SUMware
Premium
join:2002-05-21
1 edit | After XP SP3 Install - Check Flash Player Version
From Donna's SecurityFlash
June 01, 2008 - said by Donna :
One of my co-admin at Calendar of Updates forum is reporting that the Windows XP SP3 replaced the up-to-date flash.ocx (this is Flash Player's file and is located in C:\Windows\System32\Macromed\flash.ocx) with older version which is v6.
Users should make sure that their flash.ocx is the current version. You can run Secunia Software Inspector online or using the Secunia PSI to check what version of flash.ocx you got AFTER you've installed XP SP3.
You can also try to determine what version of Flash Player you have by going to "About Flash Player". You should see:
You have version 9,0,124,0 installed (this is currently the lastest version of Flash Player).
You can right-click also the flash.ocx located in System32\Macromed folder and check what version you got after installing SP3 of XP.
|
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
 ·AT&T Midwest
·AT&T Midwest
| I have this version installed 10,0,1,218 now what? |
|
SUMware
Premium
join:2002-05-21 | Looks like you are running a beta version. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
·Verizon Online DSL
2 edits | reply to SUMware
This is a non-issue, as Donna Buenaventura now recognizes. The older Flash module was included in SP2 as well. It is not registered, and cannot be called by a Flash application. Only your installed (newer) version is a registered and active component.
This is not a parallel case to older and vulnerable Sun Java versions, where older and vulnerable versions were still available for exploit. |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| reply to SUMware
said by SUMware  :Looks like you are running a beta version. I knew that. 
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to bcastner
said by bcastner : It is not registered, and cannot be called by a Flash application. Only your installed (newer) version is a registered and active component. Can then flash.ocx simply be deleted, as there is no need for it?
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
SUMware
Premium
join:2002-05-21
| reply to bcastner
Thank you for the information.
said by bcastner :This is a non-issue, as Donna Buenaventura now recognizes. Can you post a link to this... can't seem to find it. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
3 edits | From discussions with her on a listsrerv over the weekend.
If you have updated Flash, there is no issue -- though make sure you have updated to the very latest verion of Flash 9.
If you do not have any Flash Update, then apply this Hotfix:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
Published: November 14, 2006 | Updated: May 13, 2008
»www.microsoft.com/technet/securi···069.mspx
Or, turn Flash Off: »msmvps.com/blogs/harrywaldron/ar···e-8.aspx
Or, delete the flash.ocx file: »kb.adobe.com/selfservice/viewCon···liceId=2
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
almex
Premium
join:2001-09-18
Henderson, NV
clubs: | reply to SUMware
Not to sound terribly paranoid, but why is a Microsoft update messing with Macromedia/Adobe files in the first place?
--
"Careful, we don't want to learn from this!" --Calvin & Hobbes |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas | reply to SUMware
I have 9,0,124 on a fresh install  |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | reply to almex
MS is not messing anything, that flash.ocx has no effect and can be removed. See bcastner 1st reply
Cudni |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
| reply to almex
It not messing with anything that it does not have a valid license for, and for which it has distributed since SP2. At the time Macromedia was anxious to move everyone behind Flash and away from earlier methods to show this type of content.
It is a non-issue if you have updated Flash. If you have not updated flash, see the Hotfix link earlier; or update Flash; or Uninstall it. |
|
SUMware
Premium
join:2002-05-21
1 edit | reply to bcastner
Guess I'm confused...
From »www.microsoft.com/technet/securi···069.mspx
said by Microsoft :
Vulnerable versions of Macromedia Flash Player from Adobe are redistributed with Microsoft Windows XP Service Pack 2, Microsoft Windows XP Service Pack 3, and Microsoft Windows XP Professional x64 Edition.
Why was this Bulletin revised on May 13, 2008?
This bulletin was revised to add Windows XP Service Pack 3 as affected software. This is a detection update only. There were no changes to the binaries, since the same update for Windows XP Service Pack 2 and Windows XP Professional x64 Edition applies to Windows XP Service Pack 3. Customers with Windows XP Service Pack 2 and Windows XP Professional x64 Edition who have already installed the security update will not need to reinstall the update. Customers with Windows XP Service Pack 3 should apply the update immediately.
According to MS this seems to indicate that SP3 shipped with vulnerable Flash6.ocx files (6.0.79 or 6.0.88 ?) that removed, then replaced, the user's file. Thus after installing SP3 users need to apply the update.
Or am I interpreting this incorrectly?
Here's Donna Buenaventura main site to check for applicable updated information.
Edit: ocx file not needed. I think that I'm getting it now. Thanks Bill. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL
1 edit | It does not remove or replace anything. That was the original guess being made, and it is the factual point in error about this issue.
XP SP3 does nothing to the Flash status as existed prior to its installation. It ensures that the Flash status, at least the portion that was in the SP2 distribution, is as it was for SP2. However, it will not effect a computer with a Flash update. It will not add anything that SP2 did not. It will not expose a vulenerability because there is an older version of Flash.ocx available; the issue is not unique to XP SP3 -- if there has been no updates to the computer since SP2 -- including the Hotfix above, your risk exposure is identical to the state of your system prior to installing XP SP3. And if you have updated Flash, it does not change the risk exposure by installation. Previous OCX versions are not callable under Flash if later versions are installed.
Let's not invent a vulnerability where non exists. Let's use this as a useful reminder for those who do not update Flash, or do not wish to use it, to take steps -- the Hotfix, the uninstaller from Adobe, or turning it OFF formally -- to make sure their systems are secure. But no additional securiy surface in regards to Flash is exposed by the XP SP3 installation. The Hotfix notes quoted above were the same as issued with XP SP2; revised only to suggest that if you have done nothing -- no Hotfix, no Flash Update -- then the same warning applies as it did several years ago.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
SUMware
Premium
join:2002-05-21
1 edit | Right, understand it now! Thanks again. |
|
