Days after Macromedia posted fixes to its Flash player, Microsoft late Wednesday posted a security advisory directing users of its Windows XP, XP SP2, 95, 98, and Me to the third-party patches.
"Microsoft recommends that customers who use Macromedia Flash Player follow the guidance documented in Macromedia’s Security Bulletin to help protect themselves," a Microsoft spokesperson said in an e-mail to TechWeb.
The advisory was called for, the spokesperson said, because Flash is re-distributed by Microsoft in several of those operating systems. The flaw in Flash, made public by eEye Digital Security last week, can be used by attackers to grab control of a PC running the player.
The advisory also listed several workarounds that can be applied in lieu of patching; these range from preventing the Flash ActiveX control from running in Internet Explorer to removing the player.
Microsoft occasionally rolls out security advisories on vulnerability issues with its own software, but this is the first that details problems with a third-party program.