Microsoft is apparently sick of the old versions of Flash, so they released Security Advisory (979267). Apparently this is part of the stem of the cause of the Remote Code Execution bug, and they want users to drop version 6 of flash as quickly as possible. Why people wouldn’t have upgraded already is way beyond me, but since Microsoft had to release such a thing can only mean one thing, people use it.
Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe.
The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.
Right now we are on version 10.0.42.34 of Adobe Flash, so being a whole 6 full releases out of date is quite stunning.
What is the scope of the advisory?
Microsoft is aware of vulnerability reports affecting Adobe Flash Player 6 provided in supported editions of Windows XP listed in the Affected Software section. This is an advisory to notify users to remove Adobe Flash Player 6 on Windows XP systems and/or to install the most current version of Flash Player available from Adobe.What is Adobe Flash Player?
Adobe Flash Player is a lightweight browser plug-in and runtime that delivers interactive content, video, and applications across operating systems and browsers. For more information on Adobe Flash Player, visit Adobe Flash Player Home.What causes this threat?
Multiple vulnerabilities exist in Adobe Flash Player 6 provided in Windows XP when used in a Web browsing scenario. An attacker who exploits these vulnerabilities could execute code on the affected system.How could an attacker exploit the vulnerability?
An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker’s Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.How do I remove Adobe Flash Player 6?
There are multiple ways to remove Adobe Flash Player 6 on Windows XP systems. For directions on the manual steps required to remove Adobe Flash Player 6, see How to remove the Flash Player ActiveX control. Adobe also provides an uninstaller tool that removes Adobe Flash Player. For more information on the uninstaller tool, see How to uninstall the Adobe Flash Player plug-in and ActiveX control.Note The uninstaller tool removes all versions of Adobe Flash Player and is not specific to Adobe Flash Player 6.
How do I install the latest version of Adobe Flash Player?
To install the most current version of Adobe Flash Player, see Install Adobe Flash Player.
[via TechNet]
