Microsoft published a security bulletin for Flash 6 which is included in Windows XP. MSKB 979267 recommends removing Flash 6 and installing the latest version of Flash from Adobe.
Maybe its just me, but I think since Microsoft included Flash 6 in the default XP install, shouldn’t they be responsible for patching it? Flash should be part of Microsoft Update.
Fortunately Flash 6 is ancient. I believe a lot of Flash content will prompt you to upgrade to Flash 8 or 9 rather than allow you to use such an old version. Even so, a lot of vulnerable Flash remains.
Related posts:


Yes, absolutely!
Microsoft should be responsible for patching it. Dang Microsoft.
This install is why e.g. Secunia has to search all of your windows folder to find older/vulnerable flash files, it is not a ‘proper’ flash install. Microsoft should not include such programs with their OS. I can see including device drivers for 3rd party hardware, but including 3rd party runtimes? I’ve installed XP a million times and I’ve never seen that Flash was included.
MS should issue a remover via windows update. They remove other 3rd party programs — ok, mostly viruses — with their monthly releases.