ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Attention Windows XP users: Update Flash Player now

By | January 12, 2010, 1:25pm PST

Summary: The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks.

Microsoft has shipped a security advisory with an urgent message for Windows XP users:  Update your Flash Player immediately.

The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory.

Here’s the warning:

Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe.

The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.

This issue affects Windows XP Service Pack 2 and Windows XP Service Pack 3.  The warning is also applicable to users running Windows XP Professional x64 Edition Service Pack 2.

Adobe discontinued support for Adobe Flash Player 6 in 2006. The latest version of Adobe Flash Player is 10.0.42.34.

Adobe Flash Player is among the most commonly exploited desktop applications so it’s important for all Windows XP users to heed this warning from Microsoft.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Vulnerability, Macromedia Flash Player, Adobe Flash Player, Microsoft Windows XP, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

50
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Attention Windows XP users: Update Flash Player now
efsane Updated - 8th Apr 2011
Well done! Thank you very much for professional templates and community edition
sesli sohbet sesli chat
View in thread
0 Votes
+ -
I mean, c'mon!
Joe_Raby 12th Jan 2010
Anybody that is still using the default Flash player that is included in Windows XP is just asking for it anyway.

Newsflash: XP RTM is insecure.

If I hear anybody that says they just recently got Blaster or Sasser, they deserve a slap.
0 Votes
+ -
Bad analogy
forrestgump2000@... 12th Jan 2010
Your analogy is not accurate. A vendor is responsible for providing security updates for components that they distribute with their product. If Microsoft provides Flash 6 with Windows XP, then they are responsible for providing Flash 6 security updates for the duration that Windows XP is supported.

In other words, a fully-patched, supported Windows XP system with no additional software installed should be secure to known vulnerabilities.

This liability is probably why Microsoft stopped distributing flash after XP.
0 Votes
+ -
Therein lies the problem
Joe_Raby 12th Jan 2010
Microsoft doesn't write Flash, and XP RTM has been out of support for a while now, and future versions didn't include Flash 6. If anything, they should've removed it, but there would be other legal issues about that.
0 Votes
+ -
Attention Windows XP users: Update the OS now
Cylon Centurion 12th Jan 2010
Microsoft has shipped a security advisory with an urgent message for Windows XP users: Update your Operating System immediately.

Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory.

This issue affects Windows XP RTM, Windows XP Service Pack 1, Windows XP Service Pack 2, and Windows XP Service Pack 3. The warning is also applicable to users running Windows XP Professional x64 Edition Service Pack 2.

happy
0 Votes
+ -
My XP system
markflax 13th Jan 2010
is still going strong, after 8 years.

I see no reason to stop using it yet.

Mark
0 Votes
+ -
What's your IP address then?
Lovs2look 13th Jan 2010
I have a great video file for you to download...by the way you'll have to update your "flash" player...click on this link...
0 Votes
+ -
too true
Ninja1507 13th Jan 2010
While yes I dual boot XP - 7 I still prefer XP for many of my more intensive programs and games because then the OS is using less resources and allowing the program/game to have it. XP (assuming if your like me and like to customize) can be modded to have Aero and the Windows ORB aswell as sidebar, docks, wallpaper cycler, and much more most of which you can get on the internet if you can't do it yourself. (and for free) XP is still a very functional OS.


P.S. some things we have to remember is that some people still don't even have 1gb ram because well they just dont use it. they use their computer/laptop for work or just browsing the web.
0 Votes
+ -
windoze is insecure...where is the news
Linux Geek 12th Jan 2010
M$ greed and incompetence put flash on all windoze machines.
A class action lawsuit is in order!
0 Votes
+ -
But more secure than any version of Linux
Johnny Vegas 12th Jan 2010
And to no one's surprise it's due to greed and incompetence...
0 Votes
+ -
greed and incompetence = is the Windows way since 3.1
SoYouSaid 13th Jan 2010
or haven't you noticed that yet..........
0 Votes
+ -
Really?
Wintel BSOD 13th Jan 2010
But more secure than any version of Linux

Any proof of that? Or are you just slumming?

lol...
0 Votes
+ -
well, look.
evilkillerwhale@... 13th Jan 2010
He doesn't have some magical manna coming down
from heaven to convince stupid friggin' Linux
users that they are mistaken about exactly how
secure their OS is and how insecure Windows is.
There've been studies that at the time showed
Windows Vista was more secure than OS X Leopard
OR any popular version of Linux at the time
(Ubuntu, Red Hat or one other one, if mind
serves. I understand there are stupid numbers
of distros and there is probably one that
doesn't have internet making it more secure
than Windows, but who cares? Linux is so
crippled in functionality for some users that
it would just be plain stupid to switch).

It's google-able, it's not lying to you, and if
you choose not to believe it, you can go stick
your tinfoil hat on and pray aliens don't
abduct you. Now leave every non-crazy who wants
an actual forum alone, PLEASE.
  • Flagged
0 Votes
+ -
Tell ya what....
Wintel BSOD Updated - 13th Jan 2010
evilkillerwindbag, we know you tried it once and didn't have the brains to get it to work. We promise we won't make fun of you. Honest.

You just don't measure up. You're just not cut out for it, that's all.

Now until you get substantiated proof that Linux is more vulnerable than Windoze, you're nothing but an overblown beached whale.
0 Votes
+ -
let's just speculate why don't we
SystemVoid 13th Jan 2010
Windows has always been vulnerable to attacks.
Sometimes because of the OS itself, other
times, because of the software third party
developers write for it.

Don't kid yourself, Linux would be just as
vulnerable, and just as big a target, if it had
the market share Windows did. But I guess we'll
never know, because Linux will never have even
a fraction of that market...

Keep dreaming, geeks.
0 Votes
+ -
Linux is safe due to small market share?
pfyearwood 13th Jan 2010
You say that as if that is a bad thing. The reason does not matter, only the results matter. Is the home safer with an alarm or a dog? Does it matter?

Paul
0 Votes
+ -
No, it doesn't matter...
SystemVoid 13th Jan 2010
And since it doesn't matter, perhaps Linux users
should stop bashing everything that isn't Linux.
Or at least admit that if Linux and Windows traded
places, it would be Linux under attack, not
Windows.

So, no.. the reason doesn't matter.
0 Votes
+ -
So you just said that...
Wintel BSOD 13th Jan 2010
...because you're mad at Linux users and you don't have a pot to p!ss in, right...(?)

wink
0 Votes
+ -
lol
SystemVoid 14th Jan 2010
Yes, I'm mad at all two Linux users... boy are my
nerves fired up!
0 Votes
+ -
lol - Well go in the corner...
Wintel BSOD 14th Jan 2010
and take a time out. Mommy might bring you milk & cookies later.

more lol... grin
0 Votes
+ -
...
evilkillerwhale@... 13th Jan 2010
Your analogy skills need to be increased if you
wish to win an argument in life.

IS AN HP MONITOR OR AN LG MONITOR BRIGHTER?
DARS IT MATTUR? LINUX WIN GUFFAW FAW FAW.

Jeez, man, come on. Linux can't run as many
programs as Windows, it doesn't have the
support Windows does, and doesn't work out of
the box without you spending hours making sure
things are set up correctly. Until it has all
that under one unified flag (which kills the
point of Linux), it will remain worthless as a
real world tool and therefore it could have as
much security as the original gameboy (aka no
way to connect to anything with a virus) and no
one will care.
  • Flagged
0 Votes
+ -
Gee, you sound just like an Apple user
Wintel BSOD 13th Jan 2010
Who needs to have the OS dumbed down enough so you can treat it like a TV.

Why don't you just stick to TV, instead. It's safer.

lol...
0 Votes
+ -
Why not make Flash available on Windows Update?
Zogg 12th Jan 2010
Seeing as MS provided the vulnerable version of Flash in the first place.
0 Votes
+ -
As a matter of fact....
Wolfie2K3 13th Jan 2010
I did a massive mega-windows update on a box I rebuilt for a client last night. Among the patches downloaded was a critical update related to Flash.

And for the record... When Microsoft provided Flash 6 - Flash 6 WAS state of the art, the latest and greatest version.
0 Votes
+ -
Can you check the version of Flash after the update?
Zogg 13th Jan 2010
Because if it's the current "latest and greatest" then that would seem to a suitable response. Whereas updating to the final release of Flash 6 might not be...

"And for the record... When Microsoft provided Flash 6 - Flash 6 WAS state of the art, the latest and greatest version."

I don't doubt it. I certainly didn't mean to imply otherwise.
0 Votes
+ -
Would you trust Microsoft?
Real World 13th Jan 2010
You wouldn't see this on a modern Linux distribution because of the package management systems in place. But that implies trust in the maintainers. If Microsoft included something similar to Synaptic or Yum in Windows, would you trust Microsoft to maintain it? Is it that much of a leap from Windows Update?

I can hear the "big-brother" protests now...
0 Votes
+ -
Can anyone on this board read?
crazydanr@... 13th Jan 2010
You're all aware that flash player is written and maintained by Adobe, correct? This has nothing to do with the underlying OS - it's just as easy to write vulnerable software applications for any platform.

Adobe writes bloated, unsecure, and unstable software. This falls directly on their shoulders.
0 Votes
+ -
Didn't you read this bit?
Zogg 13th Jan 2010
"The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory."

Emphasis is mine. MS shipped a version of Flash with XP that is now obsolete, which means that MS now shares in the responsibility if that obsolete version of Flash compromises XP users' security.
0 Votes
+ -
So what...
SystemVoid 13th Jan 2010
A car company isn't going to take responsibility
for faulty tires that came with the car you
bought, largely because they didn't manufacture
the tires.

Microsoft can only be responsible for so much.
They didn't write the code for Flash, Adobe did.
0 Votes
+ -
Huh? If I bought a car and found its tires were faulty...
Zogg 13th Jan 2010
Then of course I'd take the tires back to the car dealership! Wouldn't anyone?!

You're being ridiculous!
0 Votes
+ -
You just said you'd take it back to the dealership.
evilkillerwhale@... 13th Jan 2010
That means that your computer manufacturer should
be fixing flash. If you built it yourself *YOU*
should update it. You just said that it's your
responsibility. You're being ridiculous!
0 Votes
+ -
Wrong
Wintel BSOD 13th Jan 2010
M$ pre-installed this piece of garbage on XP in the first place. Did Adobe hold a gun to their heads and force them to do it?
0 Votes
+ -
The "dealership" in this analogy...
Zogg Updated - 14th Jan 2010
... would be MS. MS still accepts responsibility for patching security issues in XP, doesn't it? And since Flash was bundled with the original basic XP installation, it follows that MS should undertake to keep that entire installation secure.
0 Votes
+ -
Read your manual
ExCorpGuy 13th Jan 2010
Tire warranty is spelled out in your manual as something that is not
covered under any auto manufacturer's warranty that I have ever read.

If you have an issue with faulty tires, you have to deal directly with the
tire manufacturer's dealer or service center.

Just ask anyone who had issues with Firestone.

As for software updates, I believe it should fall on the OS vendor to
provide security patches if they included the software originally.
0 Votes
+ -
Heh, the trouble with car analogies...
Zogg Updated - 14th Jan 2010
...is that cars are not PCs wink.

"As for software updates, I believe it should fall on the OS vendor to provide security patches if they included the software originally."

No argument there.
0 Votes
+ -
But M$ included it
Wintel BSOD 13th Jan 2010
So as much as you'd like, that still doesn't let them off the hook...
0 Votes
+ -
And amazingly...
Wolfie2K3 13th Jan 2010
...They (Microsoft) have a patch for Flash 6. I downloaded it on a box I was rebuilding last night.

How hard is it, really, to navigate to www.adobe.com and grab the latest version anyhow?
0 Votes
+ -
It probably depends if you know you've got it installed.
Zogg Updated - 13th Jan 2010
"How hard is it, really, to navigate to www.adobe.com and grab the latest version anyhow?"

If Flash 6 was pre-installed with XP then its highly likely that a lot of people don't even know they're running it. Hence the need for an automated solution.
0 Votes
+ -
And who does Adobe cater to?
Wintel BSOD 13th Jan 2010
WINDOZE!!
0 Votes
+ -
RE: Attention Windows XP users: Update Flash Player now
Gis Bun 13th Jan 2010
First, I think very few people would even be using the original Flash that came with Win XP. It doesn't have the features that version 10 has. I just built a new system with XP on it. First thing I do is installed Flash 10.

Even the typical novice user probably has version 10 [or maybe 9] installed. You can't go into YouTube and other site without it.

Including third party apps was a mistake by Microsoft. There was already a security update released to fix this issue a while back.
0 Votes
+ -
Update Flash Player
pierce113 13th Jan 2010
There is likely nobody who applies patches and updates as they are announced who would not have the current version. I only update when it is required by a program is patched.

So I found by checking I did have version 10.0.42.34. and it has been so for long enough for me to say I can no longer recall when I did update it.

This is not a new patched version it is old news I fail to see the advice as being valid.

I am disappointed to find I checked for no good reason my Flash Player version.
0 Votes
+ -
RE: Attention Windows XP users: Update Flash Player now
Doug_I 13th Jan 2010
I have Win XP and went to the "get flash player" link on this page.......
And as Carlos so accurately puts it DDD
I came to a page that said only this..

Flash Player not available for your device

Sorry, Adobe Flash Player is not available from Adobe.com for your device's operating system or browser.
0 Votes
+ -
RE: Attention Windows XP users: Update Flash Player now
cutting@... 13th Jan 2010
BHOO! Slow news day for Ryan. Calling out a flaw from 2006? My GOD better recommend an upgrade from IE 5.0 also.
0 Votes
+ -
nt
raynebc@... 13th Jan 2010
Microsoft published the advisory yesterday. That's what this thread is about.
0 Votes
+ -
What about Windows ME
anogee 13th Jan 2010
Should I update the player that came on my Windows ME machine as well?
0 Votes
+ -
RE: What about Windows ME
ep-man 15th Jan 2010
Of course you should update your flash player that came pre-installed with WinME, anogee. Why are you still using such a lame excuse of a Windows OS like that? Windows ME has been obsolete for almost four years and almost nobody uses it anymore.

Since Flash Player 10 won't work with Windows ME, get Flash Player 9.0.260.0 from here:
http://kb2.adobe.com/cps/406/kb406791.html
0 Votes
+ -
RE: Attention Windows XP users: Update Flash Player now
arthurehrlich@... 13th Jan 2010
This is a joke, right?

Tell me you are not using Windows ME.
0 Votes
+ -
Yes...he WAS joking.
Lovs2look 13th Jan 2010
We seriously need a sarcasm font...
0 Votes
+ -
Wintel BSOD 13th Jan 2010
-
0 Votes
+ -
RE: Attention Windows XP users: Update Flash Player now
tonybishop 13th Jan 2010
just explain how "greed and incompetence" is relevant to
MS including a third party plugin - to enable the
majority of modern websites to work - in one of their
OSs?
0 Votes
+ -
RE: Attention Windows XP users: Update Flash Player now
efsane Updated - 8th Apr 2011
Well done! Thank you very much for professional templates and community edition
sesli sohbet sesli chat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix