SUMware
Premium
join:2002-05-21
1 edit | reply to bcastner
Re: After XP SP3 Install - Check Flash Player Version
Guess I'm confused...
From »www.microsoft.com/technet/securi···069.mspx
said by Microsoft :
Vulnerable versions of Macromedia Flash Player from Adobe are redistributed with Microsoft Windows XP Service Pack 2, Microsoft Windows XP Service Pack 3, and Microsoft Windows XP Professional x64 Edition.
Why was this Bulletin revised on May 13, 2008?
This bulletin was revised to add Windows XP Service Pack 3 as affected software. This is a detection update only. There were no changes to the binaries, since the same update for Windows XP Service Pack 2 and Windows XP Professional x64 Edition applies to Windows XP Service Pack 3. Customers with Windows XP Service Pack 2 and Windows XP Professional x64 Edition who have already installed the security update will not need to reinstall the update. Customers with Windows XP Service Pack 3 should apply the update immediately.
According to MS this seems to indicate that SP3 shipped with vulnerable Flash6.ocx files (6.0.79 or 6.0.88 ?) that removed, then replaced, the user's file. Thus after installing SP3 users need to apply the update.
Or am I interpreting this incorrectly?
Here's Donna Buenaventura main site to check for applicable updated information.
Edit: ocx file not needed. I think that I'm getting it now. Thanks Bill. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
1 edit | It does not remove or replace anything. That was the original guess being made, and it is the factual point in error about this issue.
XP SP3 does nothing to the Flash status as existed prior to its installation. It ensures that the Flash status, at least the portion that was in the SP2 distribution, is as it was for SP2. However, it will not effect a computer with a Flash update. It will not add anything that SP2 did not. It will not expose a vulenerability because there is an older version of Flash.ocx available; the issue is not unique to XP SP3 -- if there has been no updates to the computer since SP2 -- including the Hotfix above, your risk exposure is identical to the state of your system prior to installing XP SP3. And if you have updated Flash, it does not change the risk exposure by installation. Previous OCX versions are not callable under Flash if later versions are installed.
Let's not invent a vulnerability where non exists. Let's use this as a useful reminder for those who do not update Flash, or do not wish to use it, to take steps -- the Hotfix, the uninstaller from Adobe, or turning it OFF formally -- to make sure their systems are secure. But no additional securiy surface in regards to Flash is exposed by the XP SP3 installation. The Hotfix notes quoted above were the same as issued with XP SP2; revised only to suggest that if you have done nothing -- no Hotfix, no Flash Update -- then the same warning applies as it did several years ago.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
SUMware
Premium
join:2002-05-21
1 edit | Right, understand it now! Thanks again. |
|
