESSOR_ARCHITECTURE}.Item($OSName)
				Break
			}
		}
	}

	If ($null -eq $Uri) {
		Write-Warning 'KB4577586 is not available for this device and operating system.'
		Return
	}
	Else {
		Write-Verbose 'Allocating a temporary file.'
		$temp = New-TemporaryFile -WhatIf:$false

		Write-Verbose 'Downloading update from the Microsoft Update Catalog.'
		Invoke-WebRequest -Uri $uri -OutFile $temp | Out-Null

		# The user will get one final warning.
		$warning = "Do you wish to install KB4577586, the optional `"Update for Removal of Adobe Flash Player`", from the computer ${env:ComputerName}?  This will remove and block the Microsoft-provided copy of Adobe Flash Player from ever running on this computer.  Once this permanent update is installed, it CANNOT BE REMOVED.  To regain support for Flash Player, you will need to run System Restore or restore from backup.`n`n"

		If ($Force -or $PSCmdlet.ShouldProcess($env:ComputerName, 'Permanently remove and block Flash Player', $warning)) {
			Write-Verbose 'Calling wusa.exe to install this patch.'
			Start-Process -FilePath 'C:\Windows\System32\wusa.exe' -ArgumentList @($temp.FullName, '/quiet', '/norestart') -Wait
			Write-Output 'SUCCESS:  KB4577586 has been installed successfully.'
		}
		Else {
			Write-Output 'This system has not been modified.'
		}

		Write-Verbose 'Deleting our temporary file.'
		Remove-Item -Path ($temp.FullName) -Force -ErrorAction SilentlyContinue -WhatIf:$false
	}
}
	<#PSScriptInfo
	.VERSION 1.0
	.GUID d3aa9909-cd37-4154-81d2-7e6ef3c776ce
	.AUTHOR Colin Cogle
	.COPYRIGHT (c) 2020 Colin Cogle. All rights reserved.
	.TAGS Adobe, Flash, Player, swf, killer, KB4577586
	.LICENSEURI https://www.gnu.org/licenses/agpl-3.0.en.html
	.PROJECTURI https://gist.github.com/rhymeswithmogul/1346f32de625962b17adc713d0ac350c
	#>

	<#
	.SYNOPSIS
	Permanently remove support for Adobe Flash Player from Windows.

	.DESCRIPTION
	This cmdlet will download and install the official Microsoft update to permanently remove and block the Microsoft-provided copy of Adobe Flash Player from this computer. Once this update has been installed, it cannot be removed! You will need to restore this computer via System Restore or from backup.

	.PARAMETER Force
	Bypass the big, in-your-face warning and just install the update. This overrides -Confirm.

	.INPUTS
	This script takes no input.

	.OUTPUTS
	This scripts sends no output, only human-readable text.

	.EXAMPLE
	PS> .\FlashKiller.ps1

	Downloads and (after asking the user) installs KB4577586.

	.EXAMPLE
	PS> .\FlashKiller.ps1 -Force

	Downloads and installs KB4577586 with no warning or confirmation. Be very sure that you want to do this.

	.LINK
	https://www.powershellgallery.com/packages/FlashKiller/1.0
	#>

	#Requires -Version 5.0
	[CmdletBinding(SupportsShouldProcess, ConfirmImpact='High')]
	[OutputType('void')]
	Param(
	[Switch] $Force
	)

	# These update URL's have been taken from the Microsoft Update Catalog.
	# Microsoft provided non-secured HTTP URL's, and I've not modified them,
	# as trying HTTPS results in a certificate error.
	$Win10Updates = @{
	'AMD64' = @{
	'1507' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_a0ff1622de1e30a2400d56903161a3c0757c29d1.msu'
	'1607' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_809b9640d04c5af4c7e78499052abaa936cb670a.msu'
	'1703' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_84ef2e9e7eb6bd2a3cfa5a8aef59adccab988e7d.msu'
	'1709' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_e0921a984710c3992b68e570115b29b9e8e5c708.msu'
	'1803' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_07eba1db5a2cfac83683bd43d727a3195a94b39b.msu'
	'1809' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_d0f434327db9e3308b86591c248c825c03687632.msu'
	'190?' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_ec16e118cd8b99df185402c7a0c65a31e031a6f0.msu'
	'20??' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_c9bb49df325c20ddc147137b3f769fa44d800dde.msu'
	}

	'x86' = @{
	'1507' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_cc1837e27113e5444e025cf2dc2e2ed556ba77f9.msu'
	'1607' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_97a4f342e91e40b921727a8b944a29f7155f3ca1.msu'
	'1703' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_9a3ade6ec24a2627276cbd7df0b39ece8ffee269.msu'
	'1803' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_b737ffa841d2aab5cbf5e00560b93577a6d0b4d2.msu'
	'1809' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_947f151a8bb5a0b0797702e53431c52d56c02c32.msu'
	'190?' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_002b1ffa7fb31836aeaed74007a6949d31a96460.msu'
	'20??' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x86_238da6b730a3f6a709f31980b87e2d8ecb0a8973.msu'
	}

	'ARM64' = @{
	'1709' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_81d999c5c09cfd4e914cfaaa6f3c80b8ec911a84.msu'
	'1803' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_e6c65b35f640b4541a674b77b064c1e4d066e52d.msu'
	'1809' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_9b954e1ca43f467e324283b8be5e5a8ab929e5a4.msu'
	'190?' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_cacff17e2776c6ade22df2533a674b0b68f13bc1.msu'
	'20??' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-arm64_935f62c2ac5987ceda52ca0358664f5b6be381d8.msu'
	}
	}

	# Yes, Windows 8 and Server 2012, and Windows 8.1 and Server 2012 R2, have the same update URL's.
	# That is not a typo. That is perfectly normal, as they share codebases.
	$OtherUpdates = @{
	'AMD64' = @{
	'Windows Embedded 8' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows8-rt-kb4577586-x64_3dde08cdb47cb317ba47a9181fceee09951c614c.msu'
	'Server 2012' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows8-rt-kb4577586-x64_3dde08cdb47cb317ba47a9181fceee09951c614c.msu'
	'Windows 8.1' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows8.1-kb4577586-x64_1c039dbdafaf12e9163e8d56cf578cc998306ecd.msu'
	'Server 2012 R2' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows8.1-kb4577586-x64_1c039dbdafaf12e9163e8d56cf578cc998306ecd.msu'
	'Server 2016' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_809b9640d04c5af4c7e78499052abaa936cb670a.msu'
	'Server 2019' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows10.0-kb4577586-x64_d0f434327db9e3308b86591c248c825c03687632.msu'
	}

	'x86' = @{
	'Windows Embedded 8' = 'http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/10/windows8-rt-kb4577586-x86_2c105da7125b3d7a33edc8fd07c322261625bd3c.msu'
	'Windows 8.1' = 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/10/windows8.1-kb4577586-x86_d81dcb42a9b91d279c0b7510669bc0d556288fd3.msu'
	}
	}

	# Make sure we don't already have the update.
	If (Get-Hotfix -Id 'KB4577586' -ErrorAction SilentlyContinue) {
	Write-Output 'SUCCESS: KB4577586 is already installed on this device.'
	Write-Verbose 'This system has not been modified.'
	Return
	}

	# If it's missing, let's figure out what operating system we have.
	# This can be read from the registry.
	Else {
	$CurrentWindowsVersion = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -ErrorAction Stop
	Write-Verbose "We are running on the ${env:PROCESSOR_ARCHITECTURE} architecture."
	Write-Verbose "The current operating system is $($CurrentWindowsVersion.ProductName)."

	$Uri = $null
	If ($CurrentWindowsVersion.ProductName -CLike 'Windows 10' -or $CurrentWindowsVersion.ProductName -Like 'Windows Server, version') {
	ForEach ($Version in $Win10Updates.${env:PROCESSOR_ARCHITECTURE}.Keys) {
	# Almost every version of Windows 10 has its own update.
	# Check the registry to find out the version number.
	Write-Debug "Does our Windows 10 version ($($CurrentWindowsVersion.ReleaseId)) -Match `"$Version`"?"
	If ($CurrentWindowsVersion.ReleaseId -Like $Version) {
	$Uri = $Win10Updates.${env:PROCESSOR_ARCHITECTURE}.Item($Version)
	Break
	}
	}
	}
	Else {
	ForEach ($OSName in $OtherUpdates.${env:PROCESSOR_ARCHITECTURE}.Keys) {
	# Older versions of Windows have one single update, making things easier.
	Write-Debug "Are we running ${OSName}? (Answer = $($CurrentWindowsVersion.ProductName))"
	If ($CurrentWindowsVersion.ProductName -Match $OSName) {
	$Uri = $OtherUpdates.${env:PROCESSOR_ARCHITECTURE}.Item($OSName)
	Break
	}
	}
	}

	If ($null -eq $Uri) {
	Write-Warning 'KB4577586 is not available for this device and operating system.'
	Return
	}
	Else {
	Write-Verbose 'Allocating a temporary file.'
	$temp = New-TemporaryFile -WhatIf:$false

	Write-Verbose 'Downloading update from the Microsoft Update Catalog.'
	Invoke-WebRequest -Uri $uri -OutFile $temp \| Out-Null

	# The user will get one final warning.
	$warning = "Do you wish to install KB4577586, the optional `"Update for Removal of Adobe Flash Player`", from the computer ${env:ComputerName}? This will remove and block the Microsoft-provided copy of Adobe Flash Player from ever running on this computer. Once this permanent update is installed, it CANNOT BE REMOVED. To regain support for Flash Player, you will need to run System Restore or restore from backup.`n`n"

	If ($Force -or $PSCmdlet.ShouldProcess($env:ComputerName, 'Permanently remove and block Flash Player', $warning)) {
	Write-Verbose 'Calling wusa.exe to install this patch.'
	Start-Process -FilePath 'C:\Windows\System32\wusa.exe' -ArgumentList @($temp.FullName, '/quiet', '/norestart') -Wait
	Write-Output 'SUCCESS: KB4577586 has been installed successfully.'
	}
	Else {
	Write-Output 'This system has not been modified.'
	}

	Write-Verbose 'Deleting our temporary file.'
	Remove-Item -Path ($temp.FullName) -Force -ErrorAction SilentlyContinue -WhatIf:$false
	}
	}