When updating many software packages, older versions are not always removed as part of the process leaving vulnerable versions at known locations (paths) that can be used by a person wishing to compromise a machine.
I have been playing with Secunia’s Software Inspector, and have been surprised with some of the results on our systems.
JAVA
This is one that we have been very proactive in cleaning up. The Java update never removes the older version so you get a collection of Java versions with a pointer that marks the current Java version. The problem is that you can call any of the old binary files knowing the file path so you can go hunting for vulnerable versions. Sure this gives good backwards compatibility, but at considerable risk. (JInitiator uses this same “leave the old one” process when it updates)
C:\Program Files\Java\
FLASH
Macromedia/Adobe Flash produced some surprises for me. It would appear that Flash v.4.x is installed initially with Windows XP and is never updated from the initial install;
C:\WINDOWS\SYSTEM32\Macromed\Flash\SWFLASH.OCX (v4.x)
C:\I386\SWFLASH.OCX (v4.x)
C:\I386\FLASH.OCX (v6.x)
Another issue was having previously removed packages with plugin folders left in-situ by an incomplete clean up in the removal process; for example a machine where Thunderbird had been uninstalled.
C:\Program Files\Mozilla Thunderbird\plugins\NPSWF32.dll
These instance are ignored by our current patching software and as such need to be removed using a clean up script.
