# Security Risks from unpatched media players...Are you at Risk?



## Geekgirl

Are you facing security risks, not from flaws in Windows itself but from unpatched media players?

If you are running versions of Flash, Java, and QuickTime that are unpatched you could be at risk

Tests have shown which applications are the most likely to be installed but unpatched on users' PCs. 
In the following list, number 1 represents the unpatched application that was found on the greatest number of users' machines, with higher numbers representing fewer machines:

*1. Adobe Flash Player 9.x
2. Sun Java JRE 1.6.x/6.x
3. Macromedia Flash Player 6.x
4. Macromedia Flash Player 8.x
5. Macromedia Flash Player 7.x
6. Apple QuickTime 7.x
7. Macromedia Flash Player 5.x
8. Mozilla Firefox 2.0.x
9. Macromedia Flash Player 4.x
10. Adobe Reader 7.x*


These applications are media players, browser plug-ins that play media files, or a browser itself (i.e., Firefox). All of these programs can be attacked across the Internet for example, if you play an infected Flash video you find on a Web site or that you received via e-mail. Consequently, using an older version of these program poses a real security risk.

All of the applications mentioned above support automatic updating. They also allow you to choose to update them manually which some users prefer. If you prefer to update manually, update them on your regulary scheduled malware scan schedule. 


Now your probably wondering, how can I tell if my software is out-of-date? Good question, and here is a program to tell you just that


You can use Software Inspector at Secunia.com.....its free 
This online utility requires Java to run, so you should use the Java update procedure below to make sure you have the latest version of Java before proceeding.


*To update Sun Java:*

Step 1. In the Control Panel, launch the Java applet. You can also right-click the Java icon in the Taskbar tray and choose Open Control Panel.

Step 2. Click the Update tab. Use the controls there to customize the update notification. Click OK.

If you prefer to update Java manually, uncheck the box for automatic updating. Then return to this dialog box periodically and click Update Now at the bottom of the Update tab.



Now, Test your software with Software Inspector




The scan will find software (including the operating system) with known security flaws for which patches exist. The on-screen report lists your updated apps (with a green checkmark) and nonupdated apps (with a red X). If you have multiple copies of a single application installed, the report will list each version. Click the "+" icon to the left of each item for more information, including the specific path to each file.


Software Inspector does not flag applications for which no update exists. Unfortunately, you may still have applications with security holes that aren't mentioned in the report. In addition, the program can't detect any workarounds you may have put in place to avoid security problems with existing applications.


If the scan finds multiple versions of software, sometimes older versions represent a security risk to your system. But in some cases (such as Java), you may need an older version to keep other application software running properly.


Before doing anything, make a backup of your system, or at least create a restore point using System Restore. 


Secunia's Software Inspector is especially valuable for those of us who prefer to use manual updating, rather than letting programs check and download patches automatically. The scan not only tells you what updates to look for, but it checks all your software in a single step without having to use each application's update feature one at a time.


You may forget to use Software Inspector periodically, so to automate that chore, click the reminder service link on the Software Inspector page. This will send you an e-mail notification every time a new update or version is available.


It's frustrating to know that, even when Windows is fully patched, our application software can represent an even greater vulnerability. To reduce your risk, consider running Software Inspector once a month, just after you've installed the Windows patches that Microsoft typically releases on Patch Tuesday (the 2nd Tuesday of the month).
http://windowssecrets.com/2007/08/16/02-Media-players-more-dangerous-than-Windows


----------



## Done_Fishin

Thanks GG
A very helpful thread & site .. I had a PC where the auto updates were turned off .. that site and link allowed me to see that and get it back up to date , update wise.

very useful .. seems like I will be checking out that site more often .. or until they start asking me to pay :grin:


----------



## Glaswegian

Excellent stuff TJ - thanks.


----------



## StarStruckGirl

hi Geek Girl,

thanks for the info...

is that just for the plug-ins or for the programmes themselves?

if i have removed/disabled the plug-ins, am i still at risk?

many thanks

Star Struck


----------



## Geekgirl

> These *applications* are media players, *browser plug-ins* that play media files, or a *browser itself* (i.e., Firefox). All of these programs can be attacked across the Internet for example, if you play an infected Flash video you find on a Web site or that you received via e-mail. Consequently, using an older version of these program poses a real security risk. (i.e., Firefox).


----------



## joangolfing

Geekgirl, I don't seem to have Java runtime on my system and I can't seem to install it.
I added www.java.com to my accepted sites but the install doesn't finish.
What can I do to be able to use software inspector?


----------



## Geekgirl

You need to start a thread so we can get java straightened out for you. Best play would probably be Windows XP forum, if that is the Operating System you are using.


----------



## SusannaKB

Geekgirl, 
could you help me? What should I do if the scan found multiple versions? Do I need multiple versions? I pasted what it found, and I put those in red that were "X"-ed

Microsoft Windows XP Home Edition Service Pack 2 

Adobe Acrobat Reader 4.x 4.0.0.0 

Apple Quicktime 5.x 5.0.2 

Microsoft Internet Explorer 6.x 6.00.2900.2180 

Microsoft Outlook Express 6 6.00.2900.2180 

Microsoft Windows Media Player 9.x 9.00.0 

Adobe Flash Player 9.x 9.0.28.0 

Adobe Flash Player 9.x 9.0.28.0 

Macromedia Flash Player 6.x 6.0.79.0 

Macromedia Flash Player 6.x 6.0.88.0 

Sun Java JRE 1.6.x / 6.x 6.0.20.6 

Sun Java JRE 1.6.x / 6.x 6.0.10.6


Thank you,


----------



## Geekgirl

If you have multiple copies of a single application installed, the report will list each version. Click the "+" icon to the left of each item for more information, including the specific path to each file.
If the scan finds multiple versions of software, sometimes older versions represent a security risk to your system. But in some cases (such as Java), you may need an older version to keep other application software running properly.


----------



## SusannaKB

Geekgirl, 

How do I know when and what to get rid of, if at all? Please forgive me it that is a stupid question, I am just learning and I don't know much about computers, yet.


----------



## Geekgirl

Basically you do not want to rid of anything but keep it updated.
And your questions are not stupid, not at all :grin:


----------



## SusannaKB

Oh thank you! 
I really love this site - I might actually learn computers after all.


----------



## JohnthePilot

This thread shouldn't be hidden away here GG. Would you consider copying it to the MS forums where it would have a wider audience? Thanks.


----------



## Geekgirl

Sure I can do that


----------



## possy

Good Stuff. Thanks


----------



## parminderkarra

thanks for the thread !


----------



## vladimirb

Thx GG it was very helpful... Hope I will bump on more threads like this one while I am here. BTW, this forum is great with great ppl


----------



## Geekgirl

Thanks vladimirb, enjoy your stay


----------



## thomasz

Thanks your link, I would have many information.


----------



## Geekgirl

Your welcome


----------



## matthew.

top effort from these danish security techs.
been using the program for a little while and havent experienced any drawbacks to date.

what antivirus software do you use geekgirl?


----------



## Geekgirl

NOD32.......of course


----------



## Arnold123

I really love this site. How do I know when and what to get rid of, if at all?

_______________________________________________


----------



## Geekgirl

Welcome to TSF Arnold123

What are you referring to? You may want to start a thread in the appropriate forum fora assistance.


----------



## pingu789

What are unpatched media players?


----------



## Geekgirl

Media player software that is not up-to-date in version and updates......


----------



## karlitos

Perfect Thread !!

Thanks GG =))))))


----------



## Geekgirl

Very Welcome


----------



## newmanpa8804

Thanks for the good infos.


----------



## Geekgirl

Your Welcome :wink:


----------



## newmanpa8804

Thanks for the great tips. Happy Holidays.


----------



## emansiri01

Thanks


----------

