madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Attention Windows XP users: Update Flash Player now

By | January 12, 2010, 1:25pm PST

Summary: The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks.

Microsoft has shipped a security advisory with an urgent message for Windows XP users:  Update your Flash Player immediately.

The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory.

Here’s the warning:

Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe.

The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.

This issue affects Windows XP Service Pack 2 and Windows XP Service Pack 3.  The warning is also applicable to users running Windows XP Professional x64 Edition Service Pack 2.

Adobe discontinued support for Adobe Flash Player 6 in 2006. The latest version of Adobe Flash Player is 10.0.42.34.

Adobe Flash Player is among the most commonly exploited desktop applications so it’s important for all Windows XP users to heed this warning from Microsoft.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Vulnerability, Macromedia Flash Player, Adobe Flash Player, Microsoft Windows XP, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 50 Talkback(s)

  • I mean, c'mon!
    Anybody that is still using the default Flash player that is included in Windows XP is just asking for it anyway.

    Newsflash: XP RTM is insecure.

    If I hear anybody that says they just recently got Blaster or Sasser, they deserve a slap.
    ZDNet Gravatar
    Joe_Raby
    12th Jan 2010
  • Bad analogy
    Your analogy is not accurate. A vendor is responsible for providing security updates for components that they distribute with their product. If Microsoft provides Flash 6 with Windows XP, then they are responsible for providing Flash 6 security updates for the duration that Windows XP is supported.

    In other words, a fully-patched, supported Windows XP system with no additional software installed should be secure to known vulnerabilities.

    This liability is probably why Microsoft stopped distributing flash after XP.
    ZDNet Gravatar
    forrestgump2000@...
    12th Jan 2010
  • Therein lies the problem
    Microsoft doesn't write Flash, and XP RTM has been out of support for a while now, and future versions didn't include Flash 6. If anything, they should've removed it, but there would be other legal issues about that.
    ZDNet Gravatar
    Joe_Raby
    12th Jan 2010
  • Attention Windows XP users: Update the OS now
    Microsoft has shipped a security advisory with an urgent message for Windows XP users: Update your Operating System immediately.

    Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory.

    This issue affects Windows XP RTM, Windows XP Service Pack 1, Windows XP Service Pack 2, and Windows XP Service Pack 3. The warning is also applicable to users running Windows XP Professional x64 Edition Service Pack 2.

    happy
    ZDNet Gravatar
    Cylon Centurion
    12th Jan 2010
  • My XP system
    is still going strong, after 8 years.

    I see no reason to stop using it yet.

    Mark
    ZDNet Gravatar
    markflax
    13th Jan 2010
  • What's your IP address then?
    I have a great video file for you to download...by the way you'll have to update your "flash" player...click on this link...
    ZDNet Gravatar
    Lovs2look
    13th Jan 2010
  • too true
    While yes I dual boot XP - 7 I still prefer XP for many of my more intensive programs and games because then the OS is using less resources and allowing the program/game to have it. XP (assuming if your like me and like to customize) can be modded to have Aero and the Windows ORB aswell as sidebar, docks, wallpaper cycler, and much more most of which you can get on the internet if you can't do it yourself. (and for free) XP is still a very functional OS.


    P.S. some things we have to remember is that some people still don't even have 1gb ram because well they just dont use it. they use their computer/laptop for work or just browsing the web.
    ZDNet Gravatar
    Ninja1507
    13th Jan 2010
  • windoze is insecure...where is the news
    M$ greed and incompetence put flash on all windoze machines.
    A class action lawsuit is in order!
    ZDNet Gravatar
    Linux Geek
    12th Jan 2010
  • But more secure than any version of Linux
    And to no one's surprise it's due to greed and incompetence...
    ZDNet Gravatar
    Johnny Vegas
    12th Jan 2010
  • greed and incompetence = is the Windows way since 3.1
    or haven't you noticed that yet..........
    ZDNet Gravatar
    SoYouSaid
    13th Jan 2010
  • Really?
    But more secure than any version of Linux

    Any proof of that? Or are you just slumming?

    lol...
    ZDNet Gravatar
    Wintel BSOD
    13th Jan 2010
  • well, look.
    He doesn't have some magical manna coming down
    from heaven to convince stupid friggin' Linux
    users that they are mistaken about exactly how
    secure their OS is and how insecure Windows is.
    There've been studies that at the time showed
    Windows Vista was more secure than OS X Leopard
    OR any popular version of Linux at the time
    (Ubuntu, Red Hat or one other one, if mind
    serves. I understand there are stupid numbers
    of distros and there is probably one that
    doesn't have internet making it more secure
    than Windows, but who cares? Linux is so
    crippled in functionality for some users that
    it would just be plain stupid to switch).

    It's google-able, it's not lying to you, and if
    you choose not to believe it, you can go stick
    your tinfoil hat on and pray aliens don't
    abduct you. Now leave every non-crazy who wants
    an actual forum alone, PLEASE.
    ZDNet Gravatar
    evilkillerwhale@...
    13th Jan 2010
    • Flagged
  • Tell ya what....
    evilkillerwindbag, we know you tried it once and didn't have the brains to get it to work. We promise we won't make fun of you. Honest.

    You just don't measure up. You're just not cut out for it, that's all.

    Now until you get substantiated proof that Linux is more vulnerable than Windoze, you're nothing but an overblown beached whale.
    ZDNet Gravatar
    Wintel BSOD
    13th Jan 2010
  • let's just speculate why don't we
    Windows has always been vulnerable to attacks.
    Sometimes because of the OS itself, other
    times, because of the software third party
    developers write for it.

    Don't kid yourself, Linux would be just as
    vulnerable, and just as big a target, if it had
    the market share Windows did. But I guess we'll
    never know, because Linux will never have even
    a fraction of that market...

    Keep dreaming, geeks.
    ZDNet Gravatar
    SystemVoid
    13th Jan 2010
  • Linux is safe due to small market share?
    You say that as if that is a bad thing. The reason does not matter, only the results matter. Is the home safer with an alarm or a dog? Does it matter?

    Paul
    ZDNet Gravatar
    pfyearwood
    13th Jan 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here