Microsoft today confirmed that the version of Flash bundled with Windows XP contains multiple bugs, and urged customers to upgrade to a newer edition of the multimedia player plug-in.
In a security advisory issued alongside a one-patch update for the month, Microsoft acknowledged that Flash Player 6 contains numerous vulnerabilities. Flash Player 6 is the version of Adobe's software that Microsoft includes in Windows XP, even in the copies it continues to sell to computer makers, who offer the eight-year-old operating system on netbooks, notebooks and some desktop PCs.
Adobe discontinued security support for Flash Player 6 in 2006.
"The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page," Microsoft said in its advisory. "Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe."
Only Windows XP is affected by Microsoft's old Flash Player gaffe. Newer versions of Windows include newer editions of Flash Player.
Microsoft recommended that users either uninstall Flash Player 6 on Windows XP -- a move that could cripple browsing, since much of the content on the Web is Flash-based -- or update to a new version of Flash.
The current version of Flash Player is 10.0.42.34, which can be downloaded from Adobe's site .
Windows XP users who have regularly updated Flash Player on their PCs have little or nothing to worry about. Users can find out what version of Flash they're using by heading to this Adobe detection page .
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer , send e-mail to firstname.lastname@example.org or subscribe to Gregg's RSS feed .
This story, "Microsoft Prods XP Users to Upgrade Flash Player" was originally published by Computerworld.