Supported MS bulletins

Bulletin ID Title
MS12-006 Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
2633952 December 2011 cumulative time zone update for Windows operating systems
MS12-005 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
MS12-004 Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
2630976 "Access Denied" error, or the user is repeatedly prompted for credentials, when the user tries to access an Office 365 resource from a rich client application
2626808 Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
2626807 Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
2626806 Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
2626804 Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
MS12-003 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
MS12-002 Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
2603291 Description of the cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: September 2011
2603289 Description of the cumulative update for Office Communications Server 2007 R2, Core Components: September 2011
2603287 Description of the cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: September 2011
2603285 Description of the cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: September 2011
2602324 Description of Update Rollup 5 for Exchange Server 2007 Service Pack 3
MS12-001 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
2640253 Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011
MS11-100 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
2652446 Description of the update for Lync Server 2010, Web Components Server: December 2011
2650982 Description of the update for Lync Server 2010: December 2011
2650037 Description of the update for Lync Server 2010 Bandwidth Policy Service: December 2011
MS11-099 Cumulative Security Update for Internet Explorer (2618444)
MS11-098 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
MS11-097 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
MS11-095 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
MS11-094 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
MS11-093 Vulnerability in OLE Could Allow Remote Code Execution (2624667)
MS11-092 Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
MS11-091 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
MS11-090 Cumulative Security Update of ActiveX Kill Bits (2618451)
MS11-089 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
MS11-088 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
2608646 Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1
MS11-085 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
MS11-084 Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
2617376 Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
2587551 Introduction to the Microsoft StreamInsight 1.2 release
MS11-082 Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1
2578202 Bing Bar version 7.0 is available
2575872 Description of the update package for Lync Server 2010, Conferencing Attendant: July 2011
2575871 Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011
2575870 Description of the cumulative update for Lync Server 2010, Conferencing Server: July 2011
MS11-081 Cumulative Security Update for Internet Explorer (2586448)
MS11-080 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
2590699 Description of the cumulative update package for Communicator 2007 R2: September 2011
2590695 Description of the cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: September 2011
MS11-078 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
2571841 Expression Web 4 Service Pack 2
MS11-077 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
MS11-076 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
MS11-075 Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
2549042 Cumulative update package for Communicator 2007 R2: June, 2011
MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
2582113 Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1
2580221 Help and Support
MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
2570791 August 2011 cumulative time zone update for Windows operating systems
MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
2571547 Description of the update package for Lync Server 2010, Web Components Server: July 2011
2571546 Description of the cumulative update for Lync Server 2010: July 2011
2571545 Description of the cumulative update for Lync Server 2010, Core Components: July 2011
2571543 Description of the cumulative update package for Lync 2010: July 2011
2571505 Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: July 2011
MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
2539581 Office 2003 update: June 14, 2011
2538719 Description of Hotfix Rollup 3 for Microsoft Forefront Protection for Exchange
MS11-068 Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
2547347 Update Rollup 3 for Microsoft Dynamics CRM 2011 is available
2546951 List of issues that are fixed by SQL Server 2008 Service Pack 3
MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
2568557 A DTMF-based IVR application that is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs crashes
MS11-064 Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
2562937 Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits
MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
2567454 Update Rollup 5 for Microsoft Dynamics CRM 2011 is available
MS11-062 Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
MS11-061 Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
2553006 Business Contact Manager for Outlook 2010 SP1
MS11-059 Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
MS11-058 Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
2562466 System Center Virtual Machine Manager 2008 R2 SP1 hotfix rollup package: July 12, 2011
MS11-057 Cumulative Security Update for Internet Explorer (2559049)
MS11-056 Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
MS11-055 Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
2492980 System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 8, 2011
2492386 Application Compatibility Update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: April 2011
MS11-054 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
2555840 Microsoft Forefront Threat Management Gateway 2010 Service Pack 2
2555251 Update Rollup 1 for Windows Small Business Server 2011 Standard is available
MS11-053 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
2530592 Cumulative update for Lync Server 2010, Web Conferencing Server: April 2011
MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
MS11-051 Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
2514982 Description of the cumulative update for Lync 2010: November 2011
2514981 Description of the cumulative update for Lync Server 2010, Core Components: November 2011
2514978 Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011
2514975 Cumulative update for Lync Server 2010, Conferencing Server: April 2011
MS11-050 Cumulative Security Update for Internet Explorer (2530548)
2530488 Update Rollup 3 for Exchange Server 2007 Service Pack 3
MS11-049 Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
2509911 Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3
MS11-048 Vulnerability in SMB Server Could Allow Denial of Service (2536275)
MS11-047 Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
MS11-046 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
2540951 Cumulative update package for Lync 2010: April 2011
MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
2529939 Update Rollup 3 for Exchange Server 2010 Service Pack 1
2528994 Bing Bar version 7.0 is available
2528989 Upgrade to Bing Bar version 7.0 from MSN Toolbar version 3.0
2528583 List of the bugs that are fixed in SQL Server 2008 R2 Service Pack 1
2526954 Update for Microsoft Silverlight: April 19, 2011
2526310 Description of Office Access Runtime and Data Connectivity Components 2007 SP3
2526305 Description of Windows SharePoint Services 3.0 SP3 and of Windows SharePoint Services 3.0 Language Pack SP3
2526302 Description of Office Excel Viewer 2007 SP3
2526301 Description of Office Visio Viewer 2007 SP3
2526299 Description of the 2007 Office Servers SP3 and of the 2007 Office Servers Language Pack SP3
2526298 Description of PowerPoint Viewer 2007 SP3
2526297 Description of Office Compatibility Pack SP3
2526294 Description of Calendar Printing Assistant for Office Outlook 2007 SP3
2526086 Description of the 2007 Office suite SP3 and of Office Language Pack 2007 SP3
MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
MS11-040 Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
MS11-039 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893)
MS11-036 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)
MS11-035 Vulnerability in WINS Could Allow Remote Code Execution (2524426)
2524375 Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing
MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
2410679 Update package for Office Communications Server 2007 R2, Conferencing Announcement Service: November 2010
MS11-028 Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
2445990 Microsoft Application Virtualization 4.6 Service Pack 1
2443685 December 2010 cumulative time zone update for Windows operating systems
MS11-027 Cumulative Security Update of ActiveX Kill Bits (2508272)
2508148 Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2
2508145 Hotfix Rollup 4 for Microsoft Forefront Security for SharePoint Service Pack 3
2508121 Hotfix Rollup 4 for Antigen 9 for Exchange Service Pack 2
MS11-026 Vulnerability in MHTML Could Allow Information Disclosure (2503658)
MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
MS11-024 Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
2519900 Expression Web 4 Service Pack 1
MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
2502324 Cumulative update for Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Windows Workflow Activities Redist: March, 2011
2501722 Cumulative update package for Communicator 2007 R2: March, 2011
2501721 Update package for Communications Server 2007 R2, Web Components: March, 2011
2501720 Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: March, 2011
2501717 Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: March, 2011
2500449 Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011
2500448 Cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: April 2011
2500444 Cumulative update for Lync Server 2010, Core Components: April 2011
2500442 Cumulative update for Lync Server 2010: April 2011
2500441 Update package for Lync Server 2010, Web Components Server: April 2011
2500438 Cumulative update for Lync 2010 Attendee - Administrator level installation: April 2011
2466086 Update Rollup 2 for Microsoft Dynamics CRM 2011 is available
2466084 Update Rollup 1 for Microsoft Dynamics CRM 2011 is available
2463332 List of the issues that are fixed in SQL Server 2005 Service Pack 4
2460073 Office Web Apps SP1
2460065 Visio 2010 Viewer SP1
2460056 Office Servers 2010 Language Pack SP1
2460054 SharePoint 2010 Indexing Connector for Documentum SP1
2460050 PowerPoint 2010 Viewer SP1
2460044 Office Language Interface Pack 2010 SP1
2460043 Office 2010 Language Pack SP1
2460041 Office 2010 Filter Pack SP1
2460011 A description of Access Database Engine 2010 Service Pack 1
2458094 Windows Small Business Server 2008 Update Rollup 5
MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
2510766 List of all SharePoint 2010 and Office Server 2010 SP1 packages
2510690 List of all Office 2010 SP1 packages
MS11-018 Cumulative Security Update for Internet Explorer (2497640)
2496326 Cumulative update for Lync 2010 Attendant: April 2011
MS11-017 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
MS11-016 Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
MS11-015 Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
2502810 Cumulative update for Lync Server 2010, Mediation Server: April 2011
MS11-014 Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
MS11-013 Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
2425179 Update Rollup 2 for Exchange Server 2010 Service Pack 1
MS11-012 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
MS11-011 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
MS11-010 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
MS11-009 Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
2467771 Update package for Lync Server 2010, Administrative Tools: January 2011
2467659 An update is available for Internet Explorer: December 14, 2010
MS11-008 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
MS11-007 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
MS11-006 Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
MS11-005 Vulnerability in Active Directory Could Allow Denial of Service (2478953)
MS11-004 Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
MS11-003 Cumulative Security Update for Internet Explorer (2482017)
MS11-002 Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
MS11-001 Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
MS10-106 Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
2407113 Update Rollup 5 for Microsoft Exchange Server 2010 Release to Manufacturing
2407028 Update Rollup 1 for Exchange Server 2010 Service Pack 1
2407025 Update Rollup 2 for Exchange Server 2007 Service Pack 3
2404588 Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: November 2010
2404578 Cumulative update for Office Communications Server 2007 R2, Mediation Server: November 2010
2404575 Cumulative update for Office Communications Server 2007 R2, Core Components: November 2010
2403680 Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: November 2010
2403679 Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: November 2010
2400402 Cumulative update for Office Communications Server 2007 R2, Administration Tools: September 2010
2400375 Update package for Communications Server 2007 R2, Web Components: September 2010
2400367 Cumulative update package for Office Communications Server 2007 R2, Response Group Service: September 2010
MS10-105 Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
2452789 Introduction to the Microsoft StreamInsight 1.1 release
MS10-104 Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
MS10-103 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
MS10-102 Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
MS10-101 Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
MS10-100 Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
MS10-099 Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
MS10-098 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
MS10-097 Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
MS10-096 Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
2422053 Hotfix Rollup 3 for Forefront Security for SharePoint Service Pack 3
2420644 Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2
MS10-095 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
MS10-094 Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
MS10-093 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
MS10-092 Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
2302001 Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2
MS10-091 Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
MS10-090 Cumulative Security Update for Internet Explorer (2416400)
MS10-088 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
MS10-086 Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
MS10-085 Vulnerability in SChannel Could Allow Denial of Service (2207566)
MS10-084 Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
MS10-083 Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
MS10-082 Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
MS10-081 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
MS10-080 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
MS10-079 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
2308590 System Center Virtual Machine Manager 2008 R2 hotfix rollup package: September 14, 2010
MS10-078 Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
2279665 Update Rollup 1 for Exchange Server 2007 Service Pack 3
MS10-077 Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
MS10-076 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
MS10-075 Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
MS10-074 Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
MS10-073 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
MS10-071 Cumulative Security Update for Internet Explorer (2360131)
MS10-070 Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
MS10-069 Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
MS10-068 Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
981407 Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1
981401 Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing
981383 Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2
MS10-067 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
MS10-066 Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
MS10-065 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
MS10-064 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)
2291724 Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010
2291453 Cumulative update package for Communicator 2007 R2: November 2010
MS10-063 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
MS10-062 Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
MS10-061 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
MS10-060 Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
983509 Description of Visual Studio 2010 Service Pack 1
MS10-059 Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
MS10-058 Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
2250444 Hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010
MS10-055 Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
982639 Update Rollup 4 for Microsoft Exchange Server 2010 Release To Manufacturing
982523 System Center Virtual Machine Manager 2008 R2 Admin Console hotfix rollup package: June 8, 2010
982522 System Center Virtual Machine Manager 2008 R2 hotfix rollup package: June 8, 2010
982519 Application Compatibility Update for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: June 2010
MS10-054 Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
MS10-053 Cumulative Security Update for Internet Explorer (2183461)
2182621 Microsoft Team Foundation Server 2010 Service Pack 1
2181692 Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange
MS10-052 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
MS10-051 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
MS10-050 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
MS10-049 Vulnerabilities in SChannel could allow Remote Code Execution (980436)
980408 April 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2 is available
MS10-048 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
2158563 September 2010 cumulative time zone update for Windows operating systems
MS10-047 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
981793 May 2010 cumulative time zone update for Windows operating systems
MS10-046 Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
2285068 List of the bugs that are fixed in SQL Server 2008 Service Pack 2
MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
980372 Cumulative update for Office Communications Server 2007 R2, Outside Voice Control: April 2010
980370 Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: April 2010
MS10-044 Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
MS10-043 Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
2028888 Cumulative update package for Communicator 2007 R2: July 2010
2006634 Microsoft Office Accounting 2009 Service Pack 3 for Accounting Professional (MOA) 2009 and for Accounting Express 2009
MS10-042 Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
MS10-041 Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
982861 Availability of Windows Internet Explorer 9
979784 Update Rollup 3 for Exchange Server 2007 Service Pack 2
MS10-040 Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
MS10-037 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
MS10-036 Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
982114 How to obtain Service Pack 2 for Microsoft HPC Pack 2008
MS10-035 Cumulative Security Update for Internet Explorer (982381)
MS10-034 Cumulative Security Update of ActiveX Kill Bits (980195)
980096 Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: April 2010
MS10-033 Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
979454 Windows Small Business Server 2008 Update Rollup 4
MS10-032 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
MS10-031 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)
976244 System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009
976135 Communicator 2007 R2 cumulative update: January 2010
976098 December 2009 cumulative time zone update for Microsoft Windows operating systems
MS10-030 Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
MS10-029 Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
978300 Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
978297 Hotfix Rollup 1 for Service Pack 2 for Forefront Security for Exchange Server
MS10-028 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
MS10-027 Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
MS10-026 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
977351 Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January 2010
977347 Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: April 2010
977344 Cumulative update for Office Communications Server 2007 R2, Administration Tools: January 2010
977343 Cumulative update for Office Communications Server 2007 R2, Core Components: January 2010
MS10-025 Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
980847 Microsoft Application Virtualization 4.5 Service Pack 2
980586 Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2
MS10-024 Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
976657 Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010
976594 Expression Web 3 Service Pack 1
MS10-023 Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
MS10-022 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
981324 List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1
MS10-021 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
MS10-020 Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
MS10-019 Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
979306 February 2010 cumulative time zone update for Windows operating systems
979202 Update for Silverlight: January 19, 2010
978564 Cumulative update package for Communicator 2007 R2: April 2010
978560 System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010
MS10-017 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
MS10-016 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
MS10-015 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
977074 January 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2
976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2
MS10-014 Vulnerability in Kerberos Could Allow Denial of Service (977290)
MS10-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
MS10-012 Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
MS10-011 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
977937 Cumulative update for Office Communications Server 2007 R2, Mediation Server: April 2010
977934 Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: April 2010
MS10-010 Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
MS10-009 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
MS10-007 Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
975614 Cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: April 2010
975613 Cumulative update for Office Communications Server 2007 R2, Core Components: October 2009
975612 Cumulative update for Office Communications Server 2007 R2, Response Group Service: October 2009
MS10-006 Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
MS10-005 Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
MS10-004 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
MS10-003 Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
MS10-002 Cumulative Security Update for Internet Explorer (978207)
MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
MS09-074 Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
MS09-073 Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
MS09-072 Cumulative Security Update for Internet Explorer (976325)
MS09-071 Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
MS09-070 Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
MS09-069 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
MS09-068 Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
MS09-067 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
MS09-066 Vulnerability in Active Directory Could Allow Denial of Service (973309)
972884 Update for Communicator 2007 R2: Oct 2009
MS09-065 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
MS09-064 Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
MS09-063 Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
MS09-062 Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
975355 Hotfix Rollup 1 for Antigen 9.0 Service Pack 2
958715 Windows Small Business Server 2008 Update Rollup 1
MS09-061 Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
953195 2007 Microsoft Office Suite Service Pack 2 (SP2) and of Microsoft Office Language Pack 2007 SP2
MS09-060 Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-059 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
MS09-058 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
MS09-057 Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
MS09-056 Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
MS09-054 Cumulative Security Update for Internet Explorer (974455)
974431 October 2009 stability and reliability update for Windows 7 and Windows Server 2008 R2
MS09-053 Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
MS09-052 Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
974007 Cumulative Update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: October 2009
MS09-051 Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
MS09-050 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
MS09-049 Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
970653 August 2009 cumulative time zone update for Microsoft Windows operating systems
MS09-048 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
MS09-047 Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
972455 Windows Server Update Services 3.0 Service Pack 2
MS09-046 Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
MS09-045 Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
MS09-044 Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
MS09-043 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
971348 List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2
968369 List of the bugs that are fixed in SQL Server 2008 Service Pack 1
MS09-042 Vulnerability in Telnet Could Allow Remote Code Execution (960859)
MS09-041 Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
MS09-040 Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
MS09-038 Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
971534 Update Rollup 1 for Exchange Server 2007 Service Pack 2
MS09-037 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
MS09-036 Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
MS09-035 Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
971083 Communicator 2007 R2 hotfix rollup package: May 2009
MS09-034 Cumulative Security Update for Internet Explorer (972260)
MS09-033 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
MS09-031 Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
MS09-030 Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
MS09-029 Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
MS09-028 Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
MS09-026 Vulnerability in RPC Could Allow Elevation of Privilege (970238)
970162 Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1
MS09-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
969121 Windows Small Business Server 2008 Update Rollup 3
957506 Help and Support
957324 Descriptions of the Business Contact Manager problems that are fixed in the 2007 Microsoft Office suite Service Pack 2
MS09-023 Vulnerability in Windows Search Could Allow Information Disclosure (963093)
MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
961448 Update Rollup 1 for Windows Essential Business Server 2008
MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
969695 Update for Communicator 2007 R2: July 2009
MS09-020 Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
MS09-019 Cumulative Security Update for Internet Explorer (969897)
MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
MS09-017 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
MS09-016 Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
968012 Update Rollup 8 for Exchange Server 2007 Service Pack 1
967831 Update package for Communications Server 2007 R2: April 2009
960911 Windows Small Business Server 2008 Update Rollup 2
MS09-015 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
MS09-014 Cumulative Security Update for Internet Explorer (963027)
962902 Help and Support
961983 Hotfix rollup package for System Center Virtual Machine Manager 2008: April 14th, 2009
961855 Microsoft Research AutoCollage 2008 version 1.1
MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
MS09-012 Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
951951 Issues that are fixed in Forefront Client Security Service Pack 1
MS09-011 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
960384 Update Rollup 7 for Exchange Server 2007 Service Pack 1
933360 August 2007 cumulative time zone update for Microsoft Windows operating systems
932726 Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007
923435 Microsoft Compute Cluster Pack Service Pack 1 (SP1) is available for Microsoft Windows Compute Cluster Server 2003
MS09-009 Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
MS09-007 Vulnerability in SChannel Could Allow Spoofing (960225)
MS09-006 Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
MS09-005 Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
959596 System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues
959057 Microsoft Office Accounting 2009 Service Pack 1 is available for Accounting Professional 2009 and for Accounting Express 2009
MS09-002 Cumulative Security Update for Internet Explorer (961260)
MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
MS08-078 Security Update for Internet Explorer (960714)
MS08-077 Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
MS08-076 Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
972076 Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 2
972042 Communicator 2007 R2 hotfix rollup package: June 2009
972008 How to obtain the latest Service Pack for Microsoft HPC Pack 2008
971975 Microsoft Office Accounting 2009 Service Pack 2 is available for Accounting Professional 2009 and for Accounting Express 2009
MS08-075 Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
MS08-074 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
MS08-073 Cumulative Security Update for Internet Explorer (958215)
MS08-072 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
MS08-071 Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
MS08-070 Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
MS08-069 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
951532 Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008
MS08-068 Vulnerability in SMB Could Allow Remote Code Execution (957097)
MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution (958644)
MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
MS08-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
956831 Update package for Office Communications Server 2007 Audio Video Conferencing Server: October, 2008
956829 Update package for Communications Server 2007 Mediation Server October, 2008
MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095)
MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
MS08-060 Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
957262 Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 2 (SP2)
MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
MS08-058 Cumulative Security Update for Internet Explorer (956390)
956389 Update package for Communications Server 2007: November 2008
MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
955839 December 2008 cumulative time zone update for Microsoft Windows operating systems
955706 List of the bugs that are fixed in SQL Server 2005 Service Pack 3
MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
951847 List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1
MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
MS08-051 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
951072 August 2008 cumulative time zone update for Microsoft Windows operating systems
MS08-050 Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
MS08-049 Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
MS08-048 Security Update for Outlook Express and Windows Mail (951066)
MS08-047 Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
953649 List of fixes that are included in System Center Configuration Manager Service Pack 1
MS08-046 Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
952783 Update package for Communications Server 2007: August 2008
952580 Update Rollup 4 for Exchange Server 2007 Service Pack 1
MS08-045 Cumulative Security Update for Internet Explorer (953838)
MS08-044 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
924886 Update for Office 2003: December 12, 2006
MS08-043 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
953338 Windows SharePoint Services 3.0 SP2 and of Windows SharePoint Services 3.0 Language Pack SP2
953336 Excel Viewer 2007 Service Pack 2
953335 Visio Viewer 2007 Service Pack 2
953334 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2
953332 PowerPoint Viewer 2007 Service Pack 2
953331 Office Compatibility Pack Service Pack 2
953329 Calendar Printing Assistant for Outlook 2007 Service Pack 2
MS08-042 Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
MS08-041 Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
948016 Update Rollup 2 for Exchange Server 2007 Service Pack 1
MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
953467 Update Rollup 5 for Exchange Server 2007 Service Pack 1
949426 Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008
MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230)
MS08-036 Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
MS08-035 Vulnerability in Active Directory Could Allow Denial of Service (953235)
MS08-034 Vulnerability in WINS Could Allow Elevation of Privilege (948745)
MS08-033 Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
MS08-031 Cumulative Security Update for Internet Explorer (950759)
MS08-030 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
MS08-028 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
MS08-026 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
MS08-024 Cumulative Security Update for Internet Explorer (947864)
MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
948465 Information about Service Pack 2 for Windows Vista and for Windows Server 2008
MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553)
MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
MS08-017 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
MS08-016 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
MS08-015 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
MS08-014 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
MS08-013 Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
945172 Communications Server 2007 Web Conferencing Server update package: November 30, 2007
945055 Update package for Communications Server 2007 and for Communications Server 2007 Archiving and CDR Server: November 30, 2007
MS08-012 Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
946140 Update for Business Contact Manager for Outlook 2007: February 12, 2008
MS08-011 Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
MS08-010 Cumulative Security Update for Internet Explorer (944533)
MS08-009 Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
942872 Communications Server 2007 update package: November 2, 2007
942846 Update Rollup 6 for Exchange Server 2007
MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
945684 Update Rollup 1 for Exchange Server 2007 Service Pack 1
MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
942763 December 2007 cumulative time zone update for Microsoft Windows operating systems
MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)
943462 List of problems that are fixed in Internet Security and Acceleration Server 2006 Service Pack 1
MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
MS07-069 Cumulative Security Update for Internet Explorer (942615)
941834 Microsoft Expression Media Service Pack 1
MS07-068 Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
944036 Availability of Windows Internet Explorer 8
MS07-067 Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
MS07-066 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
941421 Update Rollup 5 for Exchange Server 2007
MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
MS07-062 Vulnerability in DNS Could Allow Spoofing (941672)
941652 Business Contact Manager for Outlook 2007 Service Pack 1
MS07-061 Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
MS07-060 Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
MS07-059 Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
937160 Visio Viewer 2007 Service Pack 1
937158 PowerPoint Viewer 2007 Service Pack 1
937157 Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1
MS07-058 Vulnerability in RPC Could Allow Denial of Service (933729)
MS07-057 Cumulative Security Update for Internet Explorer (939653)
MS07-056 Security Update for Outlook Express and Windows Mail (941202)
940767 Windows Internet Explorer 7 Installation and Availability Update
MS07-055 Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
MS07-053 Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
936988 Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services 3.0 Language Pack Service Pack 1
936984 2007 Microsoft Office servers Service Pack 1 and the 2007 Microsoft Office servers Language Pack Service Pack 1
936982 2007 Microsoft Office suite Service Pack 1
MS07-051 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
937961 Office 2003 Web Components Service Pack 1 for the 2007 Office system
MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
MS07-047 Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829)
MS07-045 Cumulative Security Update for Internet Explorer (937143)
MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
940289 Office Compatibility Pack Service Pack 1
940006 Update Rollup 4 for Exchange Server 2007
MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
936929 Information about Windows XP Service Pack 3
935999 Update Rollup 3 for Exchange Server 2007
MS07-041 Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
MS07-040 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
MS07-039 Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
MS07-038 Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
MS07-037 Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)
MS07-036 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
936330 What you should know before you install Windows Vista Service Pack 1
MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123)
MS07-033 Cumulative Security Update for Internet Explorer (933566)
MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
931836 February 2007 cumulative time zone update for Microsoft Windows operating systems
MS07-027 Cumulative Security Update for Internet Explorer (931768)
MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
934737 Excel Viewer 2003 Service Pack 3
934736 Help and Support
MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
933867 List of problems that are fixed in Microsoft Systems Management Server 2003 Service Pack 3
MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
933669 Update for PowerPoint 2003: May 8, 2007
MS07-022 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
MS07-016 Cumulative Security Update for Internet Explorer (928090)
MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
929060 Update for PowerPoint 2003: February 13, 2007
929058 Update for Excel 2003: February 13, 2007
928957 Visual Studio 2005 Service Pack 1 Release Notes
MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
929300 Benefits of the Microsoft .NET Framework
MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
923706 How to obtain the latest service pack for System Center Data Protection Manager 2006
MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
MS06-078 Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
923648 Outlook Live 2003 Service Pack 3
923643 Windows SharePoint Services Service Pack 3
923642 Office 2003 Service Pack 3 for Proofing Tools
923633 OneNote 2003 Service Pack 3
923622 Project 2003 Service Pack 3
923620 Visio 2003 Service Pack 3
923618 Office 2003 Service Pack 3
MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
MS06-076 Cumulative Security Update for Outlook Express (923694)
MS06-075 Vulnerability in Windows Could Allow Elevation of Privilege (926255)
MS06-074 Vulnerability in SNMP Could Allow Remote Code Execution (926247)
MS06-073 Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
MS06-072 Cumulative Security Update for Internet Explorer (925454)
MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
920115 Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
MS06-067 Cumulative Security Update for Internet Explorer (922760)
MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
MS06-065 Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
MS06-064 Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
MS06-063 Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution (923414)
MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
MS06-061 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
924406 List of problems that are fixed in Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
MS06-056 Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
MS06-054 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
MS06-053 Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)
MS06-051 Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
917347 Update for Word 2002: July 11, 2006
MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
MS06-049 Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
MS06-048 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
921896 A list of the bugs that are fixed in SQL Server 2005 Service Pack 2
MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
MS06-043 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
MS06-042 Cumulative Security Update for Internet Explorer (918899)
MS06-041 Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)
MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883)
MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
MS06-037 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
913807 Update for Outlook 2003: March 14, 2006
MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159)
917153 Update for PowerPoint 2002: July 11, 2006
MS06-034 Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
917275 How to obtain Windows Rights Management Services with Service Pack 2
MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
MS06-031 Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
MS06-030 Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
MS06-029 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
912440 Update for Office 2003 Alternative User Input: May 9, 2006
MS06-028 Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
MS06-021 Cumulative Security Update for Internet Explorer (916281)
914961 General information regarding Windows Server 2003 Service Pack 2
MS06-020 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
913090 A list of the bugs that have been fixed in SQL Server 2005 Service Pack 1
MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
MS06-018 Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
913571 Updates for Office 2003: March 14, 2006
MS06-017 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
MS06-016 Cumulative Security Update for Outlook Express (911567)
MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
MS06-013 Cumulative Security Update for Internet Explorer (912812)
MS06-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
MS06-008 Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)
MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
MS06-004 Cumulative Security Update for Internet Explorer (910620)
MS06-003 Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
891861 Update Rollup 1 for Windows 2000 SP4 and known issues
MS06-002 Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
907747 "Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide" is now available
MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
MS05-055 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
MS05-054 Cumulative Security Update for Internet Explorer (905915)
MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
MS05-052 Cumulative Security Update for Internet Explorer (896688)
MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
899738 List of issues that are fixed in Systems Management Server 2003 Service Pack 2
MS05-048 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
MS05-047 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
MS05-045 Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
MS05-044 Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
MS05-043 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
899456 Release manifest for MDAC 2.8 Service Pack 1 (2.81.1117.6)
MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
MS05-038 Cumulative Security Update for Internet Explorer (896727)
MS05-037 Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
902963 Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
902848 Outlook Live 2003 Service Pack 2
MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
MS05-035 Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
MS05-033 Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
MS05-032 Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
889101 Release notes for Windows Server 2003 Service Pack 1
MS05-031 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)
MS05-030 Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)
MS05-028 Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)
MS05-027 Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)
MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
MS05-025 Cumulative Security Update for Internet Explorer (883939)
MS05-024 Vulnerability in Web View Could Allow Remote Code Execution (894320)
MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
887624 Windows SharePoint Services 2.0 Service Pack 2
887622 Visio 2003 Service Pack 2
887620 Project 2003 Service Pack 2
887619 OneNote 2003 Service Pack 2
887618 Office 2003 Service Pack 2 for Proofing Tools
887616 Office 2003 Service Pack 2
MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
MS05-020 Cumulative Security Update for Internet Explorer (890923)
MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
890830 Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP
MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944)
MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
MS05-014 Cumulative Security Update for Internet Explorer (867282)
843188 Office 2003 Service Pack 1 for Proofing Tools
843187 Office 2003 Service Pack 1 for Multilingual User Interface Pack
842774 OneNote 2003 Service Pack 1
842532 Office 2003 Service Pack 1
MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
884525 Additions to the SQL Server 2000 Service Pack 4 readme files
MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution (885834)
MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302)
MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
MS05-005 Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
MS05-004 ASP.NET Path Validation Vulnerability (887219)
MS05-003 Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175)
MS04-045 Vulnerability in WINS Could Allow Remote Code Execution (870763)
870540 Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
867461 List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3
867460 List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1
MS04-044 Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
MS04-043 Vulnerability in HyperTerminal Could Allow Code Execution (873339)
MS04-041 Vulnerability in WordPad Could Allow Code Execution (885836)
MS04-037 Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
MS04-036 Vulnerability in NNTP Could Allow Remote Code Execution (883935)
MS04-035 Vulnerability in SMTP Could Allow Remote Code Execution (885881)
MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
MS04-032 Security Update for Microsoft Windows (840987)
840663 Visio 2003 Service Pack 1
MS04-031 Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
MS04-030 Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
832671 Microsoft Office XP Service Pack 3
MS04-027 Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315)
MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (841873)
MS04-020 Vulnerability in POSIX Could Allow Code Execution (841872)
MS04-019 Vulnerability in Utility Manager Could Allow Code Execution (842526)
841876 Windows SharePoint Services Service Pack 1
MS04-018 Cumulative Security Update for Outlook Express (823353)
MS04-016 Vulnerability in DirectPlay Could Allow Denial of Service (839643)
837240 Project 2003 Service Pack 1
MS04-015 Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)
MS04-014 Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
MS04-013 Cumulative Security Update for Outlook Express (837009)
MS04-012 Cumulative Update for Microsoft RPC/DCOM (828741)
MS04-011 Security Update for Microsoft Windows (835732)
834693 Office XP Service Pack 3 for Access 2002 Runtime
MS04-008 Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)
MS04-007 ASN.1 Vulnerability Could Allow Code Execution (828028)
826939 Update Rollup 1 for Windows XP is available
MS04-006 Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
830242 Visio 2002 Service Pack 2
830241 Microsoft Project 2002 Service Pack 1
MS03-051 Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
MS03-049 Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
MS03-045 Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
MS03-044 Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
MS03-043 Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
MS03-042 Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
MS03-041 Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
MS03-034 Flaw in NetBIOS Could Lead to Information Disclosure (824105)
MS03-033 Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
MS03-031 Cumulative Patch for Microsoft SQL Server (815495)
MS03-030 Unchecked Buffer in DirectX Could Enable System Compromise (819696)
MS03-027 Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
MS03-023 Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
MS03-022 Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
MS03-021 Flaw In Windows Media Player May Allow Media Library Access (819639)
MS03-018 Cumulative Patch for Internet Information Service (811114)
811113 List of fixes included in Windows XP Service Pack 2
MS03-017 Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
MS03-013 Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)
MS03-008 Flaw in Windows Script Engine Could Allow Code Execution (814078)
MS03-007 Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)
MS03-005 Unchecked buffer in Windows redirector may permit privilege elevation (810577)
MS03-001 Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
MS02-072 Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)
MS02-071 Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
MS02-070 Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
MS02-065 Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
MS02-063 Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
MS02-062 Cumulative Patch for Internet Information Service (Q327696)
MS02-060 Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)
MS02-054 Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
MS02-053 Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
MS02-051 Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)
MS02-050 Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
MS02-048 Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172)
321884 List of Bugs Fixed in Microsoft .NET Framework 1.0 Service Pack 2
MS02-045 Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)
MS02-042 Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)
MS02-032 26 June 2002 Cumulative Patch for Windows Media Player (Q320920)
MS02-029 Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
MS02-024 Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206)
MS02-017 Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967)
MS02-009 Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
MS02-008 XMLHTTP Control Can Allow Access to Local Files
MS02-006 Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
MS01-059 Unchecked Buffer in Universal Plug and Play can Lead to System Compromise

More information on each product update


Bulletin ID:
MS12-006
Title:
Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows Embedded Standard 7
Windows Server 2008 R2
Windows 7

Bulletin ID:
2633952
Title:
December 2011 cumulative time zone update for Windows operating systems
Update Type:
Update Rollup
Severity:
Important This update supersedes and replaces update 2570791 (http://support.microsoft.com/KB/2570791) , which was released in August 2011. No additional time zone changes were released as hotfixes after update 2570791 (http://support.microsoft.com/KB/2570791) was published.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows 7
Windows Embedded Standard 7
Windows Server 2008 R2

Bulletin ID:
MS12-005
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS12-004
Title:
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7

Bulletin ID:
2630976
Title:
"Access Denied" error, or the user is repeatedly prompted for credentials, when the user tries to access an Office 365 resource from a rich client application
Update Type:
Update Rollup
Severity:
When a user tries to access a Microsoft Office 365 resource from a rich client application, the user experiences one of the following symptoms:The user is repeatedly prompted to enter his or her credentials.The user receives the following error message:
Applies to:
Microsoft Online Services Sign-In Assistant (Smart Setup for First-Time Installations)

Bulletin ID:
2626808
Title:
Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
Update Type:
Service Pack
Severity:
An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Windows Live

Bulletin ID:
2626807
Title:
Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
Update Type:
Service Pack
Severity:
An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Windows Live

Bulletin ID:
2626806
Title:
Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
Update Type:
Service Pack
Severity:
An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Windows Live

Bulletin ID:
2626804
Title:
Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
Update Type:
Service Pack
Severity:
An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Windows Live

Bulletin ID:
MS12-003
Title:
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
Update Type:
Security Update
Severity:
Important
This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. All supported editions of Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Server 2008
Windows XP x64 Edition

Bulletin ID:
MS12-002
Title:
Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
2603291
Title:
Description of the cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: September 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: September 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2603289
Title:
Description of the cumulative update for Office Communications Server 2007 R2, Core Components: September 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Office Communications Server 2007 R2, Core Components: September 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2603287
Title:
Description of the cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: September 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: September 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2603285
Title:
Description of the cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: September 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: September 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2602324
Title:
Description of Update Rollup 5 for Exchange Server 2007 Service Pack 3
Update Type:
Update Rollup
Severity:
Description of Update Rollup 5 for Exchange Server 2007 Service Pack 3
Applies to:
Exchange Server 2007

Bulletin ID:
MS12-001
Title:
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7

Bulletin ID:
2640253
Title:
Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-100
Title:
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2

Bulletin ID:
2652446
Title:
Description of the update for Lync Server 2010, Web Components Server: December 2011
Update Type:
Update Rollup
Severity:
Description of the update for Lync Server 2010, Web Components Server: December 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2650982
Title:
Description of the update for Lync Server 2010: December 2011
Update Type:
Update Rollup
Severity:
Description of the update for Lync Server 2010: December 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2650037
Title:
Description of the update for Lync Server 2010 Bandwidth Policy Service: December 2011
Update Type:
Update Rollup
Severity:
Description of the update for Lync Server 2010 Bandwidth Policy Service: December 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-099
Title:
Cumulative Security Update for Internet Explorer (2618444)
Update Type:
Security Update
Severity:
Important
This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
Applies to:
Windows Internet Explorer 8 Dynamic Installer
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Server 2008 R2
Windows XP
Windows Internet Explorer 7.0 Dynamic Installer
Windows Server 2008
Windows Vista
Windows 7
Windows Embedded Standard 7

Bulletin ID:
MS11-098
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 7
Windows Server 2008
Windows Embedded Standard 7

Bulletin ID:
MS11-097
Title:
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7
Windows Vista
Windows Server 2008

Bulletin ID:
MS11-096
Title:
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors.
Applies to:
Office 2003

Bulletin ID:
MS11-095
Title:
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Vista
Windows Server 2008 R2
Windows Server 2008
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS11-094
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007

Bulletin ID:
MS11-093
Title:
Vulnerability in OLE Could Allow Remote Code Execution (2624667)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-092
Title:
Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-091
Title:
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003

Bulletin ID:
MS11-090
Title:
Cumulative Security Update of ActiveX Kill Bits (2618451)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Embedded Standard 7
Windows Server 2008
Windows Vista
Windows Server 2008 R2

Bulletin ID:
MS11-089
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007

Bulletin ID:
MS11-088
Title:
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Applies to:
Office 2010

Bulletin ID:
MS11-087
Title:
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
Applies to:
Windows Embedded Standard 7
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows XP
Windows Server 2008
Windows XP x64 Edition
Windows Vista
Windows 7

Bulletin ID:
MS11-086
Title:
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7

Bulletin ID:
2608646
Title:
Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1
Update Type:
Update Rollup
Severity:
Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1
Applies to:
Exchange Server 2010

Bulletin ID:
MS11-085
Title:
Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
Applies to:
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-084
Title:
Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.
Applies to:
Windows Embedded Standard 7
Windows 7
Windows Server 2008 R2

Bulletin ID:
2617376
Title:
Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0
Update Type:
Service Pack
Severity:
An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Windows Live

Bulletin ID:
MS11-083
Title:
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2587551
Title:
Introduction to the Microsoft StreamInsight 1.2 release
Update Type:
Service Pack
Severity:
Introduction to the Microsoft StreamInsight 1.2 release
Applies to:
Microsoft StreamInsight V1.0

Bulletin ID:
MS11-082
Title:
Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.
Applies to:
Host Integration Server 2010
Host Integration Server 2009
Host Integration Server 2006
Host Integration Server 2004

Bulletin ID:
2579150
Title:
Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1
Update Type:
Update Rollup
Severity:
Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1
Applies to:
Exchange Server 2010

Bulletin ID:
2578202
Title:
Bing Bar version 7.0 is available
Update Type:
Service Pack
Severity:
An update is available through Windows Update for the following versions of MSN Toolbar and of Bing Bar:MSN Toolbar version 4.0Bing Bar version 5.0Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Bing Bar

Bulletin ID:
2575872
Title:
Description of the update package for Lync Server 2010, Conferencing Attendant: July 2011
Update Type:
Update Rollup
Severity:
Description of the update package for Lync Server 2010, Conferencing Attendant: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2575871
Title:
Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2575870
Title:
Description of the cumulative update for Lync Server 2010, Conferencing Server: July 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Conferencing Server: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-081
Title:
Cumulative Security Update for Internet Explorer (2586448)
Update Type:
Security Update
Severity:
Critical
This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-080
Title:
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
2590699
Title:
Description of the cumulative update package for Communicator 2007 R2: September 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update package for Communicator 2007 R2: September 2011
Applies to:
Office Communicator 2007 R2

Bulletin ID:
2590695
Title:
Description of the cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: September 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: September 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS11-078
Title:
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Applies to:
Windows 7
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Server 2008
Windows Vista
Windows XP
Silverlight

Bulletin ID:
2571841
Title:
Expression Web 4 Service Pack 2
Update Type:
Service Pack
Severity:
Expression Web 4 Service Pack 2
Applies to:
Expression Web 4

Bulletin ID:
MS11-077
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Update Type:
Security Update
Severity:
Important
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-076
Title:
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.
Applies to:
Windows Vista
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-075
Title:
Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-074
Title:
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Update Type:
Security Update
Severity:
Important
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.
Applies to:
Office 2010
Office 2007
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
2549042
Title:
Cumulative update package for Communicator 2007 R2: June, 2011
Update Type:
Update Rollup
Severity:
Cumulative update package for Communicator 2007 R2: June, 2011
Applies to:
Office Communicator 2007 R2

Bulletin ID:
MS11-073
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007
Office 2003

Bulletin ID:
2582113
Title:
Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1
Update Type:
Update Rollup
Severity:
Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1
Applies to:
Exchange Server 2010

Bulletin ID:
2580221
Title:
Help and Support
Update Type:
Update Rollup
Severity:
Help and Support
Applies to:
Visual Studio 2010

Bulletin ID:
MS11-072
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Update Type:
Security Update
Severity:
Important
This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors.
Applies to:
Office 2010
Office 2007
Office 2003

Bulletin ID:
MS11-071
Title:
Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Embedded Standard 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista

Bulletin ID:
2570791
Title:
August 2011 cumulative time zone update for Windows operating systems
Update Type:
Update Rollup
Severity:
August 2011 cumulative time zone update for Windows operating systems
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Vista
Windows Embedded Standard 7
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
MS11-070
Title:
Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows Server 2008

Bulletin ID:
2571547
Title:
Description of the update package for Lync Server 2010, Web Components Server: July 2011
Update Type:
Update Rollup
Severity:
Description of the update package for Lync Server 2010, Web Components Server: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2571546
Title:
Description of the cumulative update for Lync Server 2010: July 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2571545
Title:
Description of the cumulative update for Lync Server 2010, Core Components: July 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Core Components: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2571543
Title:
Description of the cumulative update package for Lync 2010: July 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update package for Lync 2010: July 2011
Applies to:
Microsoft Lync 2010

Bulletin ID:
2571505
Title:
Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: July 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: July 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-069
Title:
Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Vista
Windows XP x64 Edition
Windows 7
Windows XP

Bulletin ID:
2539581
Title:
Office 2003 update: June 14, 2011
Update Type:
Critical Update
Severity:
Microsoft has released an update for Microsoft Office 2003. This update provides the latest fixes to Office 2003. Additionally, this update contains stability and performance improvements. 
Applies to:
Office 2003

Bulletin ID:
2538719
Title:
Description of Hotfix Rollup 3 for Microsoft Forefront Protection for Exchange
Update Type:
Update Rollup
Severity:
Description of Hotfix Rollup 3 for Microsoft Forefront Protection for Exchange
Applies to:
Forefront Protection Category

Bulletin ID:
MS11-068
Title:
Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.
Applies to:
Windows Server 2008 R2
Windows Server 2008
Windows Vista
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-067
Title:
Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.
Applies to:
Visual Studio 2005
Report Viewer 2005

Bulletin ID:
2547347
Title:
Update Rollup 3 for Microsoft Dynamics CRM 2011 is available
Update Type:
Update Rollup
Severity:
Update Rollup 3 for Microsoft Dynamics CRM 2011 is available
Applies to:
Microsoft Dynamics CRM 2011

Bulletin ID:
2546951
Title:
List of issues that are fixed by SQL Server 2008 Service Pack 3
Update Type:
Service Pack
Severity:
List of issues that are fixed by SQL Server 2008 Service Pack 3
Applies to:
SQL Server 2008

Bulletin ID:
MS11-066
Title:
Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS11-065
Title:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
2568557
Title:
A DTMF-based IVR application that is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs crashes
Update Type:
Update Rollup
Severity:
Consider the following scenario: You deploy a dual tone multi-frequency (DTMF) based Interactive Voice Response (IVR) application. The application is developed by using Microsoft Lync Server 2010, Unified Communications Managed API 3.0 (UCMA3.0) Workflow Speech controls. The application contains a SpeechQuestionAnswerActivity and an associated ConsecutiveNoInputsSpeechEventActivity, ConsecutiveNoRecognitionsSpeechEventActivity, SpeechHelpCommandActivity, or SpeechRepeatCommandActivity. These event or command activities contain a StatementActivity or SpeechQuestionAnswerActivity.A user connects to the application, and then the user starts pressing DTMF digits while a question message plays back.The application stops playing the question message and stays silent, and then the user disconnects.In this scenario, the UCMA 3.0 workflow IVR application crashes. Additionally, you receive the following error message:
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-064
Title:
Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.
Applies to:
Windows 7
Windows Vista
Windows Embedded Standard 7
Windows Server 2008 R2
Windows Server 2008

Bulletin ID:
2562937
Title:
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits
Update Type:
Update Rollup
Severity:
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
Applies to:
Windows Vista
Windows Server 2008 R2
Windows 7
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP

Bulletin ID:
MS11-063
Title:
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2567454
Title:
Update Rollup 5 for Microsoft Dynamics CRM 2011 is available
Update Type:
Update Rollup
Severity:
Update Rollup 5 for Microsoft Dynamics CRM 2011 is available
Applies to:
Microsoft Dynamics CRM 2011

Bulletin ID:
MS11-062
Title:
Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-061
Title:
Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.
Applies to:
Windows Server 2008 R2

Bulletin ID:
MS11-060
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007
Office 2003

Bulletin ID:
2553006
Title:
Business Contact Manager for Outlook 2010 SP1
Update Type:
Service Pack
Severity:
Microsoft Business Contact Manager for Outlook 2010 Service Pack 1 (SP1) provides the latest updates for Business Contact Manager for Outlook 2010. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
MS11-059
Title:
Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-058
Title:
Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
Applies to:
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2

Bulletin ID:
2562466
Title:
System Center Virtual Machine Manager 2008 R2 SP1 hotfix rollup package: July 12, 2011
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 SP1 hotfix rollup package: July 12, 2011
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
MS11-057
Title:
Cumulative Security Update for Internet Explorer (2559049)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-056
Title:
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
Update Type:
Security Update
Severity:
Important
This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-055
Title:
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003

Bulletin ID:
2492980
Title:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 8, 2011
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 8, 2011
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
2492386
Title:
Application Compatibility Update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: April 2011
Update Type:
Update
Severity:
The Windows Application Compatibility Update is a software update that improves the compatibility experience in the following Microsoft Windows operating systems:Windows XPWindows Server 2003Windows VistaWindows Server 2008Windows 7Windows Server 2008 R2Microsoft regularly releases application compatibility updates for these Windows operating systems.
Applies to:
Windows Vista
Windows Server 2008

Bulletin ID:
MS11-054
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
Update Type:
Security Update
Severity:
Important
This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Server 2008 R2
Windows Server 2008
Windows Embedded Standard 7
Windows Vista

Bulletin ID:
2555840
Title:
Microsoft Forefront Threat Management Gateway 2010 Service Pack 2
Update Type:
Service Pack
Severity:
Microsoft Forefront Threat Management Gateway 2010 Service Pack 2
Applies to:
Forefront TMG

Bulletin ID:
2555251
Title:
Update Rollup 1 for Windows Small Business Server 2011 Standard is available
Update Type:
Update Rollup
Severity:
The following alert notifications do not appear in Windows Small Business Server 2011 Standard:"An error prevented Backup from completing successfully""An error prevented Backup from starting""The server restarted""The server shut down unexpectedly"Issue 2 loadTOCNode(3, 'summary'); Assume that you select a language that is not the default installation language on the Remote Web Access logon webpage of Windows Small Business Server 2011 Standard. In this situation, you cannot log on to Windows Small Business Server 2011 Standard through the Remote Web Access webpage. Additionally, you receive the following error message:
Applies to:
Windows Small Business Server 2011 Standard

Bulletin ID:
MS11-053
Title:
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.
Applies to:
Windows Embedded Standard 7
Windows 7
Windows Vista

Bulletin ID:
2530592
Title:
Cumulative update for Lync Server 2010, Web Conferencing Server: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync Server 2010, Web Conferencing Server: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-052
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7

Bulletin ID:
MS11-051
Title:
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
2514982
Title:
Description of the cumulative update for Lync 2010: November 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync 2010: November 2011
Applies to:
Microsoft Lync 2010

Bulletin ID:
2514981
Title:
Description of the cumulative update for Lync Server 2010, Core Components: November 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Core Components: November 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2514978
Title:
Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2514975
Title:
Cumulative update for Lync Server 2010, Conferencing Server: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync Server 2010, Conferencing Server: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-050
Title:
Cumulative Security Update for Internet Explorer (2530548)
Update Type:
Security Update
Severity:
Critical
This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7

Bulletin ID:
2530488
Title:
Update Rollup 3 for Exchange Server 2007 Service Pack 3
Update Type:
Update Rollup
Severity:
Update Rollup 3 for Exchange Server 2007 Service Pack 3
Applies to:
Exchange Server 2007

Bulletin ID:
MS11-049
Title:
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Applies to:
SQL Server 2008
Visual Studio 2005
SQL Server 2008 R2
Office 2007
Office 2010
Visual Studio 2010
Visual Studio 2008
SQL Server 2005

Bulletin ID:
2509911
Title:
Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3
Update Type:
Update Rollup
Severity:
Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3
Applies to:
Exchange Server 2007

Bulletin ID:
MS11-048
Title:
Vulnerability in SMB Server Could Allow Denial of Service (2536275)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.
Applies to:
Windows Embedded Standard 7
Windows Server 2008 R2
Windows 7
Windows Vista
Windows Server 2008

Bulletin ID:
MS11-047
Title:
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
MS11-046
Title:
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-045
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
Update Type:
Security Update
Severity:
Important
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.
Applies to:
Office 2002/XP
Office 2010
Office 2007
Office 2003

Bulletin ID:
2540951
Title:
Cumulative update package for Lync 2010: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update package for Lync 2010: April 2011
Applies to:
Microsoft Lync 2010

Bulletin ID:
MS11-044
Title:
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows 7
Windows XP x64 Edition
Windows Server 2008 R2

Bulletin ID:
2529939
Title:
Update Rollup 3 for Exchange Server 2010 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 3 for Exchange Server 2010 Service Pack 1
Applies to:
Exchange Server 2010

Bulletin ID:
2528994
Title:
Bing Bar version 7.0 is available
Update Type:
Service Pack
Severity:
An update is available through Windows Update for the following versions of MSN Toolbar and of Bing Bar:MSN Toolbar version 4.0Bing Bar version 5.0Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Bing Bar

Bulletin ID:
2528989
Title:
Upgrade to Bing Bar version 7.0 from MSN Toolbar version 3.0
Update Type:
Service Pack
Severity:
An update is available through Windows Update for MSN Toolbar version 3.0. This update improves the stability and reliability of MSN Toolbar version 3.0. After you install this update, the currently installed MSN Toolbar version 3.0 on your computer is upgraded to Bing Bar version 7.0.
Applies to:
Bing Bar

Bulletin ID:
2528583
Title:
List of the bugs that are fixed in SQL Server 2008 R2 Service Pack 1
Update Type:
Service Pack
Severity:
List of the bugs that are fixed in SQL Server 2008 R2 Service Pack 1
Applies to:
SQL Server 2008 R2

Bulletin ID:
2526954
Title:
Update for Microsoft Silverlight: April 19, 2011
Update Type:
Update Rollup
Severity:
Update for Microsoft Silverlight: April 19, 2011
Applies to:
Silverlight

Bulletin ID:
2526310
Title:
Description of Office Access Runtime and Data Connectivity Components 2007 SP3
Update Type:
Service Pack
Severity:
Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 3 (SP3) provides the latest updates to Microsoft Office Access 2007 Runtime and the Database Connectivity Components driver for the 2007 Microsoft Office system. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
2526305
Title:
Description of Windows SharePoint Services 3.0 SP3 and of Windows SharePoint Services 3.0 Language Pack SP3
Update Type:
Service Pack
Severity:
Microsoft Windows SharePoint Services 3.0 Service Pack 3 (SP3) and Microsoft Windows SharePoint Services 3.0 Language Pack SP3 provide the latest updates to Windows SharePoint Services 3.0 and to Windows SharePoint Services 3.0 Language Pack. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Before you try to install this service pack, visit the following Microsoft website:
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
2526302
Title:
Description of Office Excel Viewer 2007 SP3
Update Type:
Service Pack
Severity:
Microsoft Office Excel Viewer 2007 Service Pack 3 (SP3) provides the latest updates to Office Excel Viewer 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
2526301
Title:
Description of Office Visio Viewer 2007 SP3
Update Type:
Service Pack
Severity:
Microsoft Office Visio Viewer 2007 Service Pack 3 (SP3) provides the latest updates to Office Visio Viewer 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
2526299
Title:
Description of the 2007 Office Servers SP3 and of the 2007 Office Servers Language Pack SP3
Update Type:
Service Pack
Severity:
The 2007 Microsoft Office servers Service Pack 3 (SP3) and the 2007 Microsoft Office servers Language Pack SP3 provide the latest updates to the 2007 Office Servers and to the 2007 Office Servers Language Pack. This package includes 2007 Microsoft Project Server. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through September 2011.Note Some server products in this service pack install over Windows SharePoint Services 3.0. These server products require Windows SharePoint Services 3.0 SP3.
Applies to:
Office 2007

Bulletin ID:
2526298
Title:
Description of PowerPoint Viewer 2007 SP3
Update Type:
Service Pack
Severity:
Microsoft Office PowerPoint Viewer 2007 Service Pack 3 (SP3) provides the latest updates to Office PowerPoint Viewer 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, in performance, and in security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
2526297
Title:
Description of Office Compatibility Pack SP3
Update Type:
Service Pack
Severity:
Microsoft Office Compatibility Pack Service Pack 3 (SP3) provides the latest updates to Office Compatibility Pack. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
2526294
Title:
Description of Calendar Printing Assistant for Office Outlook 2007 SP3
Update Type:
Service Pack
Severity:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 3 (SP3) provides the latest updates to Calendar Printing Assistant for Office Outlook 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
2526086
Title:
Description of the 2007 Office suite SP3 and of Office Language Pack 2007 SP3
Update Type:
Service Pack
Severity:
The 2007 Microsoft Office suite Service Pack 3 (SP3) and Microsoft Office Language Pack 2007 SP3 provide the latest updates to the 2007 Office suite and to Office Language Pack 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, in performance, and in security.All the public updates, security updates, cumulative updates, and hotfixes that were released through September 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION
Applies to:
Office 2007

Bulletin ID:
MS11-043
Title:
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-042
Title:
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-041
Title:
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows Vista
Windows Embedded Standard 7
Windows Server 2008
Windows 7

Bulletin ID:
MS11-040
Title:
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.
Applies to:
TMG Firewall Client

Bulletin ID:
MS11-039
Title:
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Applies to:
Silverlight
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS11-038
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-037
Title:
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-036
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors.
Applies to:
Office 2002/XP
Office 2003
Office 2007

Bulletin ID:
MS11-035
Title:
Vulnerability in WINS Could Allow Remote Code Execution (2524426)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
Applies to:
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008

Bulletin ID:
2524375
Title:
Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing
Update Type:
Critical Update
Severity:
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
Applies to:
Windows 7
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Vista
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS11-034
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
Update Type:
Security Update
Severity:
Important
This security update resolves thirty privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7
Windows Vista

Bulletin ID:
MS11-033
Title:
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-032
Title:
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS11-031
Title:
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow remote code execution if a user visited a specially crafted Web site. An attacker would have no way to force users to visit the Web site. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7

Bulletin ID:
MS11-030
Title:
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows DNS resolution. The vulnerability could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the LLMNR ports should be blocked from the Internet.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008 R2
Windows Embedded Standard 7
Windows Server 2008
Windows 7

Bulletin ID:
MS11-029
Title:
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows GDI+. The vulnerability could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008

Bulletin ID:
2410679
Title:
Update package for Office Communications Server 2007 R2, Conferencing Announcement Service: November 2010
Update Type:
Update Rollup
Severity:
Update package for Office Communications Server 2007 R2, Conferencing Announcement Service: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS11-028
Title:
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Applies to:
Windows 7
Windows Server 2008 R2
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
2445990
Title:
Microsoft Application Virtualization 4.6 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Application Virtualization 4.6 Service Pack 1 (App-V 4.6 SP1) is now available. This service pack provides the latest updates to Microsoft Application Virtualization 4.6. Additionally, this service pack includes some improvements and a rollup of hotfixes.
Applies to:
Microsoft Application Virtualization 4.6

Bulletin ID:
2443685
Title:
December 2010 cumulative time zone update for Windows operating systems
Update Type:
Update Rollup
Severity:
December 2010 cumulative time zone update for Windows operating systems
Applies to:
Windows 7
Windows Server 2008 R2
Windows Vista
Windows Server 2008
Windows Embedded Standard 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-027
Title:
Cumulative Security Update of ActiveX Kill Bits (2508272)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows XP x64 Edition
Windows XP
Windows 7
Windows Vista

Bulletin ID:
2508148
Title:
Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2
Update Type:
Update Rollup
Severity:
Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2
Applies to:
Forefront Server Security Category

Bulletin ID:
2508145
Title:
Hotfix Rollup 4 for Microsoft Forefront Security for SharePoint Service Pack 3
Update Type:
Update Rollup
Severity:
Hotfix Rollup 4 for Microsoft Forefront Security for SharePoint Service Pack 3
Applies to:
Forefront Server Security Category

Bulletin ID:
2508121
Title:
Hotfix Rollup 4 for Antigen 9 for Exchange Service Pack 2
Update Type:
Update Rollup
Severity:
Hotfix Rollup 4 for Antigen 9 for Exchange Service Pack 2
Applies to:
Antigen for Exchange/SMTP

Bulletin ID:
MS11-026
Title:
Vulnerability in MHTML Could Allow Information Disclosure (2503658)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. In a Web-based attack scenario, a Web site could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the Web site and open the specially crafted link.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7
Windows Server 2008

Bulletin ID:
MS11-025
Title:
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.
Applies to:
Visual Studio 2010
Visual Studio 2008
Visual Studio 2005

Bulletin ID:
MS11-024
Title:
Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opened a specially crafted fax cover page file (.cov) using the Windows Fax Cover Page Editor. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Server 2008
Windows Vista
Windows Embedded Standard 7
Windows Server 2008 R2

Bulletin ID:
MS11-023
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS11-022
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
Update Type:
Security Update
Severity:
Important
This security update resolves three privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The automated Microsoft Fix it solution for PowerPoint 2010, "Disable Edit in Protected View for PowerPoint 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-0655 and CVE-2011-0656.
Applies to:
Office 2010
Office 2003
Office 2002/XP
Office 2007

Bulletin ID:
2519900
Title:
Expression Web 4 Service Pack 1
Update Type:
Service Pack
Severity:
Expression Web 4 Service Pack 1
Applies to:
Expression Web 4

Bulletin ID:
MS11-021
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
Update Type:
Security Update
Severity:
Important
This security update resolves nine privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2010
Office 2007
Office 2002/XP

Bulletin ID:
2502324
Title:
Cumulative update for Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Windows Workflow Activities Redist: March, 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Windows Workflow Activities Redist: March, 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2501722
Title:
Cumulative update package for Communicator 2007 R2: March, 2011
Update Type:
Update Rollup
Severity:
Cumulative update package for Communicator 2007 R2: March, 2011
Applies to:
Office Communicator 2007 R2

Bulletin ID:
2501721
Title:
Update package for Communications Server 2007 R2, Web Components: March, 2011
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007 R2, Web Components: March, 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2501720
Title:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: March, 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: March, 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2501717
Title:
Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: March, 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: March, 2011
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2500449
Title:
Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011
Update Type:
Update Rollup
Severity:
Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2500448
Title:
Cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2500444
Title:
Cumulative update for Lync Server 2010, Core Components: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync Server 2010, Core Components: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2500442
Title:
Cumulative update for Lync Server 2010: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync Server 2010: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2500441
Title:
Update package for Lync Server 2010, Web Components Server: April 2011
Update Type:
Update Rollup
Severity:
Update package for Lync Server 2010, Web Components Server: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2500438
Title:
Cumulative update for Lync 2010 Attendee - Administrator level installation: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync 2010 Attendee - Administrator level installation: April 2011
Applies to:
Microsoft Lync 2010

Bulletin ID:
2466086
Title:
Update Rollup 2 for Microsoft Dynamics CRM 2011 is available
Update Type:
Update Rollup
Severity:
Update Rollup 2 for Microsoft Dynamics CRM 2011 is available
Applies to:
Microsoft Dynamics CRM 2011

Bulletin ID:
2466084
Title:
Update Rollup 1 for Microsoft Dynamics CRM 2011 is available
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Microsoft Dynamics CRM 2011 is available
Applies to:
Microsoft Dynamics CRM 2011

Bulletin ID:
2463332
Title:
List of the issues that are fixed in SQL Server 2005 Service Pack 4
Update Type:
Service Pack
Severity:
List of the issues that are fixed in SQL Server 2005 Service Pack 4
Applies to:
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
2460073
Title:
Office Web Apps SP1
Update Type:
Service Pack
Severity:
Microsoft Office Web Apps Service Pack 1 (SP1) provides the latest updates for Office Web Apps. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460065
Title:
Visio 2010 Viewer SP1
Update Type:
Service Pack
Severity:
Microsoft Visio 2010 Viewer Service Pack 1 (SP1) provides the latest updates for Visio 2010 Viewer. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460056
Title:
Office Servers 2010 Language Pack SP1
Update Type:
Service Pack
Severity:
Microsoft Office Servers 2010 Language Pack Service Pack 1 (SP1) provides the latest updates for Office Servers 2010 Language Pack. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460054
Title:
SharePoint 2010 Indexing Connector for Documentum SP1
Update Type:
Service Pack
Severity:
Microsoft SharePoint 2010 Indexing Connector for Documentum Service Pack 1 (SP1) provides the latest updates for SharePoint 2010 Indexing Connector for Documentum. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460050
Title:
PowerPoint 2010 Viewer SP1
Update Type:
Service Pack
Severity:
Microsoft PowerPoint 2010 Viewer Service Pack 1 (SP1) provides the latest updates for PowerPoint 2010 Viewer. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460044
Title:
Office Language Interface Pack 2010 SP1
Update Type:
Service Pack
Severity:
Microsoft Office Language Interface Pack 2010 Service Pack 1 (SP1) provides the latest updates for Office Language Interface Pack 2010. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460043
Title:
Office 2010 Language Pack SP1
Update Type:
Service Pack
Severity:
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) provides the latest updates for Office 2010 Language Pack. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460041
Title:
Office 2010 Filter Pack SP1
Update Type:
Service Pack
Severity:
Microsoft Office 2010 Filter Pack Service Pack 1 (SP1) provides the latest updates for Office 2010 Filter Pack. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2460011
Title:
A description of Access Database Engine 2010 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Access Database Engine 2010 Service Pack 1 (SP1) provides the latest updates for Access Database Engine 2010. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION
Applies to:
Office 2010

Bulletin ID:
2458094
Title:
Windows Small Business Server 2008 Update Rollup 5
Update Type:
Update Rollup
Severity:
Windows Small Business Server (Windows SBS) 2008 Update Rollup 5 is now available.
Applies to:
Windows Small Business Server 2008

Bulletin ID:
MS11-020
Title:
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS11-019
Title:
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2510766
Title:
List of all SharePoint 2010 and Office Server 2010 SP1 packages
Update Type:
Service Pack
Severity:
List of all SharePoint 2010 and Office Server 2010 SP1 packages
Applies to:
Office 2010

Bulletin ID:
2510690
Title:
List of all Office 2010 SP1 packages
Update Type:
Service Pack
Severity:
List of all Office 2010 SP1 packages
Applies to:
Office 2010

Bulletin ID:
MS11-018
Title:
Cumulative Security Update for Internet Explorer (2497640)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows Server 2008
Windows Vista
Windows 7

Bulletin ID:
2496326
Title:
Cumulative update for Lync 2010 Attendant: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync 2010 Attendant: April 2011
Applies to:
Microsoft Lync 2010

Bulletin ID:
MS11-017
Title:
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS11-016
Title:
Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Groove that could allow remote code execution if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007

Bulletin ID:
MS11-015
Title:
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Applies to:
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2502810
Title:
Cumulative update for Lync Server 2010, Mediation Server: April 2011
Update Type:
Update Rollup
Severity:
Cumulative update for Lync Server 2010, Mediation Server: April 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
MS11-014
Title:
Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS11-013
Title:
Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
Update Type:
Security Update
Severity:
Important
This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7
Windows XP
Windows XP x64 Edition

Bulletin ID:
2425179
Title:
Update Rollup 2 for Exchange Server 2010 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 2 for Exchange Server 2010 Service Pack 1
Applies to:
Exchange Server 2010

Bulletin ID:
MS11-012
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
Update Type:
Security Update
Severity:
Important
This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows XP x64 Edition
Windows XP
Windows 7
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS11-011
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Server 2008
Windows Vista
Windows XP x64 Edition

Bulletin ID:
MS11-010
Title:
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS11-009
Title:
Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Applies to:
Windows Server 2008 R2
Windows 7
Windows Embedded Standard 7

Bulletin ID:
2467771
Title:
Update package for Lync Server 2010, Administrative Tools: January 2011
Update Type:
Update Rollup
Severity:
Update package for Lync Server 2010, Administrative Tools: January 2011
Applies to:
Microsoft Lync Server 2010

Bulletin ID:
2467659
Title:
An update is available for Internet Explorer: December 14, 2010
Update Type:
Security Update
Severity:
This update addresses an issue that is introduced by the following Microsoft Knowledge Base article:
Applies to:
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista

Bulletin ID:
MS11-008
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP

Bulletin ID:
MS11-007
Title:
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 7 Language Packs
Windows 7
Windows XP
Windows Vista
Windows Embedded Standard 7
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
MS11-006
Title:
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in the Windows Shell graphics processor. The vulnerability could allow remote code execution if a user views a specially crafted thumbnail image. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS11-005
Title:
Vulnerability in Active Directory Could Allow Denial of Service (2478953)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sent a specially crafted packet to an affected Active Directory server. The attacker must have valid local administrator privileges on the domain-joined computer in order to exploit this vulnerability.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS11-004
Title:
Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS.
Applies to:
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista

Bulletin ID:
MS11-003
Title:
Cumulative Security Update for Internet Explorer (2482017)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows Vista

Bulletin ID:
MS11-002
Title:
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Data Access Components. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Embedded Standard 7
Windows Server 2008 R2
Windows Vista
Windows 7
Windows XP

Bulletin ID:
MS11-001
Title:
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file.
Applies to:
Windows Vista

Bulletin ID:
MS10-106
Title:
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Exchange Server 2007

Bulletin ID:
2407113
Title:
Update Rollup 5 for Microsoft Exchange Server 2010 Release to Manufacturing
Update Type:
Update Rollup
Severity:
Update Rollup 5 for Microsoft Exchange Server 2010 Release to Manufacturing
Applies to:
Exchange Server 2010

Bulletin ID:
2407028
Title:
Update Rollup 1 for Exchange Server 2010 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Exchange Server 2010 Service Pack 1
Applies to:
Exchange Server 2010

Bulletin ID:
2407025
Title:
Update Rollup 2 for Exchange Server 2007 Service Pack 3
Update Type:
Update Rollup
Severity:
Update Rollup 2 for Exchange Server 2007 Service Pack 3
Applies to:
Exchange Server 2007

Bulletin ID:
2404588
Title:
Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2404578
Title:
Cumulative update for Office Communications Server 2007 R2, Mediation Server: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Mediation Server: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2404575
Title:
Cumulative update for Office Communications Server 2007 R2, Core Components: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Core Components: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2403680
Title:
Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2403679
Title:
Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2400402
Title:
Cumulative update for Office Communications Server 2007 R2, Administration Tools: September 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Administration Tools: September 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2400375
Title:
Update package for Communications Server 2007 R2, Web Components: September 2010
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007 R2, Web Components: September 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2400367
Title:
Cumulative update package for Office Communications Server 2007 R2, Response Group Service: September 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Office Communications Server 2007 R2, Response Group Service: September 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS10-105
Title:
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
Update Type:
Security Update
Severity:
Important
This security update resolves seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2010
Office 2007
Office 2002/XP
Microsoft Works 9

Bulletin ID:
2452789
Title:
Introduction to the Microsoft StreamInsight 1.1 release
Update Type:
Service Pack
Severity:
Introduction to the Microsoft StreamInsight 1.1 release
Applies to:
Microsoft StreamInsight V1.0

Bulletin ID:
MS10-104
Title:
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007.
Applies to:
Office 2007

Bulletin ID:
MS10-103
Title:
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
Update Type:
Security Update
Severity:
Important
This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS10-102
Title:
Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
MS10-101
Title:
Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability.
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-100
Title:
Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS10-099
Title:
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
Update Type:
Security Update
Severity:
Important
This security update addresses a privately reported vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-098
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS10-097
Title:
Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-096
Title:
Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Address Book. The vulnerability could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2422053
Title:
Hotfix Rollup 3 for Forefront Security for SharePoint Service Pack 3
Update Type:
Update Rollup
Severity:
Hotfix Rollup 3 for Forefront Security for SharePoint Service Pack 3
Applies to:
Forefront Server Security Category

Bulletin ID:
2420644
Title:
Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2
Update Type:
Update Rollup
Severity:
Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2
Applies to:
Forefront Server Security Category

Bulletin ID:
MS10-095
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Applies to:
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS10-094
Title:
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Media Encoder. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Server 2008
Windows Vista

Bulletin ID:
MS10-093
Title:
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
Applies to:
Windows Vista

Bulletin ID:
MS10-092
Title:
Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2302001
Title:
Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2
Update Type:
Update Rollup
Severity:
Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2
Applies to:
Antigen for Exchange/SMTP

Bulletin ID:
MS10-091
Title:
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows 7
Windows Embedded Standard 7
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition

Bulletin ID:
MS10-090
Title:
Cumulative Security Update for Internet Explorer (2416400)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista

Bulletin ID:
MS10-088
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS10-087
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and five privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS10-086
Title:
Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster.
Applies to:
Windows Server 2008 R2

Bulletin ID:
MS10-085
Title:
Vulnerability in SChannel Could Allow Denial of Service (2207566)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected system received a specially crafted packet message via Secure Sockets Layer (SSL). By default, all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not configured to receive SSL network traffic.
Applies to:
Windows Embedded Standard 7
Windows Vista
Windows 7
Windows Server 2008 R2
Windows Server 2008

Bulletin ID:
MS10-084
Title:
Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS10-083
Title:
Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Embedded Standard 7
Windows Vista
Windows 7
Windows Server 2008 R2
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS10-082
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2008
Windows Server 2008 R2
Windows Vista
Windows Embedded Standard 7
Windows 7
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-081
Title:
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Embedded Standard 7
Windows Server 2008 R2
Windows Vista
Windows 7
Windows Server 2008
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS10-080
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
Update Type:
Security Update
Severity:
Important
This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2002/XP
Office 2003

Bulletin ID:
MS10-079
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
Update Type:
Security Update
Severity:
Important
This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2010
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
2308590
Title:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: September 14, 2010
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: September 14, 2010
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
MS10-078
Title:
Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
2279665
Title:
Update Rollup 1 for Exchange Server 2007 Service Pack 3
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Exchange Server 2007 Service Pack 3
Applies to:
Exchange Server 2007

Bulletin ID:
MS10-077
Title:
Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Vista
Windows XP x64 Edition
Windows 7

Bulletin ID:
MS10-076
Title:
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7
Windows Server 2008
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS10-075
Title:
Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player Network Sharing Service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.
Applies to:
Windows 7
Windows Embedded Standard 7
Windows Vista

Bulletin ID:
MS10-074
Title:
Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Vista
Windows Embedded Standard 7
Windows 7
Windows Server 2008 R2
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS10-073
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
Update Type:
Security Update
Severity:
Important
This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Vista
Windows 7
Windows Server 2008 R2
Windows Embedded Standard 7
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS10-072
Title:
Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Office 2007
Office 2010

Bulletin ID:
MS10-071
Title:
Cumulative Security Update for Internet Explorer (2360131)
Update Type:
Security Update
Severity:
Critical
This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 7
Windows Vista
Windows XP

Bulletin ID:
MS10-070
Title:
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows 7
Windows XP x64 Edition
Windows Server 2008 R2

Bulletin ID:
MS10-069
Title:
Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-068
Title:
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if an authenticated attacker sent specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. In order to successfully exploit this vulnerability, an attacker must have a member account within the target Windows domain. However, the attacker does not need to have a workstation joined to the Windows domain.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7

Bulletin ID:
981407
Title:
Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1
Applies to:
Exchange Server 2007

Bulletin ID:
981401
Title:
Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing
Update Type:
Update Rollup
Severity:
Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing
Applies to:
Exchange Server 2010

Bulletin ID:
981383
Title:
Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2
Update Type:
Update Rollup
Severity:
Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2
Applies to:
Exchange Server 2007

Bulletin ID:
MS10-067
Title:
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-066
Title:
Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-065
Title:
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Information Services (IIS). The most severe of these vulnerabilities could allow remote code execution if a client sends a specially crafted HTTP request to the server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Applies to:
Windows Server 2008 R2
Windows 7
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7

Bulletin ID:
MS10-064
Title:
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened or previewed a specially crafted e-mail message using an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP

Bulletin ID:
2291724
Title:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
2291453
Title:
Cumulative update package for Communicator 2007 R2: November 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Communicator 2007 R2: November 2010
Applies to:
Office Communicator 2007 R2

Bulletin ID:
MS10-063
Title:
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Unicode Scripts Processor. The vulnerability could allow remote code execution if a user viewed a specially crafted document or Web page with an application that supports embedded OpenType fonts. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-062
Title:
Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in MPEG-4 codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008

Bulletin ID:
MS10-061
Title:
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS10-060
Title:
Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario.
Applies to:
Silverlight
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2

Bulletin ID:
983509
Title:
Description of Visual Studio 2010 Service Pack 1
Update Type:
Service Pack
Severity:
Description of Visual Studio 2010 Service Pack 1
Applies to:
Visual Studio 2010

Bulletin ID:
MS10-059
Title:
Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7

Bulletin ID:
MS10-058
Title:
Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows Embedded Standard 7
Windows Server 2008
Windows 7
Windows Vista
Windows Server 2008 R2

Bulletin ID:
MS10-057
Title:
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS10-056
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP
Microsoft Works 9

Bulletin ID:
2250444
Title:
Hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010
Update Type:
Update Rollup
Severity:
Hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010
Applies to:
Microsoft System Center DPM 2010

Bulletin ID:
MS10-055
Title:
Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Embedded Standard 7
Windows 7

Bulletin ID:
982639
Title:
Update Rollup 4 for Microsoft Exchange Server 2010 Release To Manufacturing
Update Type:
Update Rollup
Severity:
Update Rollup 4 for Microsoft Exchange Server 2010 Release To Manufacturing
Applies to:
Exchange Server 2010

Bulletin ID:
982523
Title:
System Center Virtual Machine Manager 2008 R2 Admin Console hotfix rollup package: June 8, 2010
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 Admin Console hotfix rollup package: June 8, 2010
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
982522
Title:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: June 8, 2010
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: June 8, 2010
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
982519
Title:
Application Compatibility Update for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: June 2010
Update Type:
Update
Severity:
The Windows Application Compatibility Update is a software update that improves the compatibility experience in the following Microsoft Windows operating systems: Windows VistaWindows Server 2008Windows 7Windows Server 2008 R2 Microsoft regularly releases application compatibility updates for these Windows operating systems.
Applies to:
Windows Vista

Bulletin ID:
MS10-054
Title:
Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2008 R2
Windows Embedded Standard 7
Windows 7
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-053
Title:
Cumulative Security Update for Internet Explorer (2183461)
Update Type:
Security Update
Severity:
Critical
This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows Server 2008
Windows XP x64 Edition
Windows Server 2008 R2

Bulletin ID:
2182621
Title:
Microsoft Team Foundation Server 2010 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Team Foundation Server 2010 Service Pack 1
Applies to:
Visual Studio 2010

Bulletin ID:
2181692
Title:
Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange
Update Type:
Update Rollup
Severity:
Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange
Applies to:
Forefront Protection Category

Bulletin ID:
MS10-052
Title:
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS10-051
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Applies to:
Windows Server 2008
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Embedded Standard 7
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows 7

Bulletin ID:
MS10-050
Title:
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Vista
Windows XP x64 Edition

Bulletin ID:
MS10-049
Title:
Vulnerabilities in SChannel could allow Remote Code Execution (980436)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows Embedded Standard 7

Bulletin ID:
980408
Title:
April 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2 is available
Update Type:
Update Rollup
Severity:
This update improves the stability and the reliability of Windows 7 and of Windows Server 2008 R2. The update was released in April 2010.
Applies to:
Windows Server 2008 R2
Windows 7

Bulletin ID:
MS10-048
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2158563
Title:
September 2010 cumulative time zone update for Windows operating systems
Update Type:
Update Rollup
Severity:
September 2010 cumulative time zone update for Windows operating systems
Applies to:
Windows 7
Windows XP
Windows Embedded Standard 7
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP x64 Edition

Bulletin ID:
MS10-047
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
Update Type:
Security Update
Severity:
Important
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows Embedded Standard 7

Bulletin ID:
981793
Title:
May 2010 cumulative time zone update for Windows operating systems
Update Type:
Update Rollup
Severity:
May 2010 cumulative time zone update for Windows operating systems
Applies to:
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS10-046
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Server 2008 R2
Windows Server 2008
Windows Vista
Windows Embedded Standard 7
Windows 7

Bulletin ID:
2285068
Title:
List of the bugs that are fixed in SQL Server 2008 Service Pack 2
Update Type:
Service Pack
Severity:
List of the bugs that are fixed in SQL Server 2008 Service Pack 2
Applies to:
SQL Server 2008

Bulletin ID:
MS10-045
Title:
Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
980372
Title:
Cumulative update for Office Communications Server 2007 R2, Outside Voice Control: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Outside Voice Control: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
980370
Title:
Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS10-044
Title:
Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007

Bulletin ID:
MS10-043
Title:
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Applies to:
Windows Server 2008 R2
Windows 7
Windows Embedded Standard 7

Bulletin ID:
2028888
Title:
Cumulative update package for Communicator 2007 R2: July 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Communicator 2007 R2: July 2010
Applies to:
Office Communicator 2007 R2

Bulletin ID:
2006634
Title:
Microsoft Office Accounting 2009 Service Pack 3 for Accounting Professional (MOA) 2009 and for Accounting Express 2009
Update Type:
Service Pack
Severity:
Microsoft Office Accounting 2009 Service Pack 3 provides the latest updates for the U.S. and U.K. versions of Microsoft Office Accounting Professional 2009 and Microsoft Office Accounting Express 2009.  This service pack also includes stability and performance improvements.
Applies to:
Office 2007

Bulletin ID:
MS10-042
Title:
Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS10-041
Title:
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Bulletin ID:
982861
Title:
Availability of Windows Internet Explorer 9
Update Type:
Update Rollup
Severity:
Windows Internet Explorer 9 is now available. Internet Explorer 9 is the latest version of the familiar web browser that you are most comfortable using. It helps you obtain everything that you want from the web faster, easier, and safer than ever.
Applies to:
Windows Vista
Windows Server 2008 R2
Windows Server 2008
Windows 7

Bulletin ID:
979784
Title:
Update Rollup 3 for Exchange Server 2007 Service Pack 2
Update Type:
Update Rollup
Severity:
Update Rollup 3 for Exchange Server 2007 Service Pack 2
Applies to:
Exchange Server 2007

Bulletin ID:
MS10-040
Title:
Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 R2
Windows Vista
Windows 7
Windows Server 2008

Bulletin ID:
MS10-039
Title:
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Office 2007
Office 2003

Bulletin ID:
MS10-038
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Update Type:
Security Update
Severity:
Important
This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2007

Bulletin ID:
MS10-037
Title:
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows 7
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS10-036
Title:
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
Applies to:
Office 2007
Office 2003

Bulletin ID:
982114
Title:
How to obtain Service Pack 2 for Microsoft HPC Pack 2008
Update Type:
Service Pack
Severity:
Service Pack 2 (SP2) for Microsoft HPC Pack 2008 is now available. This service pack improves reliability, performance, and security for Microsoft HPC Pack 2008.
Applies to:
HPC Pack 2008

Bulletin ID:
MS10-035
Title:
Cumulative Security Update for Internet Explorer (982381)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows 2000
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows Internet Explorer 8 Dynamic Installer
Windows Internet Explorer 7.0 Dynamic Installer

Bulletin ID:
MS10-034
Title:
Cumulative Security Update of ActiveX Kill Bits (980195)
Update Type:
Security Update
Severity:
Critical
This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista
Windows Server 2008 R2

Bulletin ID:
980096
Title:
Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS10-033
Title:
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows 7

Bulletin ID:
979454
Title:
Windows Small Business Server 2008 Update Rollup 4
Update Type:
Update Rollup
Severity:
You may be unable to rename and to join a computer that is running Windows 7 to your Windows SBS 2008-based domain by using the Windows SBS client Join wizard.Issue 2 loadTOCNode(4, 'summary'); If the PublicFQDNPrefix registry entry is not set on the computer, you may be unable to install an update rollup for Windows SBS 2008, and you may receive the "6BA" error code.Issue 3 loadTOCNode(4, 'summary'); The following new alerts are added to the Event Log errors list:
Applies to:
Windows Small Business Server 2008

Bulletin ID:
MS10-032
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS10-031
Title:
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
976244
Title:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
976135
Title:
Communicator 2007 R2 cumulative update: January 2010
Update Type:
Update Rollup
Severity:
Communicator 2007 R2 cumulative update: January 2010
Applies to:
Office Communicator 2007 R2

Bulletin ID:
976098
Title:
December 2009 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
December 2009 cumulative time zone update for Microsoft Windows operating systems
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7

Bulletin ID:
MS10-030
Title:
Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS10-029
Title:
Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
Update Type:
Security Update
Severity:
Moderate
This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
978300
Title:
Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
Update Type:
Update Rollup
Severity:
Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
Applies to:
Forefront Server Security Category

Bulletin ID:
978297
Title:
Hotfix Rollup 1 for Service Pack 2 for Forefront Security for Exchange Server
Update Type:
Update Rollup
Severity:
Hotfix Rollup 1 for Service Pack 2 for Forefront Security for Exchange Server
Applies to:
Forefront Server Security Category

Bulletin ID:
MS10-028
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS10-027
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS10-026
Title:
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
977351
Title:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
977347
Title:
Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
977344
Title:
Cumulative update for Office Communications Server 2007 R2, Administration Tools: January 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Administration Tools: January 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
977343
Title:
Cumulative update for Office Communications Server 2007 R2, Core Components: January 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Core Components: January 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS10-025
Title:
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.
Applies to:
Windows 2000

Bulletin ID:
980847
Title:
Microsoft Application Virtualization 4.5 Service Pack 2
Update Type:
Service Pack
Severity:
Microsoft Application Virtualization 4.5 Service Pack 2 (App-V 4.5 SP2) is now available. This service pack provides the latest updates to Microsoft Application Virtualization 4.5. Because Microsoft Application Virtualization service packs are cumulative, you do not have to install Service Pack 1 before you install Service Pack 2. Service Pack 2 includes all of the fixes that were included in Service Pack 1. Additionally, App-V 4.5 SP2 contains the following improvements.
Applies to:
Microsoft Application Virtualization 4.5

Bulletin ID:
980586
Title:
Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2
Update Type:
Update Rollup
Severity:
Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2
Applies to:
Antigen for Exchange/SMTP

Bulletin ID:
MS10-024
Title:
Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Exchange 2000 Server
Windows 2000
Exchange Server 2003

Bulletin ID:
976657
Title:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
976594
Title:
Expression Web 3 Service Pack 1
Update Type:
Service Pack
Severity:
Expression Web 3 Service Pack 1
Applies to:
Expression Web 3

Bulletin ID:
MS10-023
Title:
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP
Office 2007

Bulletin ID:
MS10-022
Title:
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable, however, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Applies to:
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition

Bulletin ID:
981324
Title:
List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1
Update Type:
Service Pack
Severity:
List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1
Applies to:
Forefront TMG

Bulletin ID:
MS10-021
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
Update Type:
Security Update
Severity:
Important
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows 7
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS10-020
Title:
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows 2000

Bulletin ID:
MS10-019
Title:
Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows 2000

Bulletin ID:
979306
Title:
February 2010 cumulative time zone update for Windows operating systems
Update Type:
Update Rollup
Severity:
February 2010 cumulative time zone update for Windows operating systems
Applies to:
Windows Server 2008 R2
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7

Bulletin ID:
979202
Title:
Update for Silverlight: January 19, 2010
Update Type:
Update Rollup
Severity:
An update is available for Microsoft Silverlight. This update offers a new build that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers. If your computer does not have Silverlight installed, the installer will be offered to you by Microsoft Update or by Windows Server Update Services (WSUS).
Applies to:
Silverlight

Bulletin ID:
978564
Title:
Cumulative update package for Communicator 2007 R2: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Communicator 2007 R2: April 2010
Applies to:
Office Communicator 2007 R2

Bulletin ID:
978560
Title:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
MS10-017
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
Update Type:
Security Update
Severity:
Important
This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS10-016
Title:
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
Update Type:
Security Update
Severity:
Important
This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS10-015
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows Vista
Windows Server 2008
Windows 7
Windows XP x64 Edition

Bulletin ID:
977074
Title:
January 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2
Update Type:
Update Rollup
Severity:
This update improves the stability and the reliability of Windows 7 and of Windows Server 2008 R2. The update was released in January 2010.
Applies to:
Windows Server 2008 R2
Windows 7

Bulletin ID:
976932
Title:
Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2
Update Type:
Service Pack
Severity:
Service Pack 1 (SP1) for Windows 7 and for Windows Server 2008 R2 is now available. This service pack is an update to Windows 7 and to Windows Server 2008 R2 that addresses customer and partner feedback. 
Applies to:
Windows Server 2008 R2
Windows 7

Bulletin ID:
MS10-014
Title:
Vulnerability in Kerberos Could Allow Denial of Service (977290)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
Applies to:
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS10-013
Title:
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows 7

Bulletin ID:
MS10-012
Title:
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Update Type:
Security Update
Severity:
Important
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7

Bulletin ID:
MS10-011
Title:
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
977937
Title:
Cumulative update for Office Communications Server 2007 R2, Mediation Server: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Mediation Server: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
977934
Title:
Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: April 2010
Update Type:
Update Rollup
Severity:
This article describes the issue that is fixed in the update package for Microsoft Office Communications Server 2007 R2, Audio/Video Conferencing Server that is dated April 2010.
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS10-010
Title:
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008
Windows Server 2008 R2

Bulletin ID:
MS10-009
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
Applies to:
Windows Vista
Windows Server 2008

Bulletin ID:
MS10-007
Title:
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
975614
Title:
Cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: April 2010
Update Type:
Update Rollup
Severity:
Cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: April 2010
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
975613
Title:
Cumulative update for Office Communications Server 2007 R2, Core Components: October 2009
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Core Components: October 2009
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
975612
Title:
Cumulative update for Office Communications Server 2007 R2, Response Group Service: October 2009
Update Type:
Update Rollup
Severity:
Cumulative update for Office Communications Server 2007 R2, Response Group Service: October 2009
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS10-006
Title:
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7
Windows 2000

Bulletin ID:
MS10-005
Title:
Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS10-004
Title:
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Update Type:
Security Update
Severity:
Important
This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS10-003
Title:
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP

Bulletin ID:
MS10-002
Title:
Cumulative Security Update for Internet Explorer (978207)
Update Type:
Security Update
Severity:
Critical
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows 7

Bulletin ID:
MS10-001
Title:
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 7
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008 R2
Windows Vista
Windows Server 2008

Bulletin ID:
MS09-074
Title:
Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS09-073
Title:
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.
Applies to:
Office 2003
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000
Microsoft Works 8

Bulletin ID:
MS09-072
Title:
Cumulative Security Update for Internet Explorer (976325)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section.
Applies to:
Windows Server 2008 R2
Windows XP
Windows 2000
Windows Server 2008
Windows 7
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS09-071
Title:
Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication.
Applies to:
Windows Server 2008
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS09-070
Title:
Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008

Bulletin ID:
MS09-069
Title:
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS09-068
Title:
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS09-067
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Update Type:
Security Update
Severity:
Important
This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2007
Office 2003

Bulletin ID:
MS09-066
Title:
Vulnerability in Active Directory Could Allow Denial of Service (973309)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP x64 Edition
Windows XP

Bulletin ID:
972884
Title:
Update for Communicator 2007 R2: Oct 2009
Update Type:
Update Rollup
Severity:
Update for Communicator 2007 R2: Oct 2009
Applies to:
Office Communicator 2007 R2

Bulletin ID:
MS09-065
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-064
Title:
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Applies to:
Windows 2000

Bulletin ID:
MS09-063
Title:
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability.
Applies to:
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-062
Title:
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Visual Studio 2008
Office 2002/XP
Office 2007
Office 2003
Visual Studio 2005
Windows 2000
Report Viewer 2008
Report Viewer 2005
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Forefront Client Security
Microsoft Works 8
SQL Server 2005
SQL Server 2000

Bulletin ID:
975355
Title:
Hotfix Rollup 1 for Antigen 9.0 Service Pack 2
Update Type:
Update Rollup
Severity:
Hotfix Rollup 1 for Antigen 9.0 Service Pack 2
Applies to:
Antigen for Exchange/SMTP

Bulletin ID:
958715
Title:
Windows Small Business Server 2008 Update Rollup 1
Update Type:
Update Rollup
Severity:
The Security tab in the Windows Small Business Server 2008 Console incorrectly reports the spyware and malware status of Windows Vista Service Pack 1-based clients that are joined to a domain. Specifically, some security applications are reported as incompatible in the antivirus and malware status that is reported.Issue 2 loadTOCNode(3, 'summary'); The Internet Address Management Wizard exits unexpectedly when you register a domain name. This issue occurs when you select GoDaddy.com as the provider, and then you click Register Now.
Applies to:
Windows Small Business Server 2008

Bulletin ID:
MS09-061
Title:
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.
Applies to:
Windows 2000
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
953195
Title:
2007 Microsoft Office Suite Service Pack 2 (SP2) and of Microsoft Office Language Pack 2007 SP2
Update Type:
Service Pack
Severity:
2007 Microsoft Office suite Service Pack 2 (SP2) gives customers the latest updates for the 2007 Office suite. This service pack includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, in performance, and in security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. Because Office service packs are cumulative, you do not have to install Service Pack 1 before you install Service Pack 2. Service Pack 2 includes all of the fixes that were included in Service Pack 1.
Applies to:
Office 2007

Bulletin ID:
MS09-060
Title:
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP

Bulletin ID:
MS09-059
Title:
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7

Bulletin ID:
MS09-058
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
Update Type:
Security Update
Severity:
Important
This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows Server 2008
Windows Vista
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS09-057
Title:
Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS09-056
Title:
Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7

Bulletin ID:
MS09-054
Title:
Cumulative Security Update for Internet Explorer (974455)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability – CVE-2009-2529.
Applies to:
Windows 2000
Windows Server 2008 R2
Windows 7
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
974431
Title:
October 2009 stability and reliability update for Windows 7 and Windows Server 2008 R2
Update Type:
Update Rollup
Severity:
This update improves the stability and reliability of Windows 7 and of Windows Server 2008 R2. The update was released in October 2009.
Applies to:
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS09-053
Title:
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS09-052
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
974007
Title:
Cumulative Update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: October 2009
Update Type:
Update Rollup
Severity:
Cumulative Update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: October 2009
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
MS09-051
Title:
Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
MS09-050
Title:
Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-049
Title:
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.
Applies to:
Windows Vista
Windows Server 2008

Bulletin ID:
970653
Title:
August 2009 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
August 2009 cumulative time zone update for Microsoft Windows operating systems
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-048
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS09-047
Title:
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows Vista
Windows Server 2008
Windows XP x64 Edition

Bulletin ID:
972455
Title:
Windows Server Update Services 3.0 Service Pack 2
Update Type:
Service Pack
Severity:
Windows Server Update Services 3.0 Service Pack 2
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS09-046
Title:
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS09-045
Title:
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-044
Title:
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Vista
Windows Server 2008

Bulletin ID:
MS09-043
Title:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP
Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2004
BizTalk Server 2002

Bulletin ID:
971348
Title:
List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2
Update Type:
Service Pack
Severity:
List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2
Applies to:
System Center Configuration Manager 2007

Bulletin ID:
968369
Title:
List of the bugs that are fixed in SQL Server 2008 Service Pack 1
Update Type:
Service Pack
Severity:
List of the bugs that are fixed in SQL Server 2008 Service Pack 1
Applies to:
SQL Server 2008

Bulletin ID:
MS09-042
Title:
Vulnerability in Telnet Could Allow Remote Code Execution (960859)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS09-041
Title:
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
MS09-040
Title:
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista

Bulletin ID:
MS09-039
Title:
Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS09-038
Title:
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
971534
Title:
Update Rollup 1 for Exchange Server 2007 Service Pack 2
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Exchange Server 2007 Service Pack 2
Applies to:
Exchange Server 2007

Bulletin ID:
MS09-037
Title:
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008

Bulletin ID:
MS09-036
Title:
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
Update Type:
Security Update
Severity:
Important
This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.
Applies to:
Windows Vista
Windows Server 2008

Bulletin ID:
MS09-035
Title:
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Update Type:
Security Update
Severity:
Moderate
This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin.
Applies to:
Visual Studio 2008
Visual Studio 2005

Bulletin ID:
971083
Title:
Communicator 2007 R2 hotfix rollup package: May 2009
Update Type:
Update Rollup
Severity:
Communicator 2007 R2 hotfix rollup package: May 2009
Applies to:
Office Communicator 2007 R2

Bulletin ID:
MS09-034
Title:
Cumulative Security Update for Internet Explorer (972260)
Update Type:
Security Update
Severity:
Critical
This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 2000
Windows XP x64 Edition
Windows Vista
Windows XP

Bulletin ID:
MS09-033
Title:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Virtual Server
Virtual PC

Bulletin ID:
MS09-031
Title:
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
Applies to:
Internet Security and Acceleration Server 2006

Bulletin ID:
MS09-030
Title:
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007

Bulletin ID:
MS09-029
Title:
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-028
Title:
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS09-027
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS09-026
Title:
Vulnerability in RPC Could Allow Elevation of Privilege (970238)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
970162
Title:
Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1
Applies to:
Exchange Server 2007

Bulletin ID:
MS09-025
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-024
Title:
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Microsoft Works 9
Microsoft Works 8
Works 6-9 Converter
Office 2007
Office 2002/XP

Bulletin ID:
969121
Title:
Windows Small Business Server 2008 Update Rollup 3
Update Type:
Update Rollup
Severity:
Windows Small Business Server (Windows SBS) 2008 Update Rollup 3 is now available.
Applies to:
Windows Small Business Server 2008

Bulletin ID:
957506
Title:
Help and Support
Update Type:
Service Pack
Severity:
Help and Support
Applies to:
Expression Media 2

Bulletin ID:
957324
Title:
Descriptions of the Business Contact Manager problems that are fixed in the 2007 Microsoft Office suite Service Pack 2
Update Type:
Service Pack
Severity:
Descriptions of the Business Contact Manager problems that are fixed in the 2007 Microsoft Office suite Service Pack 2
Applies to:
Office 2007

Bulletin ID:
MS09-023
Title:
Vulnerability in Windows Search Could Allow Information Disclosure (963093)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not preinstalled on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS09-022
Title:
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
961448
Title:
Update Rollup 1 for Windows Essential Business Server 2008
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Windows Essential Business Server (EBS) 2008 is now available. This update rollup addresses the following issues in Windows EBS 2008. You must install this update rollup on the servers that are running Management Server, Security Server, and Messaging Server.
Applies to:
Windows Essential Business Server 2008
Windows Essential Business Server 2008 Setup Updates

Bulletin ID:
MS09-021
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
969695
Title:
Update for Communicator 2007 R2: July 2009
Update Type:
Update Rollup
Severity:
Update for Communicator 2007 R2: July 2009
Applies to:
Office Communicator 2007 R2

Bulletin ID:
MS09-020
Title:
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS09-019
Title:
Cumulative Security Update for Internet Explorer (969897)
Update Type:
Security Update
Severity:
Critical
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows Vista
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008

Bulletin ID:
MS09-018
Title:
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS09-017
Title:
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS09-016
Title:
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packets to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
Applies to:
Forefront TMG MBE
Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2004

Bulletin ID:
968012
Title:
Update Rollup 8 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 8 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
967831
Title:
Update package for Communications Server 2007 R2: April 2009
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007 R2: April 2009
Applies to:
Office Communications Server 2007 R2

Bulletin ID:
960911
Title:
Windows Small Business Server 2008 Update Rollup 2
Update Type:
Update Rollup
Severity:
Windows Small Business Server (Windows SBS) 2008 Update Rollup 2 is now available. This rollup package addresses the following issues in Windows Small Business Server 2008.
Applies to:
Windows Small Business Server 2008

Bulletin ID:
MS09-015
Title:
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS09-014
Title:
Cumulative Security Update for Internet Explorer (963027)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
962902
Title:
Help and Support
Update Type:
Service Pack
Severity:
Help and Support
Applies to:
Expression Media 2

Bulletin ID:
961983
Title:
Hotfix rollup package for System Center Virtual Machine Manager 2008: April 14th, 2009
Update Type:
Update Rollup
Severity:
Hotfix rollup package for System Center Virtual Machine Manager 2008: April 14th, 2009
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
961855
Title:
Microsoft Research AutoCollage 2008 version 1.1
Update Type:
Service Pack
Severity:
Microsoft Research AutoCollage 2008 version 1.1 replaces the earlier version of Microsoft Research AutoCollage 2008. All the current users of the earlier version of Microsoft Research AutoCollage 2008 can obtain the new version through Microsoft Update. To obtain the full installer for the latest version of Microsoft Research AutoCollage 2008, visit the following Web site:
Applies to:
Microsoft Research AutoCollage 2008

Bulletin ID:
MS09-013
Title:
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS09-012
Title:
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
Update Type:
Security Update
Severity:
Important
This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista

Bulletin ID:
951951
Title:
Issues that are fixed in Forefront Client Security Service Pack 1
Update Type:
Service Pack
Severity:
Issues that are fixed in Forefront Client Security Service Pack 1
Applies to:
Forefront Client Security

Bulletin ID:
MS09-011
Title:
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS09-010
Title:
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
Update Type:
Security Update
Severity:
Critical
This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP
Office 2002/XP
Office 2003

Bulletin ID:
960384
Title:
Update Rollup 7 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 7 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
933360
Title:
August 2007 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
August 2007 cumulative time zone update for Microsoft Windows operating systems
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP
Windows XP x64 Edition

Bulletin ID:
932726
Title:
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007
Update Type:
Service Pack
Severity:
Service Pack 1 for Microsoft Office Accounting 2007 provides the latest updates for Microsoft Office Accounting Professional 2007 and for Microsoft Office Accounting Express 2007. This service pack contains significant usability enhancements and stability improvements.
Applies to:
Office 2007

Bulletin ID:
923435
Title:
Microsoft Compute Cluster Pack Service Pack 1 (SP1) is available for Microsoft Windows Compute Cluster Server 2003
Update Type:
Service Pack
Severity:
Microsoft Compute Cluster Pack Service Pack 1 (SP1) is available. It fixes problems in Microsoft Windows Compute Cluster Server 2003.
Applies to:
Compute Cluster Pack

Bulletin ID:
MS09-009
Title:
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Office Excel. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS09-008
Title:
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 2000

Bulletin ID:
MS09-007
Title:
Vulnerability in SChannel Could Allow Spoofing (960225)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
MS09-006
Title:
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.
Applies to:
Windows Server 2008
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS09-005
Title:
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
Update Type:
Security Update
Severity:
Important
This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS09-004
Title:
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
SQL Server 2000
SQL Server 2005

Bulletin ID:
MS09-003
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
Applies to:
Exchange Server 2003
Exchange Server 2007
Exchange 2000 Server

Bulletin ID:
959596
Title:
System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues
Update Type:
Update Rollup
Severity:
System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues
Applies to:
Microsoft System Center Virtual Machine Manager 2008

Bulletin ID:
959057
Title:
Microsoft Office Accounting 2009 Service Pack 1 is available for Accounting Professional 2009 and for Accounting Express 2009
Update Type:
Service Pack
Severity:
Microsoft Office Accounting 2009 Service Pack 1 (SP1) provides the latest updates for the U.S. version and the UK version of Microsoft Office Accounting Professional 2009 and Microsoft Office Accounting Express 2009. This service pack also includes stability improvements and performance improvements.
Applies to:
Office 2007

Bulletin ID:
MS09-002
Title:
Cumulative Security Update for Internet Explorer (961260)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Vista

Bulletin ID:
MS09-001
Title:
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-078
Title:
Security Update for Internet Explorer (960714)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista

Bulletin ID:
MS08-077
Title:
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
Applies to:
Office 2007

Bulletin ID:
MS08-076
Title:
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Vista

Bulletin ID:
972076
Title:
Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 2
Update Type:
Update Rollup
Severity:
Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 2
Applies to:
Exchange Server 2007

Bulletin ID:
972042
Title:
Communicator 2007 R2 hotfix rollup package: June 2009
Update Type:
Update Rollup
Severity:
Communicator 2007 R2 hotfix rollup package: June 2009
Applies to:
Office Communicator 2007 R2

Bulletin ID:
972008
Title:
How to obtain the latest Service Pack for Microsoft HPC Pack 2008
Update Type:
Service Pack
Severity:
Service Pack 1 (SP1) for Microsoft HPC Pack 2008 is now available. This service pack provides improved reliability, performance, and security for Microsoft HPC Pack 2008.
Applies to:
HPC Pack 2008

Bulletin ID:
971975
Title:
Microsoft Office Accounting 2009 Service Pack 2 is available for Accounting Professional 2009 and for Accounting Express 2009
Update Type:
Service Pack
Severity:
Microsoft Office Accounting 2009 Service Pack 2 (SP2) includes the latest updates for the U.S. version and the U.K version of Microsoft Office Accounting Professional 2009 and of Microsoft Office Accounting Express 2009. This service pack includes stability and performance improvements.
Applies to:
Office 2007

Bulletin ID:
MS08-075
Title:
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-074
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS08-073
Title:
Cumulative Security Update for Internet Explorer (958215)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-072
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Update Type:
Security Update
Severity:
Critical
This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Microsoft Works 8
Office 2003
Office 2002/XP

Bulletin ID:
MS08-071
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-070
Title:
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS08-069
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Update Type:
Security Update
Severity:
Critical
This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows 7
Windows XP x64 Edition
Windows Server 2008 R2
Office 2007
Office 2003

Bulletin ID:
951532
Title:
Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008
Update Type:
Update Rollup
Severity:
Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008
Applies to:
Expression Media V1

Bulletin ID:
MS08-068
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957097)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-067
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-066
Title:
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS08-065
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
Applies to:
Windows 2000

Bulletin ID:
MS08-064
Title:
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista

Bulletin ID:
956831
Title:
Update package for Office Communications Server 2007 Audio Video Conferencing Server: October, 2008
Update Type:
Update Rollup
Severity:
Update package for Office Communications Server 2007 Audio Video Conferencing Server: October, 2008
Applies to:
Office Communications Server 2007

Bulletin ID:
956829
Title:
Update package for Communications Server 2007 Mediation Server October, 2008
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007 Mediation Server October, 2008
Applies to:
Office Communications Server 2007

Bulletin ID:
MS08-063
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957095)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista

Bulletin ID:
MS08-062
Title:
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-061
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-060
Title:
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
Applies to:
Windows 2000

Bulletin ID:
957262
Title:
Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 2 (SP2)
Update Type:
Service Pack
Severity:
Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 2 (SP2) provides the latest updates to the following products: Microsoft Office Access 2007 RuntimeThe Database Connectivity Components driver for the 2007 Microsoft Office system These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, in performance, and in security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009.
Applies to:
Office 2007

Bulletin ID:
MS08-059
Title:
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Applies to:
Host Integration Server 2006
Host Integration Server 2004
Host Integration Server 2000

Bulletin ID:
MS08-058
Title:
Cumulative Security Update for Internet Explorer (956390)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
956389
Title:
Update package for Communications Server 2007: November 2008
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007: November 2008
Applies to:
Office Communications Server 2007

Bulletin ID:
MS08-057
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
955839
Title:
December 2008 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
December 2008 cumulative time zone update for Microsoft Windows operating systems
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
955706
Title:
List of the bugs that are fixed in SQL Server 2005 Service Pack 3
Update Type:
Service Pack
Severity:
List of the bugs that are fixed in SQL Server 2005 Service Pack 3
Applies to:
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008

Bulletin ID:
MS08-056
Title:
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
Applies to:
Office 2002/XP

Bulletin ID:
MS08-055
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003

Bulletin ID:
951847
Title:
List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1
Update Type:
Service Pack
Severity:
List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Internet Explorer 7.0 Dynamic Installer

Bulletin ID:
MS08-054
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS08-053
Title:
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-052
Title:
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
SQL Server 2005
Windows 2000
Visual Studio 2008
Visual Studio 2005
Forefront Client Security
Office 2002/XP
Office 2003
Office 2007
Windows Server 2008
Windows Vista
SQL Server 2000
Microsoft Works 8

Bulletin ID:
MS08-051
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP

Bulletin ID:
951072
Title:
August 2008 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
August 2008 cumulative time zone update for Microsoft Windows operating systems
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows XP x64 Edition

Bulletin ID:
MS08-050
Title:
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user.
Applies to:
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS08-049
Title:
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
Update Type:
Security Update
Severity:
Important
This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-048
Title:
Security Update for Outlook Express and Windows Mail (951066)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-047
Title:
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
Applies to:
Windows Server 2008
Windows Vista

Bulletin ID:
953649
Title:
List of fixes that are included in System Center Configuration Manager Service Pack 1
Update Type:
Service Pack
Severity:
List of fixes that are included in System Center Configuration Manager Service Pack 1
Applies to:
System Center Configuration Manager 2007

Bulletin ID:
MS08-046
Title:
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
Update Type:
Security Update
Severity:
Critical
This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
952783
Title:
Update package for Communications Server 2007: August 2008
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007: August 2008
Applies to:
Office Communications Server 2007

Bulletin ID:
952580
Title:
Update Rollup 4 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, visit the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS08-045
Title:
Cumulative Security Update for Internet Explorer (953838)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-044
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
924886
Title:
Update for Office 2003: December 12, 2006
Update Type:
Critical Update
Severity:
Update for Office 2003: December 12, 2006
Applies to:
Office 2003

Bulletin ID:
MS08-043
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
953338
Title:
Windows SharePoint Services 3.0 SP2 and of Windows SharePoint Services 3.0 Language Pack SP2
Update Type:
Service Pack
Severity:
Windows SharePoint services 3.0 Service Pack 2 (SP2) gives customers the latest updates to Windows SharePoint services 3.0.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008

Bulletin ID:
953336
Title:
Excel Viewer 2007 Service Pack 2
Update Type:
Service Pack
Severity:
Microsoft Office Excel Viewer 2007 Service Pack 2 (SP2) gives customers the latest updates to the Excel Viewer 2007. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009.
Applies to:
Office 2007

Bulletin ID:
953335
Title:
Visio Viewer 2007 Service Pack 2
Update Type:
Service Pack
Severity:
The Microsoft Office Visio Viewer 2007 Service Pack 2 (SP2) gives customers the latest updates to the Visio Viewer 2007. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009.
Applies to:
Office 2007

Bulletin ID:
953334
Title:
2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2
Update Type:
Service Pack
Severity:
The 2007 Microsoft Office servers Service Pack 2 (SP2) package gives customers the latest updates to the 2007 Office server products. This service pack includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to providing general product fixes, SP2 includes improvements in stability, in performance, and in security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. Note Some server products in this service pack install over Windows SharePoint Services. These server products require Windows SharePoint Services 3.0 Service Pack 2.
Applies to:
Office 2007

Bulletin ID:
953332
Title:
PowerPoint Viewer 2007 Service Pack 2
Update Type:
Service Pack
Severity:
Microsoft Office PowerPoint Viewer 2007 Service Pack 2 (SP2) gives customers the latest updates to the PowerPoint Viewer 2007. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009.
Applies to:
Office 2007

Bulletin ID:
953331
Title:
Office Compatibility Pack Service Pack 2
Update Type:
Service Pack
Severity:
Microsoft Office Compatibility Pack Service Pack 2 (SP2) gives customers the latest updates to the Office Compatibility Pack for the Microsoft Office Word 2007 file format, for the Microsoft Office Excel 2007 file format, and for the Microsoft Office PowerPoint 2007 file format.
Applies to:
Office 2007

Bulletin ID:
953329
Title:
Calendar Printing Assistant for Outlook 2007 Service Pack 2
Update Type:
Service Pack
Severity:
The Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 2 gives customers the latest updates to the Calendar Printing Assistant for Outlook. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes released through February 2009.
Applies to:
Office 2007

Bulletin ID:
MS08-042
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS08-041
Title:
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS08-040
Title:
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
Update Type:
Security Update
Severity:
Important
This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Applies to:
SQL Server 2000
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008

Bulletin ID:
948016
Title:
Update Rollup 2 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS08-039
Title:
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.
Applies to:
Exchange Server 2007
Exchange Server 2003

Bulletin ID:
953467
Title:
Update Rollup 5 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 5 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
949426
Title:
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008
Update Type:
Service Pack
Severity:
Microsoft Office Accounting 2008 Service Pack 1 provides the latest updates for the U.S. and U.K. versions of Microsoft Office Accounting Professional 2008 and of Microsoft Office Accounting Express 2008. This service pack contains significant stability improvements and addresses several issues.
Applies to:
Office 2007

Bulletin ID:
MS08-038
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-037
Title:
Vulnerabilities in DNS Could Allow Spoofing (953230)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Server 2008

Bulletin ID:
MS08-036
Title:
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-035
Title:
Vulnerability in Active Directory Could Allow Denial of Service (953235)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS08-034
Title:
Vulnerability in WINS Could Allow Elevation of Privilege (948745)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privilege. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-033
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008

Bulletin ID:
MS08-031
Title:
Cumulative Security Update for Internet Explorer (950759)
Update Type:
Security Update
Severity:
Critical
This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.
Applies to:
Windows 2000
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS08-030
Title:
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista

Bulletin ID:
MS08-028
Title:
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
Update Type:
Security Update
Severity:
Important
This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-027
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS08-026
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP

Bulletin ID:
MS08-025
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-024
Title:
Cumulative Security Update for Internet Explorer (947864)
Update Type:
Security Update
Severity:
Critical
This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008

Bulletin ID:
MS08-022
Title:
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS08-021
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista

Bulletin ID:
948465
Title:
Information about Service Pack 2 for Windows Vista and for Windows Server 2008
Update Type:
Service Pack
Severity:
Service Pack 2 (SP2) for Windows Vista and for Windows Server 2008 supports new kinds of hardware and emerging hardware standards. This service pack includes all the updates that have been delivered since Service Pack 1, and it simplifies deployment for consumers, for developers, and for IT professionals.
Applies to:
Windows Server 2008
Windows Vista

Bulletin ID:
MS08-020
Title:
Vulnerability in DNS Client Could Allow Spoofing (945553)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista

Bulletin ID:
MS08-019
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Update Type:
Security Update
Severity:
Important
This security update resolves privately reported vulnerabilities in Microsoft Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS08-018
Title:
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS08-017
Title:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
Update Type:
Security Update
Severity:
Critical
This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP

Bulletin ID:
MS08-016
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS08-015
Title:
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
MS08-014
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2007
Office 2002/XP

Bulletin ID:
MS08-013
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
945172
Title:
Communications Server 2007 Web Conferencing Server update package: November 30, 2007
Update Type:
Update Rollup
Severity:
Communications Server 2007 Web Conferencing Server update package: November 30, 2007
Applies to:
Office Communications Server 2007

Bulletin ID:
945055
Title:
Update package for Communications Server 2007 and for Communications Server 2007 Archiving and CDR Server: November 30, 2007
Update Type:
Update Rollup
Severity:
Update package for Communications Server 2007 and for Communications Server 2007 Archiving and CDR Server: November 30, 2007
Applies to:
Office Communications Server 2007

Bulletin ID:
MS08-012
Title:
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
946140
Title:
Update for Business Contact Manager for Outlook 2007: February 12, 2008
Update Type:
Critical Update
Severity:
Update for Business Contact Manager for Outlook 2007: February 12, 2008
Applies to:
Office 2007

Bulletin ID:
MS08-011
Title:
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
Update Type:
Security Update
Severity:
Important
This important security update resolves three privately reported vulnerabilities in the Microsoft Works File Converter. These vulnerabilities could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Office 2003

Bulletin ID:
MS08-010
Title:
Cumulative Security Update for Internet Explorer (944533)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-009
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS08-008
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
942872
Title:
Communications Server 2007 update package: November 2, 2007
Update Type:
Update Rollup
Severity:
Communications Server 2007 update package: November 2, 2007
Applies to:
Office Communications Server 2007

Bulletin ID:
942846
Title:
Update Rollup 6 for Exchange Server 2007
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 6 for Microsoft Exchange Server 2007. For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS08-007
Title:
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves one privately reported vulnerability in the WebDAV Mini-Redirector. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
945684
Title:
Update Rollup 1 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS08-006
Title:
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
942763
Title:
December 2007 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
December 2007 cumulative time zone update for Microsoft Windows operating systems
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
MS08-005
Title:
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-004
Title:
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
Applies to:
Windows Vista

Bulletin ID:
MS08-003
Title:
Vulnerability in Active Directory Could Allow Denial of Service (946538)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability could allow a denial of service condition. On Windows Server 2003 and Windows XP an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
943462
Title:
List of problems that are fixed in Internet Security and Acceleration Server 2006 Service Pack 1
Update Type:
Service Pack
Severity:
List of problems that are fixed in Internet Security and Acceleration Server 2006 Service Pack 1
Applies to:
Internet Security and Acceleration Server 2006

Bulletin ID:
MS08-002
Title:
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS08-001
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 2000

Bulletin ID:
MS07-069
Title:
Cumulative Security Update for Internet Explorer (942615)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista

Bulletin ID:
941834
Title:
Microsoft Expression Media Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Expression Media Service Pack 1
Applies to:
Expression Media V1

Bulletin ID:
MS07-068
Title:
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows Vista

Bulletin ID:
944036
Title:
Availability of Windows Internet Explorer 8
Update Type:
Update Rollup
Severity:
Windows Internet Explorer 8 is now available. Internet Explorer 8 is the latest version of the familiar Web browser that you are most comfortable using. It helps you obtain everything that you want from the Web faster, easier, and safer than ever.
Applies to:
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS07-067
Title:
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
Update Type:
Security Update
Severity:
Important
This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. A local attacker who successfully exploited this vulnerability could take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS07-066
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Applies to:
Windows Vista

Bulletin ID:
MS07-065
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in Message Queuing Service (MSMQ) that could allow remote code execution in implementations on Microsoft Windows 2000, or elevation of privilege in implementations on Microsoft Windows XP. An attacker must have valid logon credentials to exploit the elevation of privilege vulnerability on Windows XP. An attacker could then install programs; view, change, or delete data; or create new accounts.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS07-064
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
941421
Title:
Update Rollup 5 for Exchange Server 2007
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 5 for Microsoft Exchange Server 2007. For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS07-063
Title:
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2.
Applies to:
Windows Vista

Bulletin ID:
MS07-062
Title:
Vulnerability in DNS Could Allow Spoofing (941672)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
941652
Title:
Business Contact Manager for Outlook 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Business Contact Manager for Outlook 2007 Service Pack 1
Applies to:
Office 2007

Bulletin ID:
MS07-061
Title:
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
Update Type:
Security Update
Severity:
Critical
This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS07-060
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP

Bulletin ID:
MS07-059
Title:
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation.
Applies to:
Office 2007
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
937160
Title:
Visio Viewer 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Visio Viewer 2007 Service Pack 1
Applies to:
Office 2007

Bulletin ID:
937158
Title:
PowerPoint Viewer 2007 Service Pack 1
Update Type:
Service Pack
Severity:
PowerPoint Viewer 2007 Service Pack 1
Applies to:
Office 2007

Bulletin ID:
937157
Title:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1
Applies to:
Office 2007

Bulletin ID:
MS07-058
Title:
Vulnerability in RPC Could Allow Denial of Service (933729)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
MS07-057
Title:
Cumulative Security Update for Internet Explorer (939653)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
MS07-056
Title:
Security Update for Outlook Express and Windows Mail (941202)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
940767
Title:
Windows Internet Explorer 7 Installation and Availability Update
Update Type:
Update Rollup
Severity:
Windows Internet Explorer 7 Installation and Availability Update
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS07-055
Title:
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-053
Title:
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
Update Type:
Security Update
Severity:
Important
This important security update resolves one publicly disclosed vulnerability. A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista

Bulletin ID:
MS07-052
Title:
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
Update Type:
Security Update
Severity:
Important
This important security update resolves a publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user opens a specially crafted RPT file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Visual Studio 2005

Bulletin ID:
936988
Title:
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services 3.0 Language Pack Service Pack 1
Update Type:
Service Pack
Severity:
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services 3.0 Language Pack Service Pack 1
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
936984
Title:
2007 Microsoft Office servers Service Pack 1 and the 2007 Microsoft Office servers Language Pack Service Pack 1
Update Type:
Service Pack
Severity:
2007 Microsoft Office servers Service Pack 1 and the 2007 Microsoft Office servers Language Pack Service Pack 1
Applies to:
Office 2007

Bulletin ID:
936982
Title:
2007 Microsoft Office suite Service Pack 1
Update Type:
Service Pack
Severity:
2007 Microsoft Office suite Service Pack 1
Applies to:
Office 2007

Bulletin ID:
MS07-051
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000

Bulletin ID:
MS07-050
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows 2000

Bulletin ID:
MS07-049
Title:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Update Type:
Security Update
Severity:
Important
This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating system. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
Applies to:
Virtual Server
Virtual PC

Bulletin ID:
937961
Title:
Office 2003 Web Components Service Pack 1 for the 2007 Office system
Update Type:
Service Pack
Severity:
Office 2003 Web Components Service Pack 1 for the 2007 Office system
Applies to:
Office 2007

Bulletin ID:
MS07-048
Title:
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
Update Type:
Security Update
Severity:
Important
This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista

Bulletin ID:
MS07-047
Title:
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
Update Type:
Security Update
Severity:
Important
This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista

Bulletin ID:
MS07-046
Title:
Vulnerability in GDI Could Allow Remote Code Execution (938829)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-045
Title:
Cumulative Security Update for Internet Explorer (937143)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS07-044
Title:
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
940289
Title:
Office Compatibility Pack Service Pack 1
Update Type:
Service Pack
Severity:
Office Compatibility Pack Service Pack 1
Applies to:
Office 2007

Bulletin ID:
940006
Title:
Update Rollup 4 for Exchange Server 2007
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 4 for Microsoft Exchange Server 2007. For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS07-043
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS07-042
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Office 2007
Office 2003

Bulletin ID:
936929
Title:
Information about Windows XP Service Pack 3
Update Type:
Service Pack
Severity:
Information about Windows XP Service Pack 3
Applies to:
Windows XP

Bulletin ID:
935999
Title:
Update Rollup 3 for Exchange Server 2007
Update Type:
Update Rollup
Severity:
Microsoft has released Update Rollup 3 for Microsoft Exchange Server 2007. For more information about this update rollup, see the following Microsoft Web site:
Applies to:
Exchange Server 2007

Bulletin ID:
MS07-041
Title:
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Applies to:
Windows XP

Bulletin ID:
MS07-040
Title:
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
Update Type:
Security Update
Severity:
Critical
This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2008
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS07-039
Title:
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-038
Title:
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
Update Type:
Security Update
Severity:
Moderate
This moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host.
Applies to:
Windows Vista

Bulletin ID:
MS07-037
Title:
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)
Update Type:
Security Update
Severity:
Important
This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability.
Applies to:
Office 2007

Bulletin ID:
MS07-036
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
Update Type:
Security Update
Severity:
Critical
This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
936330
Title:
What you should know before you install Windows Vista Service Pack 1
Update Type:
Service Pack
Severity:
What you should know before you install Windows Vista Service Pack 1
Applies to:
Windows Vista

Bulletin ID:
MS07-035
Title:
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-034
Title:
Cumulative Security Update for Outlook Express and Windows Mail (929123)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS07-033
Title:
Cumulative Security Update for Internet Explorer (933566)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-032
Title:
Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
Update Type:
Security Update
Severity:
Moderate
This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system.
Applies to:
Windows Vista

Bulletin ID:
MS07-031
Title:
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-030
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
Update Type:
Security Update
Severity:
Important
This important update resolves two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS07-029
Title:
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
Update Type:
Security Update
Severity:
Critical
This update resolves a publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-028
Title:
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
CAPICOM

Bulletin ID:
931836
Title:
February 2007 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
Starting in the spring of 2007, daylight saving time (DST) start and end dates for the United States will transition to comply with the Energy Policy Act of 2005. DST dates in the United States will start three weeks earlier, at 2:00 A.M. on the second Sunday in March. DST will end one week later, at 2:00 A.M. on the first Sunday in November.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista

Bulletin ID:
MS07-027
Title:
Cumulative Security Update for Internet Explorer (931768)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000

Bulletin ID:
MS07-026
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Exchange Server 2003
Exchange 2000 Server
Exchange Server 2007

Bulletin ID:
934737
Title:
Excel Viewer 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Excel Viewer 2003 Service Pack 3
Applies to:
Office 2003

Bulletin ID:
934736
Title:
Help and Support
Update Type:
Service Pack
Severity:
Help and Support
Applies to:
Office 2003

Bulletin ID:
MS07-025
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
Update Type:
Security Update
Severity:
Critical
This update resolves a privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Office 2007
Office 2002/XP
Office 2003

Bulletin ID:
MS07-024
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
933867
Title:
List of problems that are fixed in Microsoft Systems Management Server 2003 Service Pack 3
Update Type:
Service Pack
Severity:
List of problems that are fixed in Microsoft Systems Management Server 2003 Service Pack 3
Applies to:
Systems Management Server 2003

Bulletin ID:
MS07-023
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Office 2007
Office 2003
Office 2002/XP

Bulletin ID:
933669
Title:
Update for PowerPoint 2003: May 8, 2007
Update Type:
Critical Update
Severity:
Update for PowerPoint 2003: May 8, 2007
Applies to:
Office 2003

Bulletin ID:
MS07-022
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS07-021
Title:
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-020
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS07-019
Title:
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS07-018
Title:
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2002/XP

Bulletin ID:
MS07-017
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Vista
Windows XP
Windows 2000

Bulletin ID:
MS07-016
Title:
Cumulative Security Update for Internet Explorer (928090)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS07-015
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS07-014
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
929060
Title:
Update for PowerPoint 2003: February 13, 2007
Update Type:
Critical Update
Severity:
Update for PowerPoint 2003: February 13, 2007
Applies to:
Office 2003

Bulletin ID:
929058
Title:
Update for Excel 2003: February 13, 2007
Update Type:
Critical Update
Severity:
Update for Excel 2003: February 13, 2007
Applies to:
Office 2003

Bulletin ID:
928957
Title:
Visual Studio 2005 Service Pack 1 Release Notes
Update Type:
Service Pack
Severity:
This document lists known issues with the installation and uninstallation of Visual Studio 2005 Service Pack 1 (SP1), and with Visual Studio 2005 SP1 features. For information about the functional changes that are included in Visual Studio 2005 SP1, see What’s New in Visual Studio 2005 SP1 (http://msdn2.microsoft.com/en-us/library/88fx1xy0(VS.80).aspx) .
Applies to:
Visual Studio 2005

Bulletin ID:
MS07-013
Title:
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
Update Type:
Security Update
Severity:
Important
This update addresses a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2002/XP
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
929300
Title:
Benefits of the Microsoft .NET Framework
Update Type:
Service Pack
Severity:
Benefits of the Microsoft .NET Framework
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS07-012
Title:
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000

Bulletin ID:
MS07-011
Title:
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS07-009
Title:
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS07-008
Title:
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS07-007
Title:
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP

Bulletin ID:
MS07-006
Title:
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS07-005
Title:
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
923706
Title:
How to obtain the latest service pack for System Center Data Protection Manager 2006
Update Type:
Service Pack
Severity:
How to obtain the latest service pack for System Center Data Protection Manager 2006
Applies to:
Data Protection Manager 2006

Bulletin ID:
MS07-004
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows 2000

Bulletin ID:
MS07-003
Title:
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately and publicly reported vulnerabilities. The vulnerabilities are documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS07-002
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS07-001
Title:
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003

Bulletin ID:
MS06-078
Title:
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
923648
Title:
Outlook Live 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Outlook Live 2003 Service Pack 3
Applies to:
Office 2003

Bulletin ID:
923643
Title:
Windows SharePoint Services Service Pack 3
Update Type:
Service Pack
Severity:
Windows SharePoint Services Service Pack 3
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
923642
Title:
Office 2003 Service Pack 3 for Proofing Tools
Update Type:
Service Pack
Severity:
Microsoft Office 2003 Service Pack 3 (SP3) for Proofing Tools includes significant security enhancements in addition to stability improvements. Some fixes that are included in this service pack were released earlier in separate updates. This service pack combines these fixes in one update.
Applies to:
Office 2003

Bulletin ID:
923633
Title:
OneNote 2003 Service Pack 3
Update Type:
Service Pack
Severity:
OneNote 2003 Service Pack 3
Applies to:
Office 2003

Bulletin ID:
923622
Title:
Project 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Project 2003 Service Pack 3
Applies to:
Office 2003

Bulletin ID:
923620
Title:
Visio 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Visio 2003 Service Pack 3
Applies to:
Office 2003

Bulletin ID:
923618
Title:
Office 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Office 2003 Service Pack 3
Applies to:
Office 2003

Bulletin ID:
MS06-077
Title:
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS06-076
Title:
Cumulative Security Update for Outlook Express (923694)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-075
Title:
Vulnerability in Windows Could Allow Elevation of Privilege (926255)
Update Type:
Security Update
Severity:
Important
This update resolves a privately identified vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-074
Title:
Vulnerability in SNMP Could Allow Remote Code Execution (926247)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS06-073
Title:
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Visual Studio 2005

Bulletin ID:
MS06-072
Title:
Cumulative Security Update for Internet Explorer (925454)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-071
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista

Bulletin ID:
MS06-070
Title:
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS06-069
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
Update Type:
Security Update
Severity:
Critical
This update resolves privately reported vulnerabilities in Macromedia Flash Player from Adobe, version 6.0.84.0 and earlier. Macromedia Flash Player is a third party software application that also was redistributed with Microsoft Windows XP Service Pack 2, Microsoft Windows XP Service Pack 3, and Microsoft Windows XP Professional x64 Edition. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. The Adobe Security Bulletin APSB06-11, issued September 12, 2006, describes the vulnerabilities and provides the download locations for customers who have installed Flash Player 7 and higher so that you can install the appropriate update based on the version of Flash Player you are using. Customers that have followed the guidance in the Adobe Security Bulletin are not at risk from these vulnerabilities.
Applies to:
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-068
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000

Bulletin ID:
920115
Title:
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
Update Type:
Service Pack
Severity:
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
Applies to:
Office 2003

Bulletin ID:
MS06-067
Title:
Cumulative Security Update for Internet Explorer (922760)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-066
Title:
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Update Type:
Security Update
Severity:
Important
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-065
Title:
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-064
Title:
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Update Type:
Security Update
Severity:
Low
This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-063
Title:
Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution (923414)
Update Type:
Security Update
Severity:
Important
This update resolves publicly and privately reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-062
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-061
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Office 2003
SQL Server Feature Pack

Bulletin ID:
924406
Title:
List of problems that are fixed in Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
Update Type:
Service Pack
Severity:
List of problems that are fixed in Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
Applies to:
Internet Security and Acceleration Server 2004

Bulletin ID:
MS06-060
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-059
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-058
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-057
Title:
Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-056
Title:
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP

Bulletin ID:
MS06-055
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-054
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS06-053
Title:
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-052
Title:
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP

Bulletin ID:
MS06-051
Title:
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
Update Type:
Security Update
Severity:
Critical
This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
917347
Title:
Update for Word 2002: July 11, 2006
Update Type:
Critical Update
Severity:
Update for Word 2002: July 11, 2006
Applies to:
Office 2002/XP

Bulletin ID:
MS06-050
Title:
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
Update Type:
Security Update
Severity:
Important
This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-049
Title:
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations.
Applies to:
Windows 2000

Bulletin ID:
MS06-048
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS06-047
Title:
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2002/XP

Bulletin ID:
MS06-046
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
921896
Title:
A list of the bugs that are fixed in SQL Server 2005 Service Pack 2
Update Type:
Service Pack
Severity:
A list of the bugs that are fixed in SQL Server 2005 Service Pack 2
Applies to:
SQL Server 2005

Bulletin ID:
MS06-045
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS06-044
Title:
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS06-043
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-042
Title:
Cumulative Security Update for Internet Explorer (918899)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-041
Title:
Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported, vulnerabilities.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-040
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (921883)
Update Type:
Security Update
Severity:
Critical
This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000

Bulletin ID:
MS06-039
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own "Vulnerability Details" section in this bulletin.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-038
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
MS06-037
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS06-036
Title:
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000

Bulletin ID:
913807
Title:
Update for Outlook 2003: March 14, 2006
Update Type:
Critical Update
Severity:
Update for Outlook 2003: March 14, 2006
Applies to:
Office 2003

Bulletin ID:
MS06-035
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (917159)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
917153
Title:
Update for PowerPoint 2002: July 11, 2006
Update Type:
Critical Update
Severity:
Update for PowerPoint 2002: July 11, 2006
Applies to:
Office 2002/XP

Bulletin ID:
MS06-034
Title:
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-033
Title:
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
917275
Title:
How to obtain Windows Rights Management Services with Service Pack 2
Update Type:
Service Pack
Severity:
How to obtain Windows Rights Management Services with Service Pack 2
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-032
Title:
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-031
Title:
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported vulnerability. A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS06-030
Title:
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
Update Type:
Security Update
Severity:
Important
This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-029
Title:
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could perform script injection attacks.
Applies to:
Exchange Server 2003
Exchange 2000 Server

Bulletin ID:
912440
Title:
Update for Office 2003 Alternative User Input: May 9, 2006
Update Type:
Service Pack
Severity:
Update for Office 2003 Alternative User Input: May 9, 2006
Applies to:
Office 2003

Bulletin ID:
MS06-028
Title:
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS06-027
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, public vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS06-025
Title:
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000

Bulletin ID:
MS06-024
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000

Bulletin ID:
MS06-023
Title:
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered vulnerability. A remote code execution vulnerability exists in Microsoft JScript that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS06-022
Title:
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-021
Title:
Cumulative Security Update for Internet Explorer (916281)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition

Bulletin ID:
914961
Title:
General information regarding Windows Server 2003 Service Pack 2
Update Type:
Service Pack
Severity:
General information regarding Windows Server 2003 Service Pack 2
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS06-020
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
Update Type:
Security Update
Severity:
Critical
This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
Applies to:
Windows XP
Windows XP x64 Edition

Bulletin ID:
913090
Title:
A list of the bugs that have been fixed in SQL Server 2005 Service Pack 1
Update Type:
Service Pack
Severity:
A list of the bugs that have been fixed in SQL Server 2005 Service Pack 1
Applies to:
SQL Server 2005

Bulletin ID:
MS06-019
Title:
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Exchange Server 2003
Exchange 2000 Server

Bulletin ID:
MS06-018
Title:
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
Update Type:
Security Update
Severity:
Moderate
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
913571
Title:
Updates for Office 2003: March 14, 2006
Update Type:
Critical Update
Severity:
Updates for Office 2003: March 14, 2006
Applies to:
Office 2003

Bulletin ID:
MS06-017
Title:
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-016
Title:
Cumulative Security Update for Outlook Express (911567)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS06-015
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition

Bulletin ID:
MS06-014
Title:
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS06-013
Title:
Cumulative Security Update for Internet Explorer (912812)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-012
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Office 2002/XP

Bulletin ID:
MS06-011
Title:
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-009
Title:
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-008
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-007
Title:
Vulnerability in TCP/IP Could Allow Denial of Service (913446)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS06-006
Title:
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP

Bulletin ID:
MS06-005
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS06-004
Title:
Cumulative Security Update for Internet Explorer (910620)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS06-003
Title:
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Office 2003
Office 2002/XP
Exchange 2000 Server

Bulletin ID:
891861
Title:
Update Rollup 1 for Windows 2000 SP4 and known issues
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Windows 2000 SP4 and known issues
Applies to:
Windows 2000

Bulletin ID:
MS06-002
Title:
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
907747
Title:
"Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide" is now available
Update Type:
Update Rollup
Severity:
The Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide is now available.
Applies to:
Exchange Server 2003

Bulletin ID:
MS06-001
Title:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-055
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS05-054
Title:
Cumulative Security Update for Internet Explorer (905915)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-053
Title:
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS05-052
Title:
Cumulative Security Update for Internet Explorer (896688)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered public vulnerability and other privately-reported variations of the same vulnerability. The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer, allow an attacker to take complete control of an affected system. Because these COM objects were not designed to be instantiated in Internet Explorer, this update sets the kill bit for the affected Class Identifiers (CLSID) in these COM objects. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-051
Title:
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition

Bulletin ID:
MS05-050
Title:
Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS05-049
Title:
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
Update Type:
Security Update
Severity:
Important
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
899738
Title:
List of issues that are fixed in Systems Management Server 2003 Service Pack 2
Update Type:
Service Pack
Severity:
List of issues that are fixed in Systems Management Server 2003 Service Pack 2
Applies to:
Systems Management Server 2003

Bulletin ID:
MS05-048
Title:
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Exchange 2000 Server

Bulletin ID:
MS05-047
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS05-046
Title:
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-045
Title:
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, public vulnerability. A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-044
Title:
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the Windows FTP client because of the way it validates file names. This vulnerability could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-043
Title:
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-042
Title:
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
Update Type:
Security Update
Severity:
Moderate
This update resolves two newly-discovered vulnerabilities, a privately reported vulnerability and a publicly reported vulnerability. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
899456
Title:
Release manifest for MDAC 2.8 Service Pack 1 (2.81.1117.6)
Update Type:
Service Pack
Severity:
This release manifest applies to the Internet release of Microsoft Data Access Components (MDAC) 2.8 Service Pack 1, referred to as MDAC 2.8 SP1 (2.81.1117.6).
Applies to:
MDAC 2.8

Bulletin ID:
MS05-041
Title:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability in the Remote Desktop Protocol (RDP) exists that could allow an attacker to cause a system to stop responding. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS05-040
Title:
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS05-039
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-038
Title:
Cumulative Security Update for Internet Explorer (896727)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS05-037
Title:
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. A COM object, the JView Profiler (Javaprxy.dll), when instantiated in Internet Explorer, contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. Since the JView Profiler COM object was not designed to be accessed through Internet Explorer, this update sets the kill bit for the JView Profiler (Javaprxy.dll) COM object. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition

Bulletin ID:
902963
Title:
Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
Update Type:
Service Pack
Severity:
Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 provides the latest updates to Microsoft Office Outlook 2003 with Business Contact Manager Update and to Microsoft Office Small Business Accounting 2006. This service pack contains significant usability enhancements and stability improvements.
Applies to:
Office 2003

Bulletin ID:
902848
Title:
Outlook Live 2003 Service Pack 2
Update Type:
Service Pack
Severity:
Outlook Live 2003 Service Pack 2
Applies to:
Office 2003

Bulletin ID:
MS05-036
Title:
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition

Bulletin ID:
MS05-035
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Office 2002/XP

Bulletin ID:
MS05-033
Title:
Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. An attacker who successfully exploited this information disclosure vulnerability could remotely read the session variables for users who have open connections to a malicious telnet server. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS05-032
Title:
Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. This vulnerability could enable an attacker to spoof trusted Internet content. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
889101
Title:
Release notes for Windows Server 2003 Service Pack 1
Update Type:
Service Pack
Severity:
Release notes for Windows Server 2003 Service Pack 1
Applies to:
Windows Server 2003

Bulletin ID:
MS05-031
Title:
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP 64-Bit Edition Version 2003

Bulletin ID:
MS05-030
Title:
Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS05-028
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS05-027
Title:
Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. . An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS05-026
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in HTML Help that could allow remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP

Bulletin ID:
MS05-025
Title:
Cumulative Security Update for Internet Explorer (883939)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000

Bulletin ID:
MS05-024
Title:
Vulnerability in Web View Could Allow Remote Code Execution (894320)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS05-023
Title:
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. The vulnerabilities are documented in the Vulnerability Details section of this bulletin.
Applies to:
Office 2002/XP
Office 2003

Bulletin ID:
887624
Title:
Windows SharePoint Services 2.0 Service Pack 2
Update Type:
Service Pack
Severity:
Windows SharePoint Services 2.0 Service Pack 2
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
887622
Title:
Visio 2003 Service Pack 2
Update Type:
Service Pack
Severity:
Visio 2003 Service Pack 2
Applies to:
Office 2003

Bulletin ID:
887620
Title:
Project 2003 Service Pack 2
Update Type:
Service Pack
Severity:
Project 2003 Service Pack 2
Applies to:
Office 2003

Bulletin ID:
887619
Title:
OneNote 2003 Service Pack 2
Update Type:
Service Pack
Severity:
OneNote 2003 Service Pack 2
Applies to:
Office 2003

Bulletin ID:
887618
Title:
Office 2003 Service Pack 2 for Proofing Tools
Update Type:
Service Pack
Severity:
Office 2003 Service Pack 2 for Proofing Tools
Applies to:
Office 2003

Bulletin ID:
887616
Title:
Office 2003 Service Pack 2
Update Type:
Service Pack
Severity:
Office 2003 Service Pack 2
Applies to:
Office 2003

Bulletin ID:
MS05-021
Title:
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability in Microsoft Exchange Server that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Exchange Server 2003
Exchange 2000 Server

Bulletin ID:
MS05-020
Title:
Cumulative Security Update for Internet Explorer (890923)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-019
Title:
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately-reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS05-018
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
Update Type:
Security Update
Severity:
Important
This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
890830
Title:
Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP
Update Type:
Update Rollup
Severity:
Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows 7
Windows Internet Explorer 8 Dynamic Installer
Windows Internet Explorer 7.0 Dynamic Installer
Windows XP x64 Edition
Windows Server 2008 R2
Windows 2000

Bulletin ID:
MS05-017
Title:
Vulnerability in Message Queuing Could Allow Code Execution (892944)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Message Queuing component. By default, the Message Queuing component is not installed on any affected operating system version. Only customers who manually installed the Message Queuing component could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS05-016
Title:
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-015
Title:
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS05-014
Title:
Cumulative Security Update for Internet Explorer (867282)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
843188
Title:
Office 2003 Service Pack 1 for Proofing Tools
Update Type:
Service Pack
Severity:
Office 2003 Service Pack 1 for Proofing Tools
Applies to:
Office 2003

Bulletin ID:
843187
Title:
Office 2003 Service Pack 1 for Multilingual User Interface Pack
Update Type:
Service Pack
Severity:
Office 2003 Service Pack 1 for Multilingual User Interface Pack
Applies to:
Office 2003

Bulletin ID:
842774
Title:
OneNote 2003 Service Pack 1
Update Type:
Service Pack
Severity:
OneNote 2003 Service Pack 1
Applies to:
Office 2003

Bulletin ID:
842532
Title:
Office 2003 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft has released a service pack for Microsoft Office 2003. Microsoft Office 2003 Service Pack 1 (SP1) provides the latest updates to Microsoft Office 2003. Office 2003 SP1 contains significant security enhancements and stability and performance improvements. Office 2003 SP1 also includes many performance and feature enhancements to Microsoft Office InfoPath 2003.
Applies to:
Office 2003

Bulletin ID:
MS05-013
Title:
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS05-012
Title:
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-011
Title:
Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
884525
Title:
Additions to the SQL Server 2000 Service Pack 4 readme files
Update Type:
Service Pack
Severity:
Additions to the SQL Server 2000 Service Pack 4 readme files
Applies to:
SQL Server 2000

Bulletin ID:
MS05-010
Title:
Vulnerability in the License Logging Service Could Allow Code Execution (885834)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS05-009
Title:
Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the processing of PNG image formats. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS05-008
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. A privilege elevation vulnerability exists in Windows because of the way that Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page. This malicious Web page could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS05-007
Title:
Vulnerability in Windows Could Allow Information Disclosure (888302)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Windows XP

Bulletin ID:
MS05-006
Title:
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. A cross-site scripting and spoofing vulnerability exists in the affected software that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Applies to:
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS05-005
Title:
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Office 2002/XP

Bulletin ID:
MS05-004
Title:
ASP.NET Path Validation Vulnerability (887219)
Update Type:
Security Update
Severity:
Important
This update resolves a public vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could gain unauthorized access to parts of a Web site. The actions that the attacker could take would depend on the specific content being protected.
Applies to:
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition

Bulletin ID:
MS05-003
Title:
Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
MS05-002
Title:
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS05-001
Title:
Vulnerability in HTML Help Could Allow Code Execution (890175)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. This vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS04-045
Title:
Vulnerability in WINS Could Allow Remote Code Execution (870763)
Update Type:
Security Update
Severity:
Important
This update resolves several newly-discovered, public and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
870540
Title:
Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
Update Type:
Update
Severity:
Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
Applies to:
Exchange 2000 Server

Bulletin ID:
867461
Title:
List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3
Update Type:
Service Pack
Severity:
List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008

Bulletin ID:
867460
Title:
List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1
Update Type:
Service Pack
Severity:
List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1
Applies to:
Windows 2000
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition

Bulletin ID:
MS04-044
Title:
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
Update Type:
Security Update
Severity:
Important
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS04-043
Title:
Vulnerability in HyperTerminal Could Allow Code Execution (873339)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS04-041
Title:
Vulnerability in WordPad Could Allow Code Execution (885836)
Update Type:
Security Update
Severity:
Important
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS04-037
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS04-036
Title:
Vulnerability in NNTP Could Allow Remote Code Execution (883935)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems. This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS04-035
Title:
Vulnerability in SMTP Could Allow Remote Code Execution (885881)
Update Type:
Security Update
Severity:
Critical
Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform.
Applies to:
Windows Server 2003

Bulletin ID:
MS04-034
Title:
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way that Windows processes Compressed (zipped) Folders. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS04-032
Title:
Security Update for Microsoft Windows (840987)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
840663
Title:
Visio 2003 Service Pack 1
Update Type:
Service Pack
Severity:
Visio 2003 Service Pack 1
Applies to:
Office 2003

Bulletin ID:
MS04-031
Title:
Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS04-030
Title:
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS04-028
Title:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
832671
Title:
Microsoft Office XP Service Pack 3
Update Type:
Service Pack
Severity:
Microsoft Office XP Service Pack 3
Applies to:
Office 2002/XP

Bulletin ID:
MS04-027
Title:
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the WordPerfect 5.x Converter that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Office 2002/XP

Bulletin ID:
MS04-024
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS04-023
Title:
Vulnerability in HTML Help Could Allow Code Execution (840315)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS04-022
Title:
Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS04-020
Title:
Vulnerability in POSIX Could Allow Code Execution (841872)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
MS04-019
Title:
Vulnerability in Utility Manager Could Allow Code Execution (842526)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000

Bulletin ID:
841876
Title:
Windows SharePoint Services Service Pack 1
Update Type:
Service Pack
Severity:
Windows SharePoint Services Service Pack 1
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS04-018
Title:
Cumulative Security Update for Outlook Express (823353)
Update Type:
Security Update
Severity:
Moderate
This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS04-016
Title:
Vulnerability in DirectPlay Could Allow Denial of Service (839643)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
837240
Title:
Project 2003 Service Pack 1
Update Type:
Service Pack
Severity:
Project 2003 Service Pack 1
Applies to:
Office 2003

Bulletin ID:
MS04-015
Title:
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS04-014
Title:
Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
Update Type:
Security Update
Severity:
Important
Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS04-013
Title:
Cumulative Security Update for Outlook Express (837009)
Update Type:
Security Update
Severity:
Critical
This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS04-012
Title:
Cumulative Update for Microsoft RPC/DCOM (828741)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each vulnerability is documented in this bulletin in its own section.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS04-011
Title:
Security Update for Microsoft Windows (835732)
Update Type:
Security Update
Severity:
Critical
Microsoft re-issued this bulletin on June 15, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation update for the Pan Chinese language.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
834693
Title:
Office XP Service Pack 3 for Access 2002 Runtime
Update Type:
Service Pack
Severity:
Office XP Service Pack 3 for Access 2002 Runtime
Applies to:
Office 2002/XP

Bulletin ID:
MS04-008
Title:
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)
Update Type:
Security Update
Severity:
Moderate
A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality.
Applies to:
Windows 2000

Bulletin ID:
MS04-007
Title:
ASN.1 Vulnerability Could Allow Code Execution (828028)
Update Type:
Security Update
Severity:
Critical
A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
826939
Title:
Update Rollup 1 for Windows XP is available
Update Type:
Critical Update
Severity:
Microsoft has released Update Rollup 1 for Microsoft Windows XP. An update rollup is a cumulative set of hotfixes, security patches, critical updates, and updates that are packaged together for easy deployment. Update Rollup 1 for Windows XP is a single package that includes many previously released critical updates for Windows XP. For additional information about the critical updates that are included in this update rollup, click the following article numbers to view the articles in the Microsoft Knowledge Base:
Applies to:
Windows XP

Bulletin ID:
MS04-006
Title:
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
Update Type:
Security Update
Severity:
Important
A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000

Bulletin ID:
830242
Title:
Visio 2002 Service Pack 2
Update Type:
Service Pack
Severity:
Visio 2002 Service Pack 2
Applies to:
Office 2002/XP

Bulletin ID:
830241
Title:
Microsoft Project 2002 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Project 2002 Service Pack 1
Applies to:
Office 2002/XP

Bulletin ID:
MS03-051
Title:
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Update Type:
Security Update
Severity:
Critical
Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS03-049
Title:
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
Update Type:
Security Update
Severity:
Critical
A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service.
Applies to:
Windows 2000

Bulletin ID:
MS03-045
Title:
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
Update Type:
Security Update
Severity:
Important
Microsoft re-issued this bulletin on Janurary 13, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation and Server patch for the Arabic, Hebrew, and Thai languages.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS03-044
Title:
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
Update Type:
Security Update
Severity:
Critical
A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS03-043
Title:
Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
Update Type:
Security Update
Severity:
Critical
Subsequent to the release of this bulletin, it was determined that the update for Windows XP did not properly place the updated file wkssvc.dll into the %systemroot%\system32\dllcache. This problem is unrelated to the security vulnerability discussed in this bulletin. Microsoft recommends that customers who have previously applied the security update reinstall the latest version to insure that their system remains protected in the event that the wkssvc.dll is ever deleted or becomes corrupt. More information on this is available in the FAQ section of this bulletin.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS03-042
Title:
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
Update Type:
Security Update
Severity:
Critical
Microsoft re-issued this bulletin on October 29, 2003 to advise on the availability of an updated Windows 2000 patch. This revised patch corrects the Debug Programs (SeDebugPrivilege) user right issue that some customers experienced with the original patch that is discussed in Knowledge Base Article 830846. This problem is unrelated to the security vulnerability discussed in this bulletin. If you have previously applied this security patch, this update does not need to be installed.
Applies to:
Windows 2000

Bulletin ID:
MS03-041
Title:
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
Update Type:
Security Update
Severity:
Critical
There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS03-039
Title:
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Update Type:
Security Update
Severity:
Critical
The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS03-034
Title:
Flaw in NetBIOS Could Lead to Information Disclosure (824105)
Update Type:
Security Update
Severity:
Low
Subsequent to the original release of this bulletin Microsoft extended the support of Windows NT Workstation 4.0 and Windows 2000 Service Pack 2. A security update is now available from Microsoft Product Support Services for customers running these operating systems. Contact Microsoft Product Support Services to obtain these additional security updates.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS03-033
Title:
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Update Type:
Security Update
Severity:
Important
Microsoft Data Access Components (MDAC) is a collection of components that are used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems:
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-031
Title:
Cumulative Patch for Microsoft SQL Server (815495)
Update Type:
Security Update
Severity:
Important
This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. In addition, it eliminates three newly discovered vulnerabilities.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003

Bulletin ID:
MS03-030
Title:
Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Update Type:
Security Update
Severity:
Critical
Subsequent to the original release of this bulletin, customers requested that we support additional versions of DirectX that were not covered by the original patches. This bulletin has been updated to provide information about a new patch, which is intended for customers using Windows 98, Windows 98 SE, Windows Millennium Edition, or Windows 2000 who have upgraded to Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, or 8.1b.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS03-027
Title:
Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
Update Type:
Security Update
Severity:
Important
The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs.
Applies to:
Windows XP

Bulletin ID:
MS03-026
Title:
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Update Type:
Security Update
Severity:
Critical
Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. Subsequent to the release of this bulletin Microsoft has been made aware that additional ports involving RPC can be used to exploit this vulnerability. Information regarding these additional ports has been added to the mitigating factors and the Workaround section of the bulletin. In addition, Microsoft has released security bulletin MS03-039 and an updated scanning tool which supersedes this bulletin and the original scanning tool provided with it.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS03-023
Title:
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Update Type:
Security Update
Severity:
Critical
Subsequent to the original release of this bulletin Microsoft extended the support of Windows NT Workstation 4.0 and Windows 2000 Service Pack 2. The existing Windows NT 4.0 Server security update will install successfully on Windows NT 4.0 Workstation and is officially supported on that operating system version. The existing Windows 2000 security update will install successfully on Windows 2000 Service Pack 2 and is officially supported on that operating system version.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS03-022
Title:
Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
Update Type:
Security Update
Severity:
Important
Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available in a downloadable version for Windows NT 4.0 Server. Windows Media Services contains support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content coming from the server. To facilitate logging of client information for the server, Windows 2000 includes a capability specifically designed to enable logging for multicast transmissions.
Applies to:
Windows 2000

Bulletin ID:
MS03-021
Title:
Flaw In Windows Media Player May Allow Media Library Access (819639)
Update Type:
Security Update
Severity:
Moderate
An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media and provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media.
Applies to:
Windows Server 2003
Windows 2000
Windows XP

Bulletin ID:
MS03-018
Title:
Cumulative Patch for Internet Information Service (811114)
Update Type:
Security Update
Severity:
Important
This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch".
Applies to:
Windows XP
Windows 2000

Bulletin ID:
811113
Title:
List of fixes included in Windows XP Service Pack 2
Update Type:
Service Pack
Severity:
List of fixes included in Windows XP Service Pack 2
Applies to:
Windows XP

Bulletin ID:
MS03-017
Title:
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
Update Type:
Security Update
Severity:
Critical
Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of "skins". Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS03-013
Title:
Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)
Update Type:
Security Update
Severity:
Important
Microsoft re-issued this bulletin on May 28, 2003 to advise on the availability of an updated Windows XP Service Pack 1 patch. This revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-008
Title:
Flaw in Windows Script Engine Could Allow Code Execution (814078)
Update Type:
Security Update
Severity:
Critical
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-007
Title:
Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)
Update Type:
Security Update
Severity:
Critical
Microsoft originally released this security bulletin on March 17, 2003. At that time, Microsoft was aware of a publicly available exploit that was being used to attack Windows 2000 Servers running IIS 5.0. The attack vector in this case was WebDAV although the underlying vulnerability was in a core operating system component, ntdll.dll. Microsoft issued a patch to protect Windows 2000 customers shortly afterwards, but also continued to investigate the underlying vulnerability. During the course of that investigation, Microsoft found that Windows NT 4.0 also contains the underlying vulnerability in ntdll.dll, however it does not support WebDAV and therefore the known exploit was not effective against Windows NT 4.0. In addition, Microsoft has recently been made aware of this vulnerability as well in Windows XP. However, like Windows NT 4.0, Windows XP does not install Internet Information Services (IIS) by default. Microsoft has now released patches for Windows NT 4.0 and Windows XP.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS03-001
Title:
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
Update Type:
Security Update
Severity:
Critical
The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS02-072
Title:
Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)
Update Type:
Security Update
Severity:
Critical
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
Applies to:
Windows XP

Bulletin ID:
MS02-071
Title:
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
Update Type:
Security Update
Severity:
Important
Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that could, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and has released an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. The error did not affect NT 4.0 TSE, except for the Japanese Language. Customers running the Japanese version of NT 4.0 TSE should apply the updated fix.
Applies to:
Windows 2000

Bulletin ID:
MS02-070
Title:
Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
Update Type:
Security Update
Severity:
Moderate
Subsequent to releasing this bulletin it was determined that the fix that eliminates the vulnerability was not included in Microsoft Windows XP Service Pack 1. The bulletin has been updated to reflect this fact, and the patch has been updated so that it installs on Windows XP Service Pack 1 systems. Customers who are currently running XP Service Pack 1 with SMB signing enabled should apply the patch.
Applies to:
Windows XP

Bulletin ID:
MS02-065
Title:
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
Update Type:
Security Update
Severity:
Critical
Microsoft Data Access Components (MDAC) is a collection of components used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems:
Applies to:
Windows 2000

Bulletin ID:
MS02-063
Title:
Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
Update Type:
Security Update
Severity:
Critical
Windows 2000 and Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, and Windows ME.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS02-062
Title:
Cumulative Patch for Internet Information Service (Q327696)
Update Type:
Security Update
Severity:
Moderate
It would run using the security settings on the user's machine that were appropriate to Web Site A.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS02-060
Title:
Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)
Update Type:
Security Update
Severity:
Moderate
Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance.
Applies to:
Windows XP

Bulletin ID:
MS02-054
Title:
Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
Update Type:
Security Update
Severity:
Moderate
Zipped files (files having a .zip extension) provide a means to store information in a way that uses less space on a hard disk. This is accomplished by compressing the files that are put into in the zipped file. On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature allows zipped files to be treated as folders. The Compressed Folders feature can be used to create, add files to, and extract files from zipped files.
Applies to:
Windows XP

Bulletin ID:
MS02-053
Title:
Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
Update Type:
Security Update
Severity:
Critical
The SmartHTML Interpreter (shtml.dll) is part of the FrontPage Server Extensions (FPSE) and Microsoft SharePoint Team Services, and provides support for web forms and other FrontPage-based dynamic content. The interpreter contains a flaw that could be exposed when processing a request for a particular type of web file, if the request had certain specific characteristics. This flaw affects the two versions of FrontPage Server Extensions differently. On FrontPage Server Extensions 2000, such a request would cause the interpreter to consume most or all CPU availability until the web service was restarted. An attacker could use this vulnerability to conduct a denial of service attack against an affected web server. On FrontPage Server Extensions 2002 and SharePoint Team Services 2002, the same type of request could cause a buffer overrun, potentially allowing an attacker to run code of his choice.
Applies to:
Windows XP

Bulletin ID:
MS02-051
Title:
Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)
Update Type:
Security Update
Severity:
Moderate
The Remote Data Protocol (RDP) provides the means by which Windows systems can provide remote terminal sessions to clients. The protocol transmits information regarding a terminal sessions' keyboard, mouse and video to the remote client, and is used by Terminal Services in Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP. Two security vulnerabilities, both of which are eliminated by this patch, have been discovered in various RDP implementations.
Applies to:
Windows XP
Windows 2000

Bulletin ID:
MS02-050
Title:
Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
Update Type:
Security Update
Severity:
Important
The original version of this bulletin was released on 05 September 2002.
Applies to:
Windows 2000
Windows XP

Bulletin ID:
MS02-048
Title:
Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172)
Update Type:
Security Update
Severity:
Critical
All versions of Windows ship with an ActiveX control known as the Certificate Enrollment Control, the purpose of which is to allow web-based certificate enrollments. The control is used to submit PKCS #10 compliant certificate requests, and upon receiving the requested certificate, stores it in the user's local certificate store.
Applies to:
Windows XP

Bulletin ID:
321884
Title:
List of Bugs Fixed in Microsoft .NET Framework 1.0 Service Pack 2
Update Type:
Service Pack
Severity:
List of Bugs Fixed in Microsoft .NET Framework 1.0 Service Pack 2
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP

Bulletin ID:
MS02-045
Title:
Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)
Update Type:
Security Update
Severity:
Moderate
SMB (Server Message Block) is the protocol Microsoft uses to share files, printers, serial ports, and also to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources and servers make SMB responses in what described as a client server, request-response protocol.
Applies to:
Windows 2000

Bulletin ID:
MS02-042
Title:
Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)
Update Type:
Security Update
Severity:
Critical
The Network Connection Manager (NCM) provides a controlling mechanism for all network connections managed by a host system. Among the functions of the NCM is to call a handler routine whenever a network connection has been established.
Applies to:
Windows 2000

Bulletin ID:
MS02-032
Title:
26 June 2002 Cumulative Patch for Windows Media Player (Q320920)
Update Type:
Security Update
Severity:
Critical
On June 26, 2002, Microsoft released the original version of this bulletin, which described the patch it provided as being cumulative. We subsequently discovered that a file had been inadvertently omitted from the patch. While the omission had no effect on the effectiveness of the patch against the new vulnerabilities discussed below, it did mean that the patch was not cumulative. Specifically, the original patch did not include all of the fixes discussed in Microsoft Security Bulletin MS01-056. We have repackaged the patch to include the file and are re-releasing it to ensure that it truly is cumulative.
Applies to:
Windows XP

Bulletin ID:
MS02-029
Title:
Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
Update Type:
Security Update
Severity:
Critical
On June 12, 2002, Microsoft released the original version of this bulletin. On July 2, 2002, the bulletin was updated to reflect the availability of a revised patch. Although the original patch completely eliminated the vulnerability, it had the side effect of preventing non-administrative users from making VPN connections in some cases. The revised patch correctly handles VPN connections. The revised patch is immediately available from the Download Center and will be soon made available via WindowsUpdate.
Applies to:
Windows XP

Bulletin ID:
MS02-024
Title:
Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206)
Update Type:
Security Update
Severity:
Critical
The Windows debugging facility provides a means for programs to perform diagnostic and analytic functions on applications as they are running on the operating system. One of these capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs. These commands would then execute in the same security context as the controlled program.
Applies to:
Windows 2000

Bulletin ID:
MS02-017
Title:
Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967)
Update Type:
Security Update
Severity:
Moderate
The Multiple UNC Provider (MUP) is a Windows service that assists in locating network resources that are identified via UNC (uniform naming convention). The MUP receives commands containing UNC names from applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.
Applies to:
Windows XP

Bulletin ID:
MS02-009
Title:
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Update Type:
Security Update
Severity:
Critical
Frames are used in Internet Explorer to provide for a fuller browsing experience. By design, scripts in the frame of one site or domain should be prohibited from accessing the content of frames in another site or domain. However, a flaw exists in how VBScript is handled in IE relating to validating cross-domain access. This flaw can allow scripts of one domain to access the contents of another domain in a frame.
Applies to:
Windows 2000

Bulletin ID:
MS02-008
Title:
XMLHTTP Control Can Allow Access to Local Files
Update Type:
Security Update
Severity:
Critical
Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web pages so they can only use the control to request data from remote data sources.
Applies to:
Windows XP

Bulletin ID:
MS02-006
Title:
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
Update Type:
Security Update
Severity:
Moderate
On February 12 2002, Microsoft released the original version of this bulletin. In it, we detailed a work-around procedure that customers could implement to protect themselves against a publicly disclosed vulnerability. An updated version of this bulletin was released on February 15, 2002, to announce the availability of the patch for Windows 2000 and Windows XP and to advise customers that the work-around procedure is no longer needed on those platforms. Patches for additional platforms are forthcoming and this bulletin will be re-released to annouce their availability.
Applies to:
Windows XP

Bulletin ID:
MS01-059
Title:
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise
Update Type:
Security Update
Severity:
Critical
Universal Plug and Play (UPnP) allows computers to discover and use network-based devices. Windows ME and XP include native UPnP support; Windows 98 and 98SE do not include native UPnP support, but it can be installed via the Internet Connection Sharing client that ships with Windows XP. This bulletin discusses two vulnerabilities affecting these UPnP implementations. Although the vulnerabilities are unrelated, both involve how UPnP-capable computers handle the discovery of new devices on the network.
Applies to:
Windows XP