January 12, 2010, 6:39 PM — If you're still running Windows 2000, then you need to update your PC or server right now with the latest Microsoft patch. That was it. The Windows problem this patch fixes exists in other versions of Windows, but there it can't do much harm. But, at the same time, Microsoft admitted that the version of Adobe Flash they've been shipping with XP until recently is hopelessly outdated and is totally insecure.
Really? Adobe Flash 6, circa 2002, which Adobe hasn't supported in years, isn't safe? Who knew!?
How dumb can Microsoft be? You and I might have immediately updated our copy of Flash to the latest version -- Flash Player 10.x. But how many of the people who would have picked up a new XP computer in the last few years are likely to assume that software that came with their 'new' operating system was dangerously obsolete? I'd bet that a lot of them, especially those with new netbooks with XP Home, haven't even thought about updating Flash.
Amazing. Well, a few years late, Microsoft is now telling us that "Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe." You think!
None-the-less, Microsoft will admit that "The Adobe Flash Player 6 … provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe."
No word yet on if Microsoft will update the copy of Flash that it's still shipping with XP.
Of course, Adobe software has its own share of security problems. The company has several major security problems with Adobe Reader and Acrobat.