They aren’t talking about operating systems. They are speaking to users of Windows XP, because it came with a version of Adobe Flash (wasn’t it called Macromedia Flash back then?) that is very easily targeted, and apparently there are reports of the attack on Windows XP machines by this method.
Microsoft today confirmed that the version of Flash bundled with Windows XP contains multiple bugs, and urged customers to upgrade to a newer edition of the multimedia player plug-in.
In a security advisory issued alongside a one-patch update for the month, Microsoft acknowledged that Flash Player 6 contains numerous vulnerabilities. Flash Player 6 is the version of Adobe’s software that Microsoft includes in Windows XP, even in the copies it continues to sell to computer makers, who offer the eight-year-old operating system on netbooks, notebooks and some desktop PCs.
Adobe discontinued security support for Flash Player 6 in 2006.
“The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page,” Microsoft said in its advisory. “Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.”
Only Windows XP is affected by Microsoft’s old Flash Player gaffe. Newer versions of Windows include newer editions of Flash Player.
Microsoft recommended that users either uninstall Flash Player 6 on Windows XP — a move that could cripple browsing, since much of the content on the Web is Flash-based — or update to a new version of Flash.
The current version of Flash Player is 10.0.42.34, which can be downloaded from Adobe’s site.
Windows XP users who have regularly updated Flash Player on their PCs have little or nothing to worry about. Users can find out what version of Flash they’re using by heading to this Adobe detection page.
I know my machines on XP are already updated to version 10, though perhaps not the very latest subversion. I upgraded because other programs let me know that I needed to upgrade, because they did not work properly.
However, if more people were using inspection software, such as Secunia Personal Software Inspector, they would have been notified quite some time ago. Secunia PSI is very unobtrusive, uses very little memory unless is is evaluating the system, which can be set by the user, and most likely has saved me a few times. I know that it let me know that I needed to upgrade to Flash 10 when I was running Flash 9. (So I had already escaped any problem with the original Flash – you could avoid trouble too!)
Quote of the day:
To see what is in front of one’s nose needs a constant struggle.
– George Orwell