Microsoft published a security bulletin for Flash 6 which is included in Windows XP. MSKB 979267 recommends removing Flash 6 and installing the latest version of Flash from Adobe.
Maybe its just me, but I think since Microsoft included Flash 6 in the default XP install, shouldn’t they be responsible for patching it? Flash should be part of Microsoft Update.
Fortunately Flash 6 is ancient. I believe a lot of Flash content will prompt you to upgrade to Flash 8 or 9 rather than allow you to use such an old version. Even so, a lot of vulnerable Flash remains.