Adobe, Microsoft warn of old Flash Player danger

Stephen Withers
Wednesday, 13 January 2010 02:23

Business IT - Security

Microsoft and Adobe have reminded their customers of the need to remove or replace an old version of Flash Player that shipped with Windows XP.

Windows XP shipped with Flash Player 6, which hasn't been supported since 2006. Consequently, there are known vulnerabilities in the player that remain unpatched unless a later major version of Flash Player has been installed.

It appears that there is a significant number of outdated versions of Flash Player still on XP systems, and that security researchers are still finding new vulnerabilities in the old software.

Although vendors are generally only concerned with versions that are still being supported, researchers may take the trouble to see whether their discoveries also affect old versions.

Microsoft has issued a security advisory recommending that XP users uninstall Flash Player 6 and/or install the current version, noting "Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe."

David Lenoe of Adobe's product security incident response team said "Adobe recommends that users follow security best practices by updating to the latest, most secure version of Adobe Flash Player (currently version 10.0.42.34)".