Microsoft published a security bulletin for Flash 6 which is included in Windows XP. MSKB 979267 recommends removing Flash 6 and installing the latest version of Flash from Adobe.
Maybe its just me, but I think since Microsoft included Flash 6 in the default XP install, shouldn't they be responsible for patching it? Flash should be part of Microsoft Update.
Fortunately Flash 6 is ancient. I believe a lot of Flash content will prompt you to upgrade to Flash 8 or 9 rather than allow you to use such an old version. Even so, a lot of vulnerable Flash remains.
Yes, absolutely!
Microsoft should be responsible for patching it. Dang Microsoft.
This install is why e.g. Secunia has to search all of your windows folder to find older/vulnerable flash files, it is not a 'proper' flash install. Microsoft should not include such programs with their OS. I can see including device drivers for 3rd party hardware, but including 3rd party runtimes? I've installed XP a million times and I've never seen that Flash was included.
MS should issue a remover via windows update. They remove other 3rd party programs -- ok, mostly viruses -- with their monthly releases.