GFI
English Deutsch Français Italiano Nederlands Español
Products > GFI LANguard N.S.S. > Supported OVAL checks

Bulletin ID Title
MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
MS09-026 Vulnerability in RPC Could Allow Elevation of Privilege (970238)
MS09-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
MS09-023 Vulnerability in Windows Search Could Allow Information Disclosure (963093)
MS09-022 Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
MS09-020 Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
MS09-019 Cumulative Security Update for Internet Explorer (969897)
MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
948465 Windows Vista SP2 and Windows Server 2008 SP2
MS09-017 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
968369 SQL Server 2008 Service Pack 1
960911 Windows Small Business Server 2008 Update Rollup 2
957324 Office 2007 Service Pack 2 - Business Contact Manager
957262 Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components
953338 Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2)
953336 Excel Viewer 2007 Service Pack 2
953335 Visio Viewer 2007 Service Pack 2
953334 Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2
953332 PowerPoint Viewer 2007 Service Pack 2
953331 Office Compatibility Pack Service Pack 2
953329 Calendar Printing Assistant for Outlook 2007 Service Pack 2
953195 Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2
MS09-016 Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
MS09-015 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
MS09-014 Cumulative Security Update for Internet Explorer (963027)
MS09-013 Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
MS09-012 Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
MS09-011 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
MS09-009 Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
960384 Update Rollup for Exchange Server 2007 Service Pack 1
MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
MS09-007 Vulnerability in SChannel Could Allow Spoofing (960225)
MS09-006 Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
960353 Update for Microsoft Silverlight, February 18, 2009
959057 Microsoft Office Accounting 2009 Service Pack 1
MS09-005 Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
MS09-002 Cumulative Security Update for Internet Explorer (961260)
960715 Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits
958715 Windows Small Business Server 2008 Update Rollup 1
955706 SQL Server 2005 Service Pack 3
951847 .NET Framework 3.5 Service Pack 1
MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
MS08-078 Security Update for Internet Explorer (960714)
MS08-077 Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
MS08-076 Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
MS08-075 Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
MS08-074 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
MS08-073 Cumulative Security Update for Internet Explorer (958215)
MS08-072 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
MS08-071 Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
MS08-070 Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
957388 December 2008 Windows Vista and Windows Server 2008 Application Compatibility Update
953467 Update Rollup 5 for Exchange Server 2007 Service Pack 1
MS08-069 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
MS08-068 Vulnerability in SMB Could Allow Remote Code Execution (957097)
MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution (958644)
957938 Update for Silverlight: October 20, 2008
MS08-066 Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
MS08-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
MS08-064 Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095)
MS08-062 Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
MS08-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
MS08-060 Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
MS08-059 Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
MS08-058 Cumulative Security Update for Internet Explorer (956390)
MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
956391 Cumulative Security Update of ActiveX Kill Bits
MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
955305 Update for Silverlight 1.0: July 23, 2008
951951 Forefront Client Security Service Pack 1
MS08-051 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
MS08-050 Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
MS08-049 Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
MS08-048 Security Update for Outlook Express and Windows Mail (951066)
MS08-047 Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
MS08-046 Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
MS08-045 Cumulative Security Update for Internet Explorer (953838)
MS08-044 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
MS08-043 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
MS08-042 Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
MS08-041 Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
951072 August 2008 cumulative time zone update for Microsoft Windows operating systems
943462 Internet Security and Acceleration Server 2006 Service Pack 1
MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230)
953649 System Center Configuration Manager Service Pack 1
MS08-036 Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
MS08-035 Vulnerability in Active Directory Could Allow Denial of Service (953235)
MS08-034 Vulnerability in WINS Could Allow Elevation of Privilege (948745)
MS08-033 Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
MS08-032 Cumulative Security Update of ActiveX Kill Bits (950760)
MS08-031 Cumulative Security Update for Internet Explorer (950759)
MS08-030 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
951532 Description of the Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008
951213 Description of the update for Silverlight 1.0: April 4, 2008
MS08-028 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
MS08-026 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
948016 Description of Update Rollup 2 for Exchange Server 2007 Service Pack 1
936929 Windows XP Service Pack 3
949426 Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008
936330 Windows Vista Service Pack 1 (SP1)
MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
MS08-024 Cumulative Security Update for Internet Explorer (947864)
MS08-023 Security Update of ActiveX Kill Bits (948881)
MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553)
MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
948014 Windows Server Update Services 3.0 Service Pack 1
MS08-017 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
MS08-016 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
MS08-015 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
MS08-014 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
946140 Update for Business Contact Manager for Outlook 2007: February 12, 2008
945684 Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1
942846 Update Rollup 6 for Exchange Server 2007
941834 Microsoft Expression Media Service Pack 1
MS08-013 Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
MS08-012 Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
MS08-011 Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
MS08-010 Cumulative Security Update for Internet Explorer (944533)
MS08-009 Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)
940767 Windows Internet Explorer 7 Installation and Availability Update
110806 Microsoft .NET Framework 2.0 Service Pack 1
MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
941652 Business Contact Manager for Outlook 2007 Service Pack 1
940289 Office Compatibility Pack Service Pack 1
937961 Office 2003 Web Components Service Pack 1 for the 2007 Office system
937160 Visio Viewer 2007 Service Pack 1
937158 PowerPoint Viewer 2007 Service Pack 1
937157 Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1
936988 Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1
936984 Microsoft Office 2007 servers Service Pack 1 and Microsoft Office 2007 servers Language Pack Service Pack 1
936982 Microsoft Office 2007 suite Service Pack 1
MS07-069 Cumulative Security Update for Internet Explorer (942615)
MS07-068 Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
MS07-067 Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
MS07-066 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
942840 You may experience slow Web browser performance when you view a Web page that uses JScript in Internet Explorer on a Windows Server 2003-based computer or on a Windows XP-based computer
942763 December 2007 cumulative time zone update for Microsoft Windows operating systems
929300 Microsoft .NET Framework Service Pack 1 for versions 3.0, 2.0, and 1.1
MS07-062 Vulnerability in DNS Could Allow Spoofing (941672)
MS07-061 Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
941421 Update Rollup 5 for Exchange 2007
MS07-060 Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
MS07-059 Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
MS07-058 Vulnerability in RPC Could Allow Denial of Service (933729)
MS07-057 Cumulative Security Update for Internet Explorer (939653)
MS07-056 Security Update for Outlook Express and Windows Mail (941202)
MS07-055 Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
940006 Update Rollup 4 for Exchange 2007
935999 Update Rollup 3 for Exchange 2007
934737 Excel Viewer 2003 Service Pack 3
934736 Word Viewer 2003 Service Pack 3
933867 Microsoft Systems Management Server 2003 Service Pack 3
933360 August 2007 cumulative time zone update for Microsoft Windows operating systems
923648 Outlook Live 2003 Service Pack 3
923643 Windows SharePoint Services Service Pack 3
923642 Office 2003 Service Pack 3 for Proofing Tools
923633 OneNote 2003 Service Pack 3
923622 Project 2003 Service Pack 3
923620 Visio 2003 Service Pack 3
923618 Office 2003 Service Pack 3
MS07-053 Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
MS07-051 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
MS07-047 Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829)
MS07-045 Cumulative Security Update for Internet Explorer (937143)
MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
MS07-041 Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
MS07-040 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
MS07-039 Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
MS07-038 Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
MS07-037 Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)
MS07-036 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123)
MS07-033 Cumulative Security Update for Internet Explorer (933566)
MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
MS07-027 Cumulative Security Update for Internet Explorer (931768)
MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
933669 Update for PowerPoint 2003: May 8, 2007
924406 Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
MS07-022 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
932726 Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007.
MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
923435 Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003
914961 Windows Server 2003 Service Pack 2
921896 SQL Server 2005 Service Pack 2
MS07-016 Cumulative Security Update for Internet Explorer (928090)
MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
931836 February 2007 cumulative time zone update for Microsoft Windows operating systems
929060 Update for PowerPoint 2003: February 13, 2007
929058 Update for Excel 2003: February 13, 2007
928957 Visual Studio 2005 Service Pack 1 release notes
MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
924886 Update for Office 2003: December 12, 2006
MS06-078 Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
MS06-077 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
MS06-076 Cumulative Security Update for Outlook Express (923694)
MS06-075 Vulnerability in Windows Could Allow Elevation of Privilege (926255)
MS06-074 Vulnerability in SNMP Could Allow Remote Code Execution (926247)
MS06-073 Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
MS06-072 Cumulative Security Update for Internet Explorer (925454)
899738 Systems Management Server 2003 Service Pack 2
917275 Windows Rights Management Services with Service Pack 2
MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
MS06-067 Cumulative Security Update for Internet Explorer (922760)
MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
926874 Windows Internet Explorer 7
MS06-065 Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
MS06-064 Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
MS06-063 Vulnerability in Server Service Could Allow Denial of Service (923414)
MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
MS06-061 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
MS06-056 Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
MS06-054 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
MS06-053 Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)
MS06-051 Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
MS06-049 Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
MS06-048 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
MS06-043 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
MS06-042 Cumulative Security Update for Internet Explorer (918899)
MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)
MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883)
920115 Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
MS06-037 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159)
MS06-034 Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
MS06-031 Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
MS06-030 Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
MS06-029 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
MS06-028 Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
MS06-021 Cumulative Security Update for Internet Explorer (916281)
MS06-020 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
MS06-018 Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
MS06-017 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
MS06-016 Cumulative Security Update for Outlook Express (911567)
MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
MS06-013 Cumulative Security Update for Internet Explorer (912812)
MS06-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
MS06-008 Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)
MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
MS06-004 Cumulative Security Update for Internet Explorer (910620)
MS06-003 Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
MS06-002 Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
MS05-055 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
MS05-054 Cumulative Security Update for Internet Explorer (905915)
MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
MS05-052 Cumulative Security Update for Internet Explorer (896688)
MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
MS05-048 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
MS05-047 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
MS05-045 Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
MS05-044 Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
MS05-043 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
MS05-038 Cumulative Security Update for Internet Explorer (896727)
MS05-037 Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
MS05-035 Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
MS05-033 Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
MS05-032 Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
MS05-031 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)
MS05-030 Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)
MS05-028 Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)
MS05-027 Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)
MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
MS05-025 Cumulative Security Update for Internet Explorer (883939)
MS05-024 Vulnerability in Web View Could Allow Remote Code Execution (894320)
MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
MS05-020 Cumulative Security Update for Internet Explorer (890923)
MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944)
MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
MS05-014 Cumulative Security Update for Internet Explorer (867282)
MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution (885834)
MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302)
MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
MS05-005 Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
MS05-004 ASP.NET Path Validation Vulnerability (887219)
MS05-003 Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175)
MS04-045 Vulnerability in WINS Could Allow Remote Code Execution (870763)
MS04-044 Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
MS04-043 Vulnerability in HyperTerminal Could Allow Code Execution (873339)
MS04-041 Vulnerability in WordPad Could Allow Code Execution (885836)
MS04-040 Cumulative Security Update for Internet Explorer (889293)
MS04-038 Cumulative Security Update for Internet Explorer (834707)
MS04-037 Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
MS04-036 Vulnerability in NNTP Could Allow Remote Code Execution (883935)
MS04-035 Vulnerability in SMTP Could Allow Remote Code Execution (885881)
MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
MS04-032 Security Update for Microsoft Windows (840987)
MS04-031 Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
MS04-030 Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
MS04-027 Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
MS04-025 Cumulative Security Update for Internet Explorer (867801)
MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315)
MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (841873)
MS04-020 Vulnerability in POSIX Could Allow Code Execution (841872)
MS04-019 Vulnerability in Utility Manager Could Allow Code Execution (842526)
MS04-018 Cumulative Security Update for Outlook Express (823353)
MS04-016 Vulnerability in DirectPlay Could Allow Denial of Service (839643)
MS04-015 Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)
MS04-014 Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
MS04-013 Cumulative Security Update for Outlook Express (837009)
MS04-012 Cumulative Update for Microsoft RPC/DCOM (828741)
MS04-011 Security Update for Microsoft Windows (835732)
MS04-008 Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)
MS04-007 ASN.1 Vulnerability Could Allow Code Execution (828028)
MS04-006 Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
MS04-004 Cumulative Security Update for Internet Explorer (832894)
MS04-003 Buffer Overrun in MDAC Function Could Allow Code Execution (832483)
MS03-051 Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
MS03-049 Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
MS03-048 Cumulative Security Update for Internet Explorer (824145)
MS03-045 Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
MS03-044 Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
MS03-043 Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
MS03-042 Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
MS03-041 Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
MS03-040 Cumulative Patch for Internet Explorer (828750)
MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
MS03-034 Flaw in NetBIOS Could Lead to Information Disclosure (824105)
MS03-033 Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
MS03-031 Cumulative Patch for Microsoft SQL Server (815495)
MS03-030 Unchecked Buffer in DirectX Could Enable System Compromise (819696)
MS03-027 Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
MS03-025 Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)
MS03-024 Buffer Overrun in Windows Could Lead to Data Corruption (817606)
MS03-023 Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
MS03-022 Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
MS03-021 Flaw In Windows Media Player May Allow Media Library Access (819639)
MS03-018 Cumulative Patch for Internet Information Service (811114)
MS03-017 Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
MS03-014 Cumulative Patch for Outlook Express (330994)
MS03-013 Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)
MS03-011 Flaw in Microsoft VM Could Enable System Compromise (816093)
MS03-010 Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)
MS03-008 Flaw in Windows Script Engine Could Allow Code Execution (814078)
MS03-007 Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)
MS03-005 No Title Available
MS03-001 Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
MS02-072 Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)
MS02-071 Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
MS02-070 Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
MS02-065 Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
MS02-063 Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
MS02-062 Cumulative Patch for Internet Information Service (Q327696)
MS02-060 Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)
MS02-058 Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)
MS02-055 Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)
MS02-054 Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
MS02-053 Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
MS02-051 Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)
MS02-050 Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
MS02-048 Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172)
MS02-045 Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)
MS02-042 Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)
MS02-032 26 June 2002 Cumulative Patch for Windows Media Player (Q320920)
MS02-029 Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
MS02-024 Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206)
MS02-017 Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967)
MS02-012 Malformed Data Transfer Request can Cause Windows SMTP Service to Fail
MS02-009 Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
MS02-008 XMLHTTP Control Can Allow Access to Local Files
MS02-006 Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
MS01-059 Unchecked Buffer in Universal Plug and Play can Lead to System Compromise
919004 Windows Server Update Services Service Pack 1
917347 Update for Word 2002: July 11, 2006
917153 Update for PowerPoint 2002: July 11, 2006
913807 Update for Outlook 2003: March 14, 2006
913571 Updates for Office 2003: March 14, 2006
913090 SQL Server 2005 Service Pack 1
912440 Description of the update for Office 2003 Alternative User Input: May 9, 2006
907747 Update for Intelligent Message Filter for Exchange Server 2003
903676 Microsoft Internet Security and Acceleration Server 2004 Service Pack (SP2).
902963 Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
902848 Outlook Live 2003 Service Pack 2
891861 Update Rollup 1 for Windows 2000 SP4 and known issues
890830 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000
889101 Release notes for Windows Server 2003 Service Pack 1
887624 Description of Windows SharePoint Services Service Pack 2
887622 Description of Visio 2003 Service Pack 2
887620 Description of Project 2003 Service Pack 2
887619 Description of OneNote 2003 Service Pack 2
887618 Description of Office 2003 Service Pack 2 for Proofing Tools
887616 Description of Office 2003 Service Pack 2
870540 Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
867461 List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3
867460 List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1 (SP1)
843188 Description of Office 2003 Service Pack 1 for Proofing Tools
842774 Description of OneNote 2003 Service Pack 1
842532 Description of Office 2003 Service Pack 1
841876 Description of Windows SharePoint Services Service Pack 1
840663 Description of Visio 2003 Service Pack 1
837240 Description of Project 2003 Service Pack 1
834693 Description of Office XP Service Pack 3 for Access 2002 Runtime
832671 Description of Microsoft Office XP Service Pack 3
830242 Description of Visio 2002 Service Pack 2
830241 Description of Microsoft Project 2002 Service Pack 1
826939 Help and Support
811113 List of fixes included in Windows XP Service Pack 2
321884 INFO: List of Bugs Fixed in Microsoft .NET Framework Service Pack 2
899456 Release manifest for MDAC 2.8 Service Pack 1 (2.81.1117.6)
884525 Additions to the SQL Server 2000 Service Pack 4 readme files
842262 Release manifest for the MDAC 2.7 Service Pack 1 Refresh (2.71.9040.2)


 More information on each product update

Bulletin ID:
MS09-027
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for all supported editions of Microsoft Office Word 2000. For all supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac, and all supported versions of Open XML File Format Converter for Mac, Microsoft Office Compatibility Pack, and Microsoft Office Word Viewers, this security update is rated Important.
Applies to:
Office 2003
Office 2007
Office 2002/XP


Bulletin ID:
MS09-026
Title:
Vulnerability in RPC Could Allow Elevation of Privilege (970238)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS09-025
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
Update Type:
Security Update
Severity:
Important
This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS09-024
Title:
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office Word 2000. This security update is also rated important for supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003 with the Microsoft Works 6–9 File Converter, and Microsoft Office Word 2007 Service Pack 1; and Microsoft Works 8.5 and Microsoft Works 9.
Applies to:
Office 2007
Office 2002/XP


Bulletin ID:
MS09-023
Title:
Vulnerability in Windows Search Could Allow Information Disclosure (963093)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not preinstalled on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability. This security update is rated Moderate for Windows Search installed on all supported editions of Windows XP and Windows Server 2003.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS09-022
Title:
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Microsoft Windows 2000; Moderate for all supported editions of Windows XP and Windows Server 2003; and Important for all supported editions of Windows Vista and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS09-021
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack, this security update is rated Important. The update addresses the vulnerabilities by modifying the way that Excel parses Excel files.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS09-020
Title:
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs. This security update is rated Important for Microsoft Internet Information Services on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS09-019
Title:
Cumulative Security Update for Internet Explorer (969897)
Update Type:
Security Update
Severity:
Critical
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Important for Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP and Windows Vista; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003 and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows Vista
Windows Internet Explorer 8 Dynamic Installer
Windows Internet Explorer 7.0 Dynamic Installer
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008


Bulletin ID:
MS09-018
Title:
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server, and rated Important for supported versions of Windows XP Professional and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
948465
Title:
Windows Vista SP2 and Windows Server 2008 SP2
Update Type:
Service Pack
Severity:
Service Pack 2 for Windows Vista and for Windows Server 2008.
Applies to:
Windows Vista
Windows Server 2008


Bulletin ID:
MS09-017
Title:
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000. For supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; all supported versions of PowerPoint Viewer, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; Microsoft Works 8.5; and Microsoft Works 9.0, this security update is rated Important.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
968369
Title:
SQL Server 2008 Service Pack 1
Update Type:
Service Pack
Severity:
SQL Server 2008 Service Pack 1
Applies to:
SQL Server 2008


Bulletin ID:
960911
Title:
Windows Small Business Server 2008 Update Rollup 2
Update Type:
Update Rollup
Severity:
Windows Small Business Server 2008 Update Rollup 2
Applies to:
Windows Small Business Server 2008


Bulletin ID:
957324
Title:
Office 2007 Service Pack 2 - Business Contact Manager
Update Type:
Service Pack
Severity:
Office 2007 Service Pack 2 - Business Contact Manager
Applies to:
Office 2007


Bulletin ID:
957262
Title:
Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components
Update Type:
Service Pack
Severity:
Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components
Applies to:
Office 2007


Bulletin ID:
953338
Title:
Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2)
Update Type:
Service Pack
Severity:
Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2)
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008


Bulletin ID:
953336
Title:
Excel Viewer 2007 Service Pack 2
Update Type:
Service Pack
Severity:
Excel Viewer 2007 Service Pack 2
Applies to:
Office 2007


Bulletin ID:
953335
Title:
Visio Viewer 2007 Service Pack 2
Update Type:
Service Pack
Severity:
Visio Viewer 2007 Service Pack 2
Applies to:
Office 2007


Bulletin ID:
953334
Title:
Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2
Update Type:
Service Pack
Severity:
Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2
Applies to:
Office 2007


Bulletin ID:
953332
Title:
PowerPoint Viewer 2007 Service Pack 2
Update Type:
Service Pack
Severity:
PowerPoint Viewer 2007 Service Pack 2
Applies to:
Office 2007


Bulletin ID:
953331
Title:
Office Compatibility Pack Service Pack 2
Update Type:
Service Pack
Severity:
Office Compatibility Pack Service Pack 2
Applies to:
Office 2007


Bulletin ID:
953329
Title:
Calendar Printing Assistant for Outlook 2007 Service Pack 2
Update Type:
Service Pack
Severity:
Calendar Printing Assistant for Outlook 2007 Service Pack 2
Applies to:
Office 2007


Bulletin ID:
953195
Title:
Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2
Update Type:
Service Pack
Severity:
Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2
Applies to:
Office 2007


Bulletin ID:
MS09-016
Title:
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker. This security update is rated Important for Forefront TMG MBE, ISA Server 2004, and ISA Server 2006.
Applies to:
Forefront TMG MBE
Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2004


Bulletin ID:
MS09-015
Title:
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances. This security update is rated Moderate for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. On Microsoft Windows 2000, this update is only classified as a defense-in-depth change. Details are available in the section, Frequently Asked Questions (FAQ) Related to This Security Update.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS09-014
Title:
Cumulative Security Update for Internet Explorer (963027)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows XP; and Internet Explorer 7 running on supported editions of Windows Vista. For Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Important.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS09-013
Title:
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
Update Type:
Security Update
Severity:
Critical
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS09-012
Title:
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
Update Type:
Security Update
Severity:
Important
This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista


Bulletin ID:
MS09-011
Title:
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS09-010
Title:
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
Update Type:
Security Update
Severity:
Critical
This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word. This security update is rated Critical for supported editions of Microsoft Office Word 2000. This security update is also rated Important for supported editions of Microsoft Office Word 2002; Microsoft Office Converter Pack; and WordPad on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP
Office 2002/XP
Office 2003


Bulletin ID:
MS09-009
Title:
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; all supported versions of Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack Service Pack 1, this security update is rated Important.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
960384
Title:
Update Rollup for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup for Exchange Server 2007 Service Pack 1
Applies to:
Exchange Server 2007


Bulletin ID:
MS09-008
Title:
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 2000


Bulletin ID:
MS09-007
Title:
Vulnerability in SChannel Could Allow Spoofing (960225)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS09-006
Title:
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows Server 2008
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows 7 Client
Windows 7 Server


Bulletin ID:
960353
Title:
Update for Microsoft Silverlight, February 18, 2009
Update Type:
Update Rollup
Severity:
This update includes stability improvements in media and in accessibility. This update is backward-compatible with applications that were created against earlier versions of Silverlight.
Applies to:
Silverlight


Bulletin ID:
959057
Title:
Microsoft Office Accounting 2009 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Office Accounting 2009 Service Pack 1 for Accounting Professional 2009 and for Accounting Express 2009.
Applies to:
Office 2007


Bulletin ID:
MS09-005
Title:
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
Update Type:
Security Update
Severity:
Important
This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, and Microsoft Office Visio 2007 Service Pack 1.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS09-004
Title:
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue. This security update is rated Important for supported releases of SQL Server 2000, SQL Server 2005 Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
SQL Server
SQL Server 2005


Bulletin ID:
MS09-003
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
Update Type:
Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding. This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007.
Applies to:
Exchange Server 2007
Exchange Server 2003
Exchange 2000 Server


Bulletin ID:
MS09-002
Title:
Cumulative Security Update for Internet Explorer (961260)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Vista


Bulletin ID:
960715
Title:
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits
Update Type:
Update Rollup
Severity:
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
958715
Title:
Windows Small Business Server 2008 Update Rollup 1
Update Type:
Update Rollup
Severity:
Windows Small Business Server 2008 Update Rollup 1
Applies to:
Windows Small Business Server 2008


Bulletin ID:
955706
Title:
SQL Server 2005 Service Pack 3
Update Type:
Service Pack
Severity:
SQL Server 2005 Service Pack 3
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
SQL Server 2005


Bulletin ID:
951847
Title:
.NET Framework 3.5 Service Pack 1
Update Type:
Service Pack
Severity:
.NET Framework 3.5 Service Pack 1
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP


Bulletin ID:
MS09-001
Title:
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-078
Title:
Security Update for Internet Explorer (960714)
Update Type:
Security Update
Severity:
Critical
This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista


Bulletin ID:
MS08-077
Title:
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure. This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008.
Applies to:
Office 2007


Bulletin ID:
MS08-076
Title:
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008.
Applies to:
Windows Server 2008
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Vista


Bulletin ID:
MS08-075
Title:
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
Applies to:
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-074
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-073
Title:
Cumulative Security Update for Internet Explorer (958215)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-072
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
Update Type:
Security Update
Severity:
Critical
This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-071
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-070
Title:
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported components of the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, Microsoft Office Project 2007; and the Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean versions of Microsoft Office FrontPage 2002.
Applies to:
Office 2007
Office 2003


Bulletin ID:
957388
Title:
December 2008 Windows Vista and Windows Server 2008 Application Compatibility Update
Update Type:
Update Rollup
Severity:
December2008 Windows Vista and Windows Server 2008 Application Compatibility Update.
Applies to:
Windows Server 2008
Windows Vista


Bulletin ID:
953467
Title:
Update Rollup 5 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 5 for Exchange Server 2007 Service Pack 1.
Applies to:
Exchange Server 2007


Bulletin ID:
MS08-069
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Update Type:
Security Update
Severity:
Critical
This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft XML Core Services 3.0 and Important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Office 2007
Office 2003


Bulletin ID:
MS08-068
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957097)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-067
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
957938
Title:
Update for Silverlight: October 20, 2008
Update Type:
Update Rollup
Severity:
This major update includes improvements in performance, in security, and in functionality. This update is backward compatible with Silverlight 1.0 Web applications.
Applies to:
Silverlight


Bulletin ID:
MS08-066
Title:
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is an important security update for all supported editions of Windows XP and Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS08-065
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled. This security update is rated Important for all supported editions of Microsoft Windows 2000.
Applies to:
Windows 2000


Bulletin ID:
MS08-064
Title:
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-063
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957095)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista


Bulletin ID:
MS08-062
Title:
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008.
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-061
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
Update Type:
Security Update
Severity:
Important
This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-060
Title:
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability. This security update is rated Critical for implementations of Active Directory on Microsoft Windows 2000 Server.
Applies to:
Windows 2000


Bulletin ID:
MS08-059
Title:
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights. This security update is rated Critical for all supported editions of Microsoft Host Integration Server 2000, Microsoft Host Integration Server 2004, and Microsoft Host Integration Server 2006.
Applies to:
Host Integration Server 2006
Host Integration Server 2004
Host Integration Server 2000


Bulletin ID:
MS08-058
Title:
Cumulative Security Update for Internet Explorer (956390)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on all supported editions of Microsoft Windows 2000, and for Internet Explorer 6 running on all supported editions of Windows XP. For Internet Explorer 7 running on all supported editions of Windows XP and Windows Vista, this security update is rated Important. Otherwise, this security update is rated Moderate or Low.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-057
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Office Excel 2000 and rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack , Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-056
Title:
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site. This security update is rated Moderate for supported editions of Microsoft Office XP. The security update addresses the vulnerability by unregistering the CDO protocol.
Applies to:
Office 2002/XP


Bulletin ID:
956391
Title:
Cumulative Security Update of ActiveX Kill Bits
Update Type:
Update Rollup
Severity:
Cumulative Security Update of ActiveX Kill Bits
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-055
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Office 2007
Office 2003


Bulletin ID:
MS08-054
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported and affected editions of Windows Media Player 11.
Applies to:
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS08-053
Title:
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported and affected editions of Microsoft Windows 2000, Windows XP, and Windows Vista, and Moderate for supported and affected versions of Windows Server 2003 and Windows Server 2008.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition


Bulletin ID:
MS08-052
Title:
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package. This security update is rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, Microsoft Visio 2002, Microsoft Office PowerPoint Viewer 2003, Microsoft Works 8, and Microsoft Forefront Client Security 1.0.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
SQL Server 2005
Windows 2000
Visual Studio 2008
Visual Studio 2005
Forefront Client Security
Office 2002/XP
Office 2003
Office 2007
Windows Server 2008
Windows Vista
SQL Server


Bulletin ID:
955305
Title:
Update for Silverlight 1.0: July 23, 2008
Update Type:
Update Rollup
Severity:
Update for Silverlight 1.0: July 23, 2008
Applies to:
Silverlight


Bulletin ID:
951951
Title:
Forefront Client Security Service Pack 1
Update Type:
Service Pack
Severity:
Forefront Client Security Service Pack 1
Applies to:
Forefront Client Security


Bulletin ID:
MS08-051
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
Update Type:
Security Update
Severity:
Critical
This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000 and rated Important for supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office PowerPoint Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac.
Applies to:
Office 2003
Office 2007
Office 2002/XP


Bulletin ID:
MS08-050
Title:
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user. This security update is rated Important for all supported editions of Microsoft Windows 2000 and Windows XP, and Moderate for all supported versions of Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP


Bulletin ID:
MS08-049
Title:
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
Update Type:
Security Update
Severity:
Important
This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-048
Title:
Security Update for Outlook Express and Windows Mail (951066)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for supported editions of Windows XP and Windows Vista and rated Low for supported editions of Windows Server 2003 and Windows Server 2008.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-047
Title:
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. This update is rated Important for all supported versions of Windows Vista and Windows Server 2008.
Applies to:
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-046
Title:
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
Update Type:
Security Update
Severity:
Critical
This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update is rated Critical for all supported versions of Microsoft Windows 2000, Windows XP and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS08-045
Title:
Cumulative Security Update for Internet Explorer (953838)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported releases of Internet Explorer.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-044
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Update Type:
Security Update
Severity:
Critical
This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office 2000, and Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Project 2002 Service Pack 1, Microsoft Office Converter Pack, and Microsoft Works 8.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS08-043
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
Update Type:
Security Update
Severity:
Critical
This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel 2003 Service Pack 3, Excel Viewer 2003, Excel Viewer 2003 Service Pack 3, Excel 2007, Excel 2007 Service Pack 1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-042
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for supported editions of Microsoft Word 2002 and Microsoft Word 2003.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS08-041
Title:
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003. The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
951072
Title:
August 2008 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
August 2008 cumulative time zone update for Microsoft Windows operating systems.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows XP x64 Edition


Bulletin ID:
943462
Title:
Internet Security and Acceleration Server 2006 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1.
Applies to:
Internet Security and Acceleration Server 2006


Bulletin ID:
MS08-040
Title:
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
Update Type:
Security Update
Severity:
Important
This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for supported releases of SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). The security update addresses the vulnerabilities by modifying the way that SQL Server manages page reuse, allocating more memory for the convert function, validating on-disk files before loading them, and validating insert statements.
Applies to:
SQL Server
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008


Bulletin ID:
MS08-039
Title:
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session. This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007.
Applies to:
Exchange Server 2007
Exchange Server 2003


Bulletin ID:
MS08-038
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for all supported editions of Windows Vista and Windows Server 2008.
Applies to:
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-037
Title:
Vulnerabilities in DNS Could Allow Spoofing (953230)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Server 2008


Bulletin ID:
953649
Title:
System Center Configuration Manager Service Pack 1
Update Type:
Service Pack
Severity:
System Center Configuration Manager Service Pack 1.
Applies to:
System Center Configuration Management 2007


Bulletin ID:
MS08-036
Title:
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
Update Type:
Security Update
Severity:
Important
This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003 and rated Moderate for all supported editions of Windows Vista and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-035
Title:
Vulnerability in Active Directory Could Allow Denial of Service (953235)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart. This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, and rated Moderate for select editions of Windows XP Professional, Windows Server 2003, and Windows Server 2008.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows XP x64 Edition
Windows XP


Bulletin ID:
MS08-034
Title:
Vulnerability in WINS Could Allow Elevation of Privilege (948745)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privilege. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This security update is rated Important for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-033
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows 2000
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008


Bulletin ID:
MS08-032
Title:
Cumulative Security Update of ActiveX Kill Bits (950760)
Update Type:
Security Update
Severity:
Moderate
This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb. The security update is rated Moderate for Microsoft Windows 2000 Service Pack 4; all supported editions of Windows XP; and all editions of the original release version of Windows Vista. However, the kill bit deployment also includes Windows Vista Service Pack 1. For all other supported versions of Windows, this security update is rated Low.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-031
Title:
Cumulative Security Update for Internet Explorer (950759)
Update Type:
Security Update
Severity:
Critical
This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer. This security update is rated Critical for Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 on supported versions of Windows XP; and Internet Explorer 7 on supported versions of Windows XP and Windows Vista. The security update is also rated Important for Internet Explorer 5.01 on Microsoft Windows 2000 Service Pack 4, and Moderate for all other supported releases of Internet Explorer.
Applies to:
Windows 2000
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS08-030
Title:
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for all supported editions of Windows XP and Windows Vista.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista


Bulletin ID:
951532
Title:
Description of the Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008
Update Type:
Update Rollup
Severity:
Describes the Microsoft Expression Media issues that are fixed in the Post-SP1 Rollup that is dated April 15, 2008.
Applies to:
Expression Media V1


Bulletin ID:
951213
Title:
Description of the update for Silverlight 1.0: April 4, 2008
Update Type:
Update Rollup
Severity:
Describes the update for Silverlight 1.0 that was released on April 4, 2008. Provides links to the update and to product release notes.
Applies to:
Silverlight


Bulletin ID:
MS08-028
Title:
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
Update Type:
Security Update
Severity:
Important
This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for the Microsoft Jet 4.0 Database Engine.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-027
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Publisher 2000 Service Pack 3 and Important for supported versions of Microsoft Publisher 2002, Microsoft Publisher 2003, and Microsoft Publisher 2007.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-026
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Word 2000 and Microsoft Outlook 2007 and rated Important for supported editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac.
Applies to:
Office 2003
Office 2007
Office 2002/XP


Bulletin ID:
948016
Title:
Description of Update Rollup 2 for Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Describes Update Rollup 2 for Exchange Server 2007 Service Pack 1. Contains information about the issues that the update rollup fixes, the prerequisites for installing it, how to obtain it, and the files that it contains.
Applies to:
Exchange Server 2007


Bulletin ID:
936929
Title:
Windows XP Service Pack 3
Update Type:
Service Pack
Severity:
Windows XP Service Pack 3.
Applies to:
Windows XP


Bulletin ID:
949426
Title:
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008
Update Type:
Service Pack
Severity:
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008.
Applies to:
Office 2007


Bulletin ID:
936330
Title:
Windows Vista Service Pack 1 (SP1)
Update Type:
Service Pack
Severity:
Windows Vista Service Pack 1 (SP1).
Applies to:
Windows Vista


Bulletin ID:
MS08-025
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-024
Title:
Cumulative Security Update for Internet Explorer (947864)
Update Type:
Security Update
Severity:
Critical
This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated Critical for all supported releases of Internet Explorer.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008


Bulletin ID:
MS08-023
Title:
Security Update of ActiveX Kill Bits (948881)
Update Type:
Security Update
Severity:
Critical
This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated Critical for Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4; Windows XP Service Pack 2; and Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2. The security update is rated Important for Windows Vista and Windows Vista Service Pack 1; and Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1. The security update is rated Moderate for all supported editions of Windows Server 2003. For all other supported versions of Windows, this security update is rated Low.
Applies to:
Windows Server 2008
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-022
Title:
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS08-021
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for Microsoft Windows 2000 Service Pack 4, and all supported releases of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista


Bulletin ID:
MS08-020
Title:
Vulnerability in DNS Client Could Allow Spoofing (945553)
Update Type:
Security Update
Severity:
Important
This security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. This is an important security update for Windows Vista and all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista


Bulletin ID:
MS08-019
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Update Type:
Security Update
Severity:
Important
This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007, and Microsoft Office Visio 2007 Service Pack 1.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-018
Title:
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Project 2000 Service Release 1 and rated Important for Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 2.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
948014
Title:
Windows Server Update Services 3.0 Service Pack 1
Update Type:
Service Pack
Severity:
Windows Server Update Services 3.0 Service Pack 1.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition


Bulletin ID:
MS08-017
Title:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
Update Type:
Security Update
Severity:
Critical
This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for implementations of Microsoft Office Web Components 2000 on supported editions of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003 Service Pack 1, Microsoft BizTalk Server 2000 and Microsoft BizTalk Server 2002, Microsoft Commerce Server 2000, and Internet Security and Acceleration Server 2000 Service Pack 2.
Applies to:
Office 2002/XP


Bulletin ID:
MS08-016
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
Update Type:
Security Update
Severity:
Critical
This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Office 2000 and rated Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Excel Viewer 2003 and Microsoft Excel Viewer 2003 Service Pack 3, and Microsoft Office 2004 for Mac.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS08-015
Title:
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. This security update is rated Critical for supported editions of Microsoft Office Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2 and Service Pack 3, and Outlook 2007.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS08-014
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
Update Type:
Security Update
Severity:
Critical
This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office 2004 for Mac, and Office 2008 for Mac.
Applies to:
Office 2003
Office 2007
Office 2002/XP


Bulletin ID:
946140
Title:
Update for Business Contact Manager for Outlook 2007: February 12, 2008
Update Type:
Critical Update
Severity:
This update changes the startup behavior of the SQL Server service so that the service is started only when Business Contact Manager for Outlook 2007 requires it.
Applies to:
Office 2007


Bulletin ID:
945684
Title:
Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1
Update Type:
Update Rollup
Severity:
Update Rollup 1 for Microsoft Exchange Server 2007 SP1.
Applies to:
Exchange Server 2007


Bulletin ID:
942846
Title:
Update Rollup 6 for Exchange Server 2007
Update Type:
Update Rollup
Severity:
Update Rollup 6 for Exchange Server 2007.
Applies to:
Exchange Server 2007


Bulletin ID:
941834
Title:
Microsoft Expression Media Service Pack 1
Update Type:
Service Pack
Severity:
Expression Media Service Pack 1.
Applies to:
Expression Media V1


Bulletin ID:
MS08-013
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for all supported editions of Microsoft Office 2000 and an important security update for Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2004 for Mac.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS08-012
Title:
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported releases of Microsoft Office Publisher 2000; supported releases of Microsoft Office Publisher 2002; and supported editions of Microsoft Office Publisher 2003 Service Pack 2. Microsoft Publisher 2003 Service Pack 3, Microsoft Office Publisher 2007, and Microsoft Office Publisher 2007 Service Pack 1 are not impacted by this vulnerability.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS08-011
Title:
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
Update Type:
Security Update
Severity:
Important
This important security update resolves three privately reported vulnerabilities in the Microsoft Works File Converter. These vulnerabilities could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is an important security update for all supported editions of Microsoft Works Converter.
Applies to:
Office 2003


Bulletin ID:
MS08-010
Title:
Cumulative Security Update for Internet Explorer (944533)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated critical for all supported releases of Internet Explorer.
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-009
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported editions of Microsoft Office 2000 and an important security update for Microsoft Office XP, Microsoft Office 2003, and Microsoft Office Word Viewer 2003.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS08-008
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
MS08-007
Title:
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves one privately reported vulnerability in the WebDAV Mini-Redirector. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for all supported editions of Windows XP and Windows Vista and an important security update for all supported editions of Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS08-006
Title:
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings. The security update is rated important for Microsoft Internet Information Services on all supported editions of Windows XP and Windows Server 2003.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS08-005
Title:
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated Important for Microsoft Internet Information Services 5.0 on Microsoft Windows 2000, Microsoft Internet Information Services 5.1 on Windows XP, Microsoft Internet Information Server 6.0 on Windows Server 2003, and Microsoft Internet Information Services 7.0 on Windows Vista.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-004
Title:
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. This is an important security update for all supported editions of Windows Vista.
Applies to:
Windows Vista


Bulletin ID:
MS08-003
Title:
Vulnerability in Active Directory Could Allow Denial of Service (946538)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability could allow a denial of service condition. On Windows Server 2003 and Windows XP an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart. This is an important security update for all supported editions of Microsoft Windows 2000, and a moderate security update for Windows XP, and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
940767
Title:
Windows Internet Explorer 7 Installation and Availability Update
Update Type:
Update Rollup
Severity:
Windows Internet Explorer 7 Installation and Availability Update.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP


Bulletin ID:
110806
Title:
Microsoft .NET Framework 2.0 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft .NET Framework 2.0 Service Pack 1 provides cumulative roll-up updates for customer reported issues found after the release of Microsoft .NET Framework 2.0. In addition, this release provides security improvements, and prerequisite feature support for .NET Framework 3.0 Service Pack 1, and .NET Framework 3.5.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS08-002
Title:
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
Update Type:
Security Update
Severity:
Important
This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is an important security update for all supported editions of Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS08-001
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is a critical security update for all supported editions of Windows XP and Windows Vista, an important security update for all supported editions of Windows Server 2003, and a moderate security update for all supported editions of Microsoft Windows 2000.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 2000


Bulletin ID:
941652
Title:
Business Contact Manager for Outlook 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Business Contact Manager for Outlook 2007 Service Pack 1.
Applies to:
Office 2007


Bulletin ID:
940289
Title:
Office Compatibility Pack Service Pack 1
Update Type:
Service Pack
Severity:
This service pack delivers important customer-requested stability and performance improvements. It also includes improvements in user security.
Applies to:
Office 2007


Bulletin ID:
937961
Title:
Office 2003 Web Components Service Pack 1 for the 2007 Office system
Update Type:
Service Pack
Severity:
Office 2003 Web Components SP1 for the 2007 Office system. This service pack provides the latest updates to the Office 2003 Web Components for the 2007 Office system.
Applies to:
Office 2007


Bulletin ID:
937160
Title:
Visio Viewer 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Office Visio Viewer 2007 Service Pack 1.
Applies to:
Office 2007


Bulletin ID:
937158
Title:
PowerPoint Viewer 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Office PowerPoint Viewer 2007 Service Pack 1.
Applies to:
Office 2007


Bulletin ID:
937157
Title:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1
Update Type:
Service Pack
Severity:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1.
Applies to:
Office 2007


Bulletin ID:
936988
Title:
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1
Update Type:
Service Pack
Severity:
Windows SharePoint Services 3.0 SP1 and Windows SharePoint Services Language Pack 3.0 SP1. These service packs contain the latest updates to Windows SharePoint Services 3.0.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
936984
Title:
Microsoft Office 2007 servers Service Pack 1 and Microsoft Office 2007 servers Language Pack Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Office servers 2007 SP1 and Microsoft Office 2007 servers Language Pack SP1. This service pack provides the latest updates to all of the 2007 Microsoft Office servers.
Applies to:
Office 2007


Bulletin ID:
936982
Title:
Microsoft Office 2007 suite Service Pack 1
Update Type:
Service Pack
Severity:
Microsoft Office 2007 suite Service Pack 1.
Applies to:
Office 2007


Bulletin ID:
MS07-069
Title:
Cumulative Security Update for Internet Explorer (942615)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista


Bulletin ID:
MS07-068
Title:
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported editions of Windows Media Format Runtime 7.1, 9, 9.5, 11 and for Windows Media Services 9.1.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows Vista


Bulletin ID:
MS07-067
Title:
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
Update Type:
Security Update
Severity:
Important
This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. An attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This is an important security update for supported editions of Windows XP and Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP


Bulletin ID:
MS07-066
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This is an important security update for supported editions of Windows Vista.
Applies to:
Windows Vista


Bulletin ID:
MS07-065
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in Message Queuing Service (MSMQ) that could allow remote code execution in implementations on Microsoft Windows 2000 Server, or elevation of privilege in implementations on Microsoft Windows 2000 Professional and Windows XP. An attacker must have valid logon credentials to exploit this vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts. This is an important security update for supported editions of Microsoft Windows 2000 Server and a moderate security update for supported editions of Windows XP and Windows 2000 Professional.
Applies to:
Windows 2000
Windows XP


Bulletin ID:
MS07-064
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Vista.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
MS07-063
Title:
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2. This is an Important security update for all supported versions of Windows Vista.
Applies to:
Windows Vista


Bulletin ID:
942840
Title:
You may experience slow Web browser performance when you view a Web page that uses JScript in Internet Explorer on a Windows Server 2003-based computer or on a Windows XP-based computer
Update Type:
Unknown Type
Severity:
N/A
Fixes a problem in which you experience slow performance when you view a Web page in Internet Explorer. Specifically, this problem occurs in Windows Server 2003 and Windows CP environments. This hotfix provides improvements over hotfix 919237.
Applies to:


Bulletin ID:
942763
Title:
December 2007 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
December 2007 cumulative time zone update for Windows XP, for Windows Vista, and for Windows Server 2003.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
929300
Title:
Microsoft .NET Framework Service Pack 1 for versions 3.0, 2.0, and 1.1
Update Type:
Service Pack
Severity:
Service Pack 1 for Microsoft .NET Framework versions 3.0, 2.0, and 1.1.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS07-062
Title:
Vulnerability in DNS Could Allow Spoofing (941672)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. This is an important security update for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-061
Title:
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
Update Type:
Security Update
Severity:
Critical
This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003. This is a critical security update for all supported editions of Windows XP and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP


Bulletin ID:
941421
Title:
Update Rollup 5 for Exchange 2007
Update Type:
Update Rollup
Severity:
Update Rollup 5 for Exchange 2007
Applies to:
Exchange Server 2007


Bulletin ID:
MS07-060
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported editions of Microsoft Office 2000, Microsoft Office XP, and Microsoft Office 2004 for Mac.
Applies to:
Office 2002/XP


Bulletin ID:
MS07-059
Title:
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
Update Type:
Security Update
Severity:
Important
This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation. The security update is rated important for Microsoft SharePoint Services 3.0 in supported editions of Microsoft Windows Server 2003 and for supported editions of Microsoft Office SharePoint Server 2007. The security update addresses the vulnerability by modifying the way that Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 validate URL-encoded requests.
Applies to:
Office 2007
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS07-058
Title:
Vulnerability in RPC Could Allow Denial of Service (933729)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
MS07-057
Title:
Cumulative Security Update for Internet Explorer (939653)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
MS07-056
Title:
Security Update for Outlook Express and Windows Mail (941202)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page. This is a critical security update for all supported versions of Microsoft Outlook express and Microsoft Windows Mail.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
MS07-055
Title:
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability exists only on systems running Windows 2000. However, systems running supported editions of Windows XP and Windows Server 2003 may also be affected if upgraded from Windows 2000. This is a critical security update for Windows 2000 Service Pack 4, Windows XP Service Pack 2, and supported 32-bit editions of Windows Server 2003.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
940006
Title:
Update Rollup 4 for Exchange 2007
Update Type:
Update Rollup
Severity:
Update Rollup 4 for Exchange 2007.
Applies to:
Exchange Server 2007


Bulletin ID:
935999
Title:
Update Rollup 3 for Exchange 2007
Update Type:
Update Rollup
Severity:
Update Rollup 3 for Exchange 2007.
Applies to:
Exchange Server 2007


Bulletin ID:
934737
Title:
Excel Viewer 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Excel 2003 Viewer SP3 contains significant security improvements, stability improvements, and performance improvements. Some fixes that are included with Excel Viewer 2003 SP3 were previously released in separate updates.
Applies to:
Office 2003


Bulletin ID:
934736
Title:
Word Viewer 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Microsoft Word Viewer 2003 SP3 contains significant security enhancements, stability improvements, and performance improvements. Some fixes that are included with Word Viewer 2003 SP3 were previously released in separate updates.
Applies to:
Office 2003


Bulletin ID:
933867
Title:
Microsoft Systems Management Server 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Systems Management Server (SMS) 2003 Service Pack 3 (SP3)
Applies to:
Systems Management Server 2003


Bulletin ID:
933360
Title:
August 2007 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
August 2007 cumulative time zone update that is available for Microsoft Windows operating systems.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP
Windows XP x64 Edition


Bulletin ID:
923648
Title:
Outlook Live 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Outlook Live 2003 Service Pack 3
Applies to:
Office 2003


Bulletin ID:
923643
Title:
Windows SharePoint Services Service Pack 3
Update Type:
Service Pack
Severity:
Windows SharePoint Services Service Pack 3 provides the latest updates to Windows SharePoint Services.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
923642
Title:
Office 2003 Service Pack 3 for Proofing Tools
Update Type:
Service Pack
Severity:
Office 2003 SP3 fixes that were released earlier in separate updates.
Applies to:
Office 2003


Bulletin ID:
923633
Title:
OneNote 2003 Service Pack 3
Update Type:
Service Pack
Severity:
OneNote 2003 Service Pack 3 provides the latest updates to Microsoft Office OneNote 2003.
Applies to:
Office 2003


Bulletin ID:
923622
Title:
Project 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Project 2003 Service Pack 3 (SP3) contains significant security improvements in addition to stability improvements. Some fixes that are included with SP3 were previously released as separate updates. This service pack combines them into one update.
Applies to:
Office 2003


Bulletin ID:
923620
Title:
Visio 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Microsoft Office Visio 2003 SP3 contains significant security improvements and stability improvements. Some fixes that are included with SP3 have been previously released as separate updates. This service pack combines them into one update.
Applies to:
Office 2003


Bulletin ID:
923618
Title:
Office 2003 Service Pack 3
Update Type:
Service Pack
Severity:
Office 2003 SP3 contains security enhancements and stability improvements. Some of the fixes included with Office 2003 SP3 were previously released in separate updates. Office 2003 SP3 combines the previously released fixes into one update.
Applies to:
Office 2003


Bulletin ID:
MS07-053
Title:
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
Update Type:
Security Update
Severity:
Important
This important security update resolves one publicly disclosed vulnerability. A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege. This is an important security update for supported releases of Windows 2000, Windows Server 2003, Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications, a component of Windows Server 2003 and Windows Vista.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista


Bulletin ID:
MS07-052
Title:
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
Update Type:
Security Update
Severity:
Important
This important security update resolves a publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user opens a specially crafted RPT file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is an important security update for supported editions of Visual Studio that include a custom version of Crystal Reports. Only the specific editions of Visual Studio listed in the Affected Software section are affected because they contain Crystal Reports.
Applies to:
Visual Studio 2005


Bulletin ID:
MS07-051
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for Microsoft Windows 2000 Service Pack 4.
Applies to:
Windows 2000


Bulletin ID:
MS07-050
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated critical for supported releases of Internet Explorer 5.01, Internet Explorer 6, and Internet Explorer 7.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows 2000


Bulletin ID:
MS07-049
Title:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Update Type:
Security Update
Severity:
Important
This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability. This is an important security update for supported releases of Microsoft Virtual PC 2004, Microsoft Virtual Server 2005, Microsoft Virtual Server 2005 R2, Microsoft Virtual PC for Mac Version 6.1, and Microsoft Virtual PC for Mac Version 7.
Applies to:
Virtual Server
Virtual PC


Bulletin ID:
MS07-048
Title:
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
Update Type:
Security Update
Severity:
Important
This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is an important security update for all supported editions of Windows Vista.
Applies to:
Windows Vista


Bulletin ID:
MS07-047
Title:
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
Update Type:
Security Update
Severity:
Important
This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is an important security update for supported versions of Windows Media Player 7.1, 9, 10, and 11.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista


Bulletin ID:
MS07-046
Title:
Vulnerability in GDI Could Allow Remote Code Execution (938829)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is a critical security update for all supported editions of Windows except Windows 2003 Server Service Pack 2 and Windows Vista.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-045
Title:
Cumulative Security Update for Internet Explorer (937143)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated critical for supported releases of Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1. For Internet Explorer 6 for supported versions and editions of Windows XP Home and Windows XP Professional, the security update is also rated critical, otherwise it is rated moderate for other supported operating systems. For Internet Explorer 7 for supported versions and editions of Windows XP and Windows XP Professional, and Internet Explorer 7 in Windows Vista, the security update is rated Important, otherwise it is rated low.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS07-044
Title:
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
Update Type:
Security Update
Severity:
Critical
This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, this update is rated important. This update is also rated important for the Excel Viewer 2003.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS07-043
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for all supported editions of Windows 2000, Windows XP, Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS07-042
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for all supported editions of Windows 2000, Windows XP, Windows Vista, Microsoft Office 2003, and 2007 Microsoft Office System.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Office 2007
Office 2003


Bulletin ID:
MS07-041
Title:
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
Update Type:
Security Update
Severity:
Important
This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system. This is an important security update for all supported 32-bit editions of Windows XP Service Pack 2.
Applies to:
Windows XP


Bulletin ID:
MS07-040
Title:
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
Update Type:
Security Update
Severity:
Critical
This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update addresses two vulnerabilities by modifying the way .NET Framework addresses buffer allocation.
Applies to:
Windows Vista
Windows Server 2008
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS07-039
Title:
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is a critical security update for supported editions of Windows 2000 and an important security update for supported editions of Windows Server 2003.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-038
Title:
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
Update Type:
Security Update
Severity:
Moderate
This moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host. This is a moderate security update for all supported editions of Windows Vista.
Applies to:
Windows Vista


Bulletin ID:
MS07-037
Title:
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)
Update Type:
Security Update
Severity:
Important
This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability. This is an important security update for supported releases of Microsoft Office Publisher 2007.
Applies to:
Office 2007


Bulletin ID:
MS07-036
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
Update Type:
Security Update
Severity:
Critical
This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, and 2007 Microsoft Office System this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
MS07-035
Title:
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages. This is a critical security update for all supported versions of Windows 2000, Windows XP, and Windows Server 2003.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-034
Title:
Cumulative Security Update for Outlook Express and Windows Mail (929123)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for supported editions of Windows Vista. For other versions of Windows, this update is rated important or moderate or low.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP


Bulletin ID:
MS07-033
Title:
Cumulative Security Update for Internet Explorer (933566)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction. This is a critical security update for supported releases of Internet Explorer 5.01 and Internet Explorer 6, and most supported releases of Internet Explorer 7. For Internet Explorer 7 for supported versions and editions of Windows Server 2003, this update is rated moderate.
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-032
Title:
Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
Update Type:
Security Update
Severity:
Moderate
This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system. This is a moderate security update for all supported editions of Windows Vista.
Applies to:
Windows Vista


Bulletin ID:
MS07-031
Title:
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
Update Type:
Security Update
Severity:
Critical
This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system. This is a critical security update for supported editions of Windows XP, important for editions of Windows 2003, and moderate for editions of Windows 2000.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-030
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
Update Type:
Security Update
Severity:
Important
This important update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities. This is an important security update for supported versions of Microsoft Visio 2002 and Microsoft Office Visio 2003.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS07-029
Title:
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
Update Type:
Security Update
Severity:
Critical
This update resolves a publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-028
Title:
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
CAPICOM


Bulletin ID:
MS07-027
Title:
Cumulative Security Update for Internet Explorer (931768)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000


Bulletin ID:
MS07-026
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered
Applies to:
Exchange Server 2003
Exchange Server 2007
Exchange 2000 Server


Bulletin ID:
MS07-025
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
Update Type:
Security Update
Severity:
Critical
This update resolves a privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.

Applies to:
Office 2007
Office 2002/XP
Office 2003


Bulletin ID:
MS07-024
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS07-023
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Office 2007
Office 2003
Office 2002/XP


Bulletin ID:
933669
Title:
Update for PowerPoint 2003: May 8, 2007
Update Type:
Critical Update
Severity:
Microsoft has released an update for Microsoft Office PowerPoint 2003. This update enables a network administrator to restrict the presentation types that can be opened or saved in PowerPoint 2003.
Applies to:
Office 2003


Bulletin ID:
924406
Title:
Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
Update Type:
Service Pack
Severity:
Internet Security and Acceleration Server (ISA) Service Pack 3
Applies to:
Internet Security and Acceleration Server 2004


Bulletin ID:
MS07-022
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS07-021
Title:
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-020
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS07-019
Title:
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP


Bulletin ID:
MS07-018
Title:
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP


Bulletin ID:
932726
Title:
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007.
Update Type:
Service Pack
Severity:
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007.
Applies to:
Office 2007


Bulletin ID:
MS07-017
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Vista
Windows XP
Windows 2000


Bulletin ID:
923435
Title:
Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003
Update Type:
Service Pack
Severity:
Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003.
Applies to:
Compute Cluster Pack


Bulletin ID:
914961
Title:
Windows Server 2003 Service Pack 2
Update Type:
Service Pack
Severity:
Windows Server 2003 Service Pack 2.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
921896
Title:
SQL Server 2005 Service Pack 2
Update Type:
Service Pack
Severity:
SQL Server 2005 Service Pack 2.
Applies to:
SQL Server 2005


Bulletin ID:
MS07-016
Title:
Cumulative Security Update for Internet Explorer (928090)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS07-015
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS07-014
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS07-013
Title:
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
Update Type:
Security Update
Severity:
Important
This update addresses a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Office 2002/XP
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-012
Title:
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000


Bulletin ID:
MS07-011
Title:
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS07-009
Title:
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP


Bulletin ID:
MS07-008
Title:
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS07-007
Title:
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP


Bulletin ID:
MS07-006
Title:
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS07-005
Title:
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
931836
Title:
February 2007 cumulative time zone update for Microsoft Windows operating systems
Update Type:
Update Rollup
Severity:
February 2007 cumulative time zone update rollup for Microsoft Windows operating systems.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista


Bulletin ID:
929060
Title:
Update for PowerPoint 2003: February 13, 2007
Update Type:
Critical Update
Severity:
Microsoft has released an update for PowerPoint 2003. When you edit a PowerPoint 2007 presentation that is saved on a SharePoint Portal Server site or on a Windows SharePoint Services site, the changes are not saved.
Applies to:
Office 2003


Bulletin ID:
929058
Title:
Update for Excel 2003: February 13, 2007
Update Type:
Critical Update
Severity:
Microsoft has released an update for Microsoft Office Excel 2003. When you edit a Microsoft Office Excel 2007 workbook that is saved on a SharePoint Portal Server site or on a Windows SharePoint Services site, the changes are not saved.
Applies to:
Office 2003


Bulletin ID:
928957
Title:
Visual Studio 2005 Service Pack 1 release notes
Update Type:
Service Pack
Severity:
Contains the contents of the release notes from Visual Studio 2005 Service Pack 1 (SP1).
Applies to:
Visual Studio 2005


Bulletin ID:
MS07-004
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows 2000


Bulletin ID:
MS07-003
Title:
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately and publicly reported vulnerabilities. The vulnerabilities are documented in the “Vulnerability Details” section of this bulletin. When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS07-002
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS07-001
Title:
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers should apply the update at the earliest opportunity.
Applies to:
Office 2003


Bulletin ID:
924886
Title:
Update for Office 2003: December 12, 2006
Update Type:
Critical Update
Severity:
Microsoft has released an update to the spelling checker for Microsoft Office 2003. This update improves how Office 2003 programs find and correct errors in German-language documents.
Applies to:
Office 2003


Bulletin ID:
MS06-078
Title:
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS06-077
Title:
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows 2000


Bulletin ID:
MS06-076
Title:
Cumulative Security Update for Outlook Express (923694)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers should apply the update at the earliest opportunity.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-075
Title:
Vulnerability in Windows Could Allow Elevation of Privilege (926255)
Update Type:
Security Update
Severity:
Important
This update resolves a privately identified vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-074
Title:
Vulnerability in SNMP Could Allow Remote Code Execution (926247)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP


Bulletin ID:
MS06-073
Title:
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Visual Studio 2005


Bulletin ID:
MS06-072
Title:
Cumulative Security Update for Internet Explorer (925454)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
899738
Title:
Systems Management Server 2003 Service Pack 2
Update Type:
Service Pack
Severity:
Systems Management Server 2003 Service Pack 2
Applies to:
Systems Management Server 2003


Bulletin ID:
917275
Title:
Windows Rights Management Services with Service Pack 2
Update Type:
Service Pack
Severity:
Describes the new features in Microsoft Windows Rights Management Services Service Pack 2 (RMS SP2). The article also provides links to obtain the RMS client software.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-071
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista


Bulletin ID:
MS06-070
Title:
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows 2000


Bulletin ID:
MS06-069
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
Update Type:
Security Update
Severity:
Critical
This update resolves privately reported vulnerabilities in Macromedia Flash Player from Adobe, version 6.0.84.0 and earlier. Macromedia Flash Player is a third party software application that also was redistributed with Microsoft Windows XP Service Pack 2 and Microsoft Windows XP Professional x64 Edition. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. The Adobe Security Bulletin APSB06-11, issued September 12, 2006, describes the vulnerabilities and provides the download locations for customers who have installed Flash Player 7 and higher so that you can install the appropriate update based on the version of Flash Player you are using. Customers that have followed the guidance in the Adobe Security Bulletin are not at risk from these vulnerabilities. If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-068
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000


Bulletin ID:
MS06-067
Title:
Cumulative Security Update for Internet Explorer (922760)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-066
Title:
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Update Type:
Security Update
Severity:
Important
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. The Client Service for NetWare is also called the Gateway Service for NetWare on Windows 2000 Server. On vulnerable versions of Microsoft Windows, an attacker who successfully exploited these vulnerabilities could remotely take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
926874
Title:
Windows Internet Explorer 7
Update Type:
Unknown Type
Severity:
N/A
Windows Internet Explorer 7
Applies to:


Bulletin ID:
MS06-065
Title:
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, significant user interaction is required to exploit this vulnerability. Customers should consider applying the security update
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-064
Title:
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Update Type:
Security Update
Severity:
Low
This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations. An attacker who successfully exploited the most severe of these vulnerabilities against an affected system could cause the system to stop responding or automatically reboot. We recommend that customers evaluate whether to apply the security update to the affected systems.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-063
Title:
Vulnerability in Server Service Could Allow Denial of Service (923414)
Update Type:
Security Update
Severity:
Important
This update resolves publicly and privately reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update at the earliest opportunity
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-062
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS06-061
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Office 2003
SQL Server Feature Pack


Bulletin ID:
MS06-060
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS06-059
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS06-058
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Update Type:
Security Update
Severity:
Critical
This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of PowerPoint, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS06-057
Title:
Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-056
Title:
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to acquire information that could be used to further compromise the affected system. We recommend that customers consider applying the security update.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP


Bulletin ID:
MS06-055
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
Update Type:
Security Update
Severity:
Critical
This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-054
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS06-053
Title:
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to produce useful information that could be used to further compromise the affected system. We recommend that customers consider applying the security update.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-052
Title:
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the vulnerability could take complete control of the affected system. The Windows service needed that would allow PGM communications is not installed by default. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP


Bulletin ID:
MS06-051
Title:
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
Update Type:
Security Update
Severity:
Critical
This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS06-050
Title:
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
Update Type:
Security Update
Severity:
Important
This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required for an attacker to exploit these vulnerabilities. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-049
Title:
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity
Applies to:
Windows 2000


Bulletin ID:
MS06-048
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS06-047
Title:
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. On vulnerable versions of Office or Microsoft Visual Basic for Applications, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP


Bulletin ID:
MS06-046
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-045
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS06-044
Title:
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000


Bulletin ID:
MS06-043
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-042
Title:
Cumulative Security Update for Internet Explorer (918899)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-041
Title:
Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported, vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply this update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-040
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (921883)
Update Type:
Security Update
Severity:
Critical
This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000


Bulletin ID:
920115
Title:
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006
Update Type:
Service Pack
Severity:
Update for Microsoft Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006.
Applies to:
Office 2003


Bulletin ID:
MS06-039
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
Update Type:
Security Update
Severity:
Critical
This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own "Vulnerability Details" section in this bulletin. On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS06-038
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2002/XP
Office 2003


Bulletin ID:
MS06-037
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS06-036
Title:
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000


Bulletin ID:
MS06-035
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (917159)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-034
Title:
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-033
Title:
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-032
Title:
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
Update Type:
Security Update
Severity:
Important
This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers should apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-031
Title:
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly discovered, privately reported vulnerability. A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows 2000


Bulletin ID:
MS06-030
Title:
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
Update Type:
Security Update
Severity:
Important
This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-029
Title:
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
Update Type:
Security Update
Severity:
Important
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could perform script injection attacks. We recommend that customers consider applying the security update.
Applies to:
Exchange Server 2003
Exchange 2000 Server


Bulletin ID:
MS06-028
Title:
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS06-027
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, public vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin. A remote code execution vulnerability exists in Word using a malformed object pointer. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS06-025
Title:
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000


Bulletin ID:
MS06-024
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000


Bulletin ID:
MS06-023
Title:
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered vulnerability. A remote code execution vulnerability exists in Microsoft JScript that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS06-022
Title:
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-021
Title:
Cumulative Security Update for Internet Explorer (916281)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition


Bulletin ID:
MS06-020
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
Update Type:
Security Update
Severity:
Critical
This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-019
Title:
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately
Applies to:
Exchange Server 2003
Exchange 2000 Server


Bulletin ID:
MS06-018
Title:
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
Update Type:
Security Update
Severity:
Moderate
This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. We recommend that customers consider applying the security update.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-017
Title:
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers consider applying the security update.
Applies to:
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-016
Title:
Cumulative Security Update for Outlook Express (911567)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS06-015
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition


Bulletin ID:
MS06-014
Title:
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS06-013
Title:
Cumulative Security Update for Internet Explorer (912812)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-012
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP


Bulletin ID:
MS06-011
Title:
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-009
Title:
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
Update Type:
Security Update
Severity:
Important
Applies to:
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-008
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-007
Title:
Vulnerability in TCP/IP Could Allow Denial of Service (913446)
Update Type:
Security Update
Severity:
Important
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS06-006
Title:
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. We recommend that customers apply the update at the earliest opportunity
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP


Bulletin ID:
MS06-005
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003


Bulletin ID:
MS06-004
Title:
Cumulative Security Update for Internet Explorer (910620)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000


Bulletin ID:
MS06-003
Title:
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. On vulnerable versions of Outlook, Office Language Interface Packs, Office MultiLanguage Packs or Office Multilingual User Interface Packs, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. On vulnerable versions of Exchange, an attacker who successfully exploited this vulnerability could take complete control of an affected system. This vulnerability could be exploited automatically without user interaction. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Office 2003
Office 2002/XP
Exchange 2000 Server


Bulletin ID:
MS06-002
Title:
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. An attacker who successfully exploited this vulnerability could take control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP


Bulletin ID:
MS06-001
Title:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-055
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows 2000


Bulletin ID:
MS05-054
Title:
Cumulative Security Update for Internet Explorer (905915)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-053
Title:
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS05-052
Title:
Cumulative Security Update for Internet Explorer (896688)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered public vulnerability and other privately-reported variations of the same vulnerability. The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer, allow an attacker to take complete control of an affected system. Because these COM objects were not designed to be instantiated in Internet Explorer, this update sets the kill bit for the affected Class Identifiers (CLSID) in these COM objects. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-051
Title:
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that Windows 2000 and Windows XP Service Pack 1 customers apply the update immediately. We recommend that customers using other operating system versions apply the update at the earliest opportunity.
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition


Bulletin ID:
MS05-050
Title:
Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS05-049
Title:
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
Update Type:
Security Update
Severity:
Important
This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-048
Title:
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Exchange 2000 Server


Bulletin ID:
MS05-047
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows XP
Windows 2000


Bulletin ID:
MS05-046
Title:
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-045
Title:
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, public vulnerability. A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received. We recommend that customers consider applying the security update.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-044
Title:
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the Windows FTP client because of the way it validates file names. This vulnerability could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. We recommend that customers consider applying the security update.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-043
Title:
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-042
Title:
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
Update Type:
Security Update
Severity:
Moderate
This update resolves two newly-discovered vulnerabilities, a privately reported vulnerability and a publicly reported vulnerability. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could cause the service responsible for authenticating users in an Active Directory domain to stop responding. We recommend that customers consider applying the security update.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS05-041
Title:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
Update Type:
Security Update
Severity:
Moderate
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability in the Remote Desktop Protocol (RDP) exists that could allow an attacker to cause a system to stop responding. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. We recommend that customers consider applying the security update.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS05-040
Title:
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
Update Type:
Security Update
Severity:
Important
This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000


Bulletin ID:
MS05-039
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. We recommend that customers apply the update immediately.
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000


Bulletin ID:
MS05-038
Title:
Cumulative Security Update for Internet Explorer (896727)
Update Type:
Security Update
Severity:
Critical
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition


Bulletin ID:
MS05-037
Title:
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, public vulnerability. A COM object, the JView Profiler (Javaprxy.dll), when instantiated in Internet Explorer, contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. Since the JView Profiler COM object was not designed to be accessed through Internet Explorer, this update sets the kill bit for the JView Profiler (Javaprxy.dll) COM object. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition


Bulletin ID:
MS05-036
Title:
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. A remote code execution vulnerability exists in the Microsoft Color Management Module because of the way that it handles ICC profile format tag validation. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition


Bulletin ID:
MS05-035
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
Update Type:
Security Update
Severity:
Critical
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update at the earliest opportunity.
Applies to:
Office 2002/XP