We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Microsoft opens up on XP SP3 Flash 'bug'

Some XP users require Microsoft security update

Microsoft has finally broken its silence over concerns from users that Windows XP Service Pack 3 (SP3) may be vulnerable to online attacks by revealing which XP users need to upgrade their Adobe Flash Player software.

The confusion started on Monday, when the Internet Storm Center pointed out that Microsoft had quietly noted that the recent XP SP3 was vulnerable to five Flash bugs patched in November 2006. Some took this to mean that if an XP system was updated to SP3, it would somehow wind up with an older, buggy, version of the Flash Player.

Click here for Computex 2008 breaking news

Microsoft originally declined to comment on the matter, but on Tuesday it reconsidered and said that this is not the case.

"Microsoft does not ship any version of Flash in the Windows XP Service Pack 3 update that customers use to update existing SP2 machines," the company said.

Windows XP SP3 review

However some people who build new XP systems using SP3 will need to update their software. "A new system built using a copy of Windows XP with SP3 integrated will install the original Flash 6 that shipped with Windows XP Gold and will need MS06-069 installed from Windows Update," Microsoft said.

They should, however, be running the latest version of the player, 9.0.124.0, which includes bug fixes that protect against an attack currently being used by criminals.

Just last week Symantec mistakenly reported that attackers had discovered an unpatched zero-day flaw in the Flash Player. The bug turned out to be something patched in April, but nevertheless, it is being exploited in a fairly widespread attack, so having a vulnerable version of Flash is a dangerous proposition.

But that incident, combined with Microsoft's initial silence on the XP SP 3 issue, has made things tough for Windows users, said Susan Bradley, a Windows blogger who is chief technology officer with Tamiyasu, Smith, Horn and Braun, Accountancy Corp. "It is very confusing," she said. "First we were really freaking out because we thought we had a zero-day," she said, "Now we've got this bulletin that says if you apply this, you're [in trouble]."

Users can find out if their PCs are running the latest version of the player by checking with the Adobe website.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made