Posted by: Ed Tittel
On October 9, Microsoft pushed an update to Windows Flash for Windows 8, but Secunia PSI still reports that 11.x versions of Flash Player (both 32- and 64-bit now, in fact) still need updating:
Curious as to why this might be, I right-clicked an entry to get at more details, then selected “Show details” to see a list of installed versions. Much to my surprise, I’ve uncovered at least part of the problem. As with other Windows-pushed updates, the relevant code lives inside the …\Windows\WinSxS folder, where each flash version gets its own folder to live in. Again in keeping with MS update methods new versions are added but old ones never get deleted (you need a “force delete” tool such as Empty Loop’s Unlocker 1.9.1, because Windows itself allows only the Trusted Installer to add or remove entries in this folder).
So even though a new version of Flash is indeed present on my machine — see the entry dated 10/9/2012 in the following graphic — PSI is reacting to the ongoing presence of older versions in the WinSxS directory to flag the presence of an older version as a potential security problem. I’m not convinced this is a valid detection, and suspect that Secunia will have to change how PSI detects and reports on elements in the WinSxS repository for Windows 8. It should be interesting to see what steps the company takes to update its software when the GA date arrives, and it begins to formally offer support for this new operating system.
It’s interesting to discover that sometimes more than one organization has to change its tools and methods to accommodate new software — in this case, the Windows 8 operating system.