Well this is a problem. (Update, Sept 24th @ 5:30pm ET: Microsoft fixed it.)

KB3087040 is an update from Microsoft that patches Adobe Flash Player in Internet Explorer and Microsoft Edge (and other applications as we'll mention later). The add-on has been vulnerable to numerous security issues over the last several years, which is a big concern whenever an application accepts untrusted data, especially when it is developed in a language with explicit memory management. It can be as simple as forgetting the sign of an integer.

But that's not the problem — we know Flash has holes all over that Adobe has been filling with calcified tears. No, the trouble is with Windows Update this time. On Windows 10, the update is failing to install with an error code. Workarounds exist to block the plug-in from loading, but on a program-by-program basis. Microsoft specifically mentioned Office 2007 and Office 2010 in their security advisory, which can invoke Flash through Internet Explorer even if your system's group policy to disable Flash in Internet Explorer. You really need to apply the update to be secure.

There is apparently a way to do it, too, but Microsoft has not recommended it. InfoWorld found the update's manual installer links, one for Windows 10 32-bit and the other for Windows 10 64-bit, and posted it in their article. Yes, they link to windowsupdate.com, which is an official Microsoft website.

So what should you do? I don't know. It's impossible for me to verify that InfoWorld got the correct version of the patch, because Microsoft has issued KB3087040 several times and mistakes are easy to make. It's also impossible for me to know if manually installing the patch will confuse Windows Update in the future. Both potential problems seem unlikely, though.

If you don't manually install the update before Microsoft fixes their bug, then you probably shouldn't use Internet Explorer, Edge, Office, or maybe even Windows Store apps that use Trident or Edge rendering engines.