main

Microsoft urges users to update Flash Player

Express   on 12 November 2005 - 16:54 · 42 comments & 10147 views

Advertisement (Why?)
In an unprecedented move, Microsoft has issued a critical advisory urging users to apply a critical update from Flash Player update from Macromedia.

The vulnerability first reported by eEye Digital Security and Sec Consult, can allow malicious parties to inject unauthorized code, using invalid array indexes, to be executed by Flash Player. This vulnerability is browser independent. Users who have already upgraded to Flash Player 8 are not affected by this issue. Macromedia recommends all Flash Player 7 and earlier users upgrade to this new version, which can be downloaded from the Macromedia Player Download Center.

Several forums including Neowin.net allow users to add flash files in their avatars or signatures. Therefore the impact of this issue is far reaching.

News source: Microsoft Security Advisory (910550)
Download: Macromedia Player Download Center


Breplibot.b is a file 10240 bytes in size, packed using UPX. When launching, the backdoor copies itself to the Windows system directory as $SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit technology to be used to hide the activity of the malicious program. Of course, the backdoor's activity will only be hidden if DRM protection, as used on some Sony Audio CDs, functions on the victim machine.

As usual, Kaspersky Lab warns users to be careful, and not to open email from unknown senders, or open attachments to suspicious messages.

Post a comment · Send to friend Comments · There are 42 additional comments
#1 CDog on 12 Nov 2005 - 17:17
Well, Microsoft want to protect their customers is all. Flash has wide spread user base it's not supprising Microsoft want to tout this third party security issue.
(2 replies) #2 Airlink on 12 Nov 2005 - 17:51

Wow. When did Microsoft become Macromedia's mouthpeice?
#2.1 bucko on 12 Nov 2005 - 17:56
Adobe bought Macromedia btw.
#2.2 configure on 12 Nov 2005 - 18:04
QUOTE
When did Microsoft become Macromedia's mouthpeice?

Since they started to bundle Flash with Windows. This is for the benefit of customers that uses Windows at home or deployed it in the large scale.
#3 MGS3-SS on 12 Nov 2005 - 17:56
Hell just froze.
#4 ChaosBlade on 12 Nov 2005 - 18:02
Its nice to see just how much MS is becoming dedicated with security.
(6 replies) #5 figgy on 12 Nov 2005 - 18:10
This is the very reason I disable singature display on Neowin and other forums.
#5.1 netizen on 12 Nov 2005 - 18:35
You mean you know about this vuln all along and you didn't tell anyone?!?
#5.2 el22 on 12 Nov 2005 - 18:57
This very reason?
#5.3 Jugalator on 12 Nov 2005 - 19:50
I disable them just because everyone seem to think they're the l337 artists and then putting up those 500x150 sigs or whatever it can be. It's like banners, but advertisement for people instead of products. Yuck.
#5.4 mko on 13 Nov 2005 - 03:57
not to mention a waste of time waiting for images to load while all I'm here for is reading what people write.
#5.5 theyarecomingforyou on 13 Nov 2005 - 10:19
I leave sigs on as they add character and allow me to more quickly recognise who is posting.
#5.6 matt74441 on 13 Nov 2005 - 14:07
Really? I think a person's avatar identifies the poster, which is why I haven't changed mine in over a year.
#6 Julius Caro on 12 Nov 2005 - 18:34
I'm not surprised they are advising to upgrade an application that is not Microsoft's...
but they seem more focused in security, anyway.

Remember Microsost uses and have been using Macromedia Flash for years, and I think it's bundled with windows too.
(2 replies) #7 el22 on 12 Nov 2005 - 18:57
And while we are at it, the install base of Flash Player gets upgraded to the new version 8, which is a good thing
#7.1 em_te on 12 Nov 2005 - 19:08
Unless, of course, if Flash 8 includes DRM that curtails our freedoms. Not that it does, but I'm using the analogy to warn others against similar situations. That is, selling DRM by piggybacking it on the fear of security.
#7.2 Jugalator on 12 Nov 2005 - 19:55
DRM support doesn't curtail freedom; using DRM'ed media does. Just because a software supports DRM doesn't change anything, and I prefer to blame companies delivering DRM content rather than software simply supporting it.
(2 replies) #8 soldier1st on 12 Nov 2005 - 19:08
flash and shockwave have beeen bundled with windows since the win9x days(they are old versions afterall)i recall removing the old versions and installing the new versions.
#8.1 em_te on 12 Nov 2005 - 19:09
Q: Do I have to uninstall 7 before installing 8? How do I do that?
#8.2 D.S.M on 12 Nov 2005 - 19:26
No you don't need to unistall just go to the website and you can Download the latest version (automatic detects your version and update to the newest version)
#9 hotdog963al on 12 Nov 2005 - 19:22
Good. this means we can make sites in Flash 8 now, and not have to worry as much about backwards compatability because of all the security conscious updaters from 7 -> 8.
(2 replies) #10 thechitowncubs on 12 Nov 2005 - 19:40
I use linux, does this have any effect on it?
#10.1 mr_demilord on 12 Nov 2005 - 21:35
no
#10.2 Express on 12 Nov 2005 - 22:16
Linux and Solaris are effected too.
Updates are available for these Operating systems too.
#11 drG on 12 Nov 2005 - 19:49

If you want to stick with flash 7 you can pick up updated versions for ie & firefox from: http://www.macromedia.com/go/d9c2fe33
(3 replies) #12 mr_da3m0n on 12 Nov 2005 - 19:58
Yeah, what about Linux? We were still stuck at Flash 7, last time I checked. And some platforms are even worse off than that...
#12.1 mr_demilord on 12 Nov 2005 - 21:36
flash 7 is not affected
#12.2 Jeremy1 on 12 Nov 2005 - 23:25
Flash 7 IS affected. Flash 8 is not.
#12.3 mr_demilord on 13 Nov 2005 - 09:35
There is no version 8 for linux, I have updates 7 now BTW I have flashblock so I will wait for version 8 to come out for Linux
#13 exobot on 12 Nov 2005 - 23:48
PoC of ActionDefineFunction Memory Access Vulnerability available at: http://www.securityfocus.com/bid/15334/exploit , eEye claims they having working exploit code for Array Index Memory Access Vulnerability, strange how they released one yet not the other.
#14 Lasker on 13 Nov 2005 - 01:06
I have installed flash 8.5 alpha
(1 reply) #15 J_R_G on 13 Nov 2005 - 01:13
I went to the site it says flash is installed, how do I verify it's version 8 that's installed. XP here.
#15.1 J_R_G on 13 Nov 2005 - 01:19
Ok, it tells you what version you have in add/remove programs ctrl panel applet.
#16 tehcod3r on 13 Nov 2005 - 03:30
I have flash 8 installed on my computer, that includes flash player right?
(4 replies) #17 ynohtna on 13 Nov 2005 - 04:40
flash 8 breaks with adblock extension on firefox.... unless they have addressed that somewhere.
#17.1 Ryan92 on 13 Nov 2005 - 04:55
Adblock Plus 0.5.10+ (Unoffical) resolves that problem....
http://forums.mozillazine.org/viewtopic.php?t=266291
#17.2 ynohtna on 13 Nov 2005 - 07:09
sweet thanks.
#17.3 ynohtna on 13 Nov 2005 - 07:29
weird now flash doesn't install... it goes for a bit and then nothing happens.
#17.4 Kushan on 14 Nov 2005 - 23:50
There's a fix for the official adblock on their forums
#18 Blaz0r on 13 Nov 2005 - 13:13
Just disable/uninstall the Flash-plugin. It's used only for (annoying, might I add) ads anyway, it's not like you're going to miss anything.
#19 Gowcra on 13 Nov 2005 - 13:30
me disabled sigs from the moment i signed up at neowin. Couldnt care less tbh.
#20 DiZZySpOOn on 14 Nov 2005 - 11:05
I'm gonna shock you here.... but other parts of the web use flash, not just Neowin sigs.

Amazing I know...

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)