Flash Player 32 Bits Pour Windows 7
Giorgina Calvello
Caveats: This bulletin is for customers using Macromedia Flash Player from Adobe version 6 or earlier. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
Vulnerable versions of Macromedia Flash Player from Adobe are included with Windows XP, Windows XP Professional x64 Edition, and Internet Explorer 6 Service Pack 1 when installed on Windows ME, Windows 98, and Windows 98 Second Edition. Other versions of Windows are not affected or not supported by this security update. Customers with Flash Player installed on other versions of the operating system or customers who have upgraded to Flash Player 7 or higher are encouraged to follow the guidance in the Adobe Security Bulletin APSB06-03.
Microsoft Knowledge Base Article 913433 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 913433.
Note: Flash Player does not ship with the versions of Microsoft Windows in the not affected software list. Customers who have installed Flash Player on these versions of Windows are encouraged to follow the guidance in the Adobe Security Bulletin ASPB06-03.
The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.
This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Note [1]: Flash Player does not ship with Microsoft Windows 2000 Service Pack 4, Windows Server 2003 and Windows Server 2003 Service Pack 1. Customers who have installed Flash Player on these versions of Windows are encouraged to follow the guidance in the Adobe Security Bulletin ASPB06-03.
Yes. Some versions of Flash Player have been redistributed by Microsoft. The supported versions of Windows that redistribute Flash Player are Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP Professional x64 Edition, Windows 98, Windows 98 Second Edition and Windows Millennium Edition. No other supported versions of Windows redistribute Flash Player. Other software applications from Microsoft may also redistribute Flash Player.
Note: If both flash.ocx and swflash.ocx are present on the system then the GUID used to instantiate the Flash Player should be registered to flash.ocx. Regardless of this, the security update will register the GUID to the new flash.ocx that is installed.
I use a version of Windows that is not listed in this table. Might I still have the Flash Player installed on my system?
Yes. Flash Player is available for download from Adobe Systems, Inc. (formerly Macromedia, Inc). Flash Player also may have been installed or required by another software application. You can determine whether you have Flash Player installed and if so what version by visiting the following Adobe Web site. If you have a version of Flash Player earlier than 7.0.63.0 or 8.0.24.0 you have a version that may be affected by the reported vulnerabilities.
How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems?
Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period. For more information about the Microsoft Support Lifecycle policies for these operating systems, visit the following Web site.
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by this vulnerability. The security updates for Flash Player 5.x and 6.x are available for download only from the Windows Update Web site. Visit the Adobe website for updates to Flash Player 7 and higher. For more information about severity ratings, visit the following Web site.
Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows 2000 Service Pack 2, and Windows 2000 Service Pack 3 have reached the end of their life cycles. It should be a priority for customers who have these operating system versions to migrate to supported versions to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit the following Microsoft Support Lifecycle Web site. For more information about the extended security update support period for these operating system versions, visit the Microsoft Product Support Services Web site.
Customers who require additional support for Windows NT 4.0 SP6a and Windows 2000 Service Pack 3 must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager.
Can I use the Microsoft Baseline Security Analyzer (MBSA) 1.2.1 to determine whether this update is required?
No. MBSA 1.2.1 will not determine whether this update is required. MBSA 1.2.1 will only determine if an update is required for products that MBSA 1.2.1 supports. MBSA 1.2.1 does not support the detection of Flash Player. For more information about MBSA, visit the MBSA Web site. For more information about the programs that MBSA 1.2.1 currently does not detect, see Microsoft Knowledge Base Article 306460. However, Microsoft has developed a version of the Enterprise Update Scanning Tool (EST) that will help customers determine if the security updates provided in this security bulletin are required. See the "Can I use a version of the Enterprise Update Scanning Tool (EST) to determine whether this update is required?" FAQ for more information about this tool.
What is the Enterprise Update Scanning Tool (EST)?
As part of an ongoing commitment to provide detection tools for bulletin-class security updates, Microsoft delivers a stand-alone detection tool whenever the Microsoft Baseline Security Analyzer (MBSA) and the Office Detection Tool (ODT) cannot detect whether the update is required for an MSRC release cycle. This stand-alone tool is called the Enterprise Update Scanning Tool (EST) and is designed for enterprise administrators. When a version of the Enterprise Update Scanning Tool is created for a specific bulletin, customers can run the tool from a command line interface (CLI) and view the results of the XML output file. To help customers better utilize the tool, detailed documentation will be provided with the tool. There is also a version of the tool that offers an integrated experience for SMS administrators.
Can I use a version of the Enterprise Update Scanning Tool (EST) to determine whether this update is required?
Yes. Microsoft has created a version of the EST that will determine if you have to apply this update. For download links and more information about the version of the EST that is being released this month, see the following Microsoft Web site. SMS customers should review the "Can I use Systems Management Server (SMS) to determine whether this update is required? " FAQ for more information about SMS and EST.
Can I use the Microsoft Baseline Security Analyzer (MBSA) 2.0 to determine whether this update is required?
Yes. MBSA 2.0 will determine whether this update is required. MBSA 2.0 can detect security updates for products that Microsoft Update supports. For more information about MBSA, visit the MBSA Web site.
The SMS SUS Feature Pack, which includes the Security Update Inventory Tool (SUIT), can be used by SMS for detecting security updates. SMS SUIT uses the MBSA 1.2.1 engine for detection; therefore, SMS SUIT has the same limitation listed earlier in this bulletin related to applications that MBSA does not detect.
For more information about the Security Update Inventory Tool, see the following Microsoft Web site. For more information about the limitations of the Security Update Inventory Tool, see Microsoft Knowledge Base Article 306460.
The SMS 2003 Inventory Tool for Microsoft Updates can be used by SMS for detecting security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 Inventory Tool for Microsoft Updates, see the following Microsoft Web site.
d3342ee215