Microsoft has had it with old versions of Adobe Flash and has issued Security Advisory 979267 to urge users to either uninstall old versions, or upgrade to the latest. More specifically, the software giant is asking users ditch Flash Player 6.0 as the multimedia player plugin contains multiple bugs. Microsoft rarely issues security advisories on third-party products, but since this version of Flash originally came bundled with Windows XP, Microsoft feels it needs to warn its users. Adobe discontinued security support for Flash Player 6.0 in 2006; the current version is Flash 10.0.42.34.The advisory outlines Microsoft’s stance very clearly, making sure to emphasize that the vulnerabilities only occur with the combination of the old version of Flash and old version of Windows other supported versions of Windows do not include the Flash. “The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.” The good news is that the advisory says Microsoft is “not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.”The security advisory was posted on Patch Tuesday, the same day Microsoft releases security patches for all of its software for the month. This month though, the company only posted a single bulletin, Microsoft Security Bulletin MS10-001. It affects all supported versions of Windows, but is only rated as “Critical” for Windows 2000, and “Low” for all later versions. As a result, the Adobe Flash flaw is slightly more serious and should take priority.
Posted on January 16, 2010 by wjimenez275