| Bulletin ID | Title |
| 2868200 | Update rollup 4 for system center advisor |
| 2852565 | Update rollup 3 for operations manager 2012 sp1 |
| 2849744 | Update rollup 14 for microsoft dynamics crm 2011 is available |
| 2687470 | Office web apps sp2 |
| 2687469 | Visio 2010 viewer sp2 |
| 2687459 | Sharepoint 2010 indexing connector for documentum sp2 |
| 2687456 | Powerpoint 2010 viewer sp2 |
| 2687455 | Office 2010 sp2 |
| 2687453 | Sharepoint server 2010 sp2 |
| 2687450 | Office language interface pack 2010 sp2 |
| 2687449 | Office 2010 language pack sp2 |
| 2687447 | Office 2010 filter pack sp2 |
| MS13-054 | Vulnerability in GDI+ Could Allow Remote Code Execution (2848295) |
| MS13-052 | Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561) |
| 890830 | Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP |
| 2857645 | Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: july 9, 2013 |
| MS13-058 | Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927) |
| MS13-057 | Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883) |
| MS13-056 | Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187) |
| MS13-055 | Cumulative Security Update for Internet Explorer (2846071) |
| MS13-053 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) |
| MS13-027 | Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) |
| MS13-006 | Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) |
| MS12-082 | Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) |
| MS12-056 | Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045) |
| MS12-054 | Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594) |
| MS12-049 | Vulnerability in TLS Could Allow Information Disclosure (2655992) |
| MS12-048 | Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) |
| MS12-036 | Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939) |
| MS12-006 | Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) |
| MS11-076 | Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926) |
| MS11-043 | Vulnerability in SMB Client Could Allow Remote Code Execution (2536276) |
| MS11-007 | Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) |
| MS13-029 | Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223) |
| MS13-048 | Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229) |
| MS13-047 | Cumulative Security Update for Internet Explorer (2838727) |
| 2853846 | Cumulative update for the lync 2010 attendee - administrator level installation: may 2013 |
| 2847928 | Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: june 11, 2013 |
| 2824160 | Update rollup 2 for windows server 2012 essentials |
| 2813430 | An update is available that enables administrators to update trusted and disallowed ctls in disconnected environments in windows |
| MS13-051 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) |
| MS13-050 | Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894) |
| MS13-049 | Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690) |
| 2804622 | Microsoft application virtualization 5.0 service pack 1 |
| MS13-044 | Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) |
| 2837385 | Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: may 14, 2013 |
| 2826664 | Update rollup 2 for system center 2012 service pack 1 |
| 2820197 | Microsoft security advisory: update rollup for activex kill bits: may 14, 2013 |
| MS13-046 | Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) |
| MS13-043 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) |
| MS13-042 | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) |
| MS13-041 | Vulnerability in Lync Could Allow Remote Code Execution (2834695) |
| MS13-040 | Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) |
| MS13-039 | Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) |
| MS13-038 | Security Update for Internet Explorer (2847204) |
| MS13-037 | Cumulative Security Update for Internet Explorer (2829530) |
| MS13-009 | Cumulative Security Update for Internet Explorer (2792100) |
| 2815354 | Cumulative update for the lync 2010 attendee - administrator level installation: april 2013 |
| 2815347 | Cumulative update package for lync 2010: april 2013 |
| MS13-036 | Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) |
| MS12-041 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162) |
| MS12-033 | Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533) |
| MS12-032 | Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) |
| MS12-009 | Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) |
| MS12-005 | Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) |
| MS12-003 | Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) |
| MS12-001 | Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) |
| MS11-097 | Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) |
| MS11-085 | Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) |
| MS11-075 | Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) |
| MS11-071 | Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) |
| MS13-034 | Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482) |
| 2793346 | Cumulative update for lync server 2010, conferencing server: march 2013 |
| 2793341 | Cumulative update for lync server 2010, unified communications managed api 3.0 runtime: march 2013 |
| 2793338 | Cumulative update for lync server 2010, web components server: march 2013 |
| 2791381 | Cumulative update for lync server 2010: march 2013 |
| 2791312 | Update rollup 13 for microsoft dynamics crm 2011 is available |
| 2768001 | Sharepoint server 2013 and project server 2013 update: march 12, 2013 |
| MS13-035 | Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818) |
| MS13-033 | Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917) |
| MS13-032 | Vulnerability in Active Directory Could Lead to Denial of Service (2830914) |
| MS13-031 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170) |
| MS13-030 | Vulnerability in SharePoint Could Allow Information Disclosure (2827663) |
| MS13-028 | Cumulative Security Update for Internet Explorer (2817183) |
| 2819679 | Update rollup 3 for microsoft system center advisor: march 2013 |
| 2814853 | A hotfix rollup package (build 4.1.3419.0) is available for forefront identity manager 2010 r2 |
| 2796554 | Cumulative update 5.0.8308.291 for lync server 2013, mediation server: february 2013 |
| 2787570 | Cumulative update 5.0.8308.291 for lync server 2013, web conferencing server: february 2013 |
| 2781564 | Cumulative update 5.0.8308.291 for lync server 2013, web components: february 2013 |
| 2781555 | Cumulative update 5.0.8308.291 for lync server 2013, unified communications managed api 4.0 runtime: february 2013 |
| 2781551 | Cumulative update 5.0.8308.291 for lync server 2013, conferencing server: february 2013 |
| 2781550 | Cumulative update 5.0.8308.291 for lync server 2013, core components: february 2013 |
| 2781549 | Cumulative update 5.0.8308.291 for the lync server 2013, call park service: february 2013 |
| 2781547 | Cumulative update 5.0.8308.291 for lync server 2013: february 2013 |
| 2791647 | Windows multipoint server 2012 general availability cumulative update |
| MS13-025 | Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264) |
| MS13-024 | Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) |
| MS13-023 | Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261) |
| MS13-022 | Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) |
| MS13-021 | Cumulative Security Update for Internet Explorer (2809289) |
| 2793634 | Windows installer starts repeatedly after you install sql server 2012 sp1 |
| 2790947 | Cumulative update package 2 for sql server 2012 service pack 1 |
| 2781267 | Update rollup 1 for windows server 2012 essentials is available |
| 907747 | "Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide" is now available |
| 2795627 | Update rollup 12 for microsoft dynamics crm 2011 is available |
| MS13-020 | Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) |
| MS13-019 | Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113) |
| MS13-018 | Vulnerability in TCP/IP Could Allow Denial of Service (2790655) |
| MS13-017 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494) |
| MS13-016 | Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344) |
| MS13-015 | Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277) |
| MS13-014 | Vulnerability in NFS Server Could Allow Denial of Service (2790978) |
| MS13-012 | Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) |
| MS13-011 | Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091) |
| MS13-010 | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052) |
| MS13-004 | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) |
| 2796170 | Update rollup 4 for windows server solutions best practices analyzer 1.0 is available |
| 2765224 | Cumulative update package for office communications server 2007 r2, communicator web access: december 2012 |
| 2764850 | Cumulative update package for office communications server 2007 r2, application sharing server: december 2012 |
| 2755391 | Cumulative update package for office communicator 2007 r2: december 2012 |
| 2686823 | Update for office communications server 2007 r2, unified communications managed api 2.0 core redist 64-bit: april 2012 |
| MS13-007 | Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) |
| MS13-008 | Security Update for Internet Explorer (2799329) |
| MS13-005 | Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) |
| MS13-002 | Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) |
| MS13-001 | Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) |
| MS12-078 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) |
| 2757013 | Update rollup 4 for windows storage server 2008 r2 essentials is available |
| 2738315 | Microsoft application virtualization 4.6 service pack 2 |
| MS12-083 | Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) |
| MS12-081 | Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) |
| MS12-080 | Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) |
| MS12-079 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) |
| MS12-077 | Cumulative Security Update for Internet Explorer (2761465) |
| MS12-060 | Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573) |
| MS12-059 | Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918) |
| MS12-057 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879) |
| MS12-043 | Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) |
| 2674319 | Bugs that are fixed in sql server 2012 service pack 1 |
| 2770835 | Update rollup 2 is available for system center advisor: november 2012 |
| 2752160 | Cumulative update for the lync 2010 attendee - administrator level installation: october 2012 |
| 2751447 | Cumulative update for lync server 2010, conferencing server: november 2012 |
| 2743736 | Cumulative update for lync server 2010, mobility service: october 2012 |
| 2740406 | Cumulative update for lync server 2010, unified communications managed api 3.0 runtime: october 2012 |
| 2740403 | Cumulative update for lync server 2010, core components: october 2012 |
| 2737915 | Cumulative update for lync server 2010: october 2012 |
| 2737902 | Cumulative update for lync server 2010, web components server: october 2012 |
| 2737155 | Cumulative update package for lync 2010: october 2012 |
| MS12-076 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184) |
| MS12-075 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226) |
| MS12-074 | Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030) |
| MS12-073 | Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829) |
| MS12-072 | Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528) |
| MS12-071 | Cumulative Security Update for Internet Explorer (2761451) |
| MS12-046 | Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) |
| 2739504 | Update rollup 11 for microsoft dynamics crm 2011 is available |
| MS12-070 | Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) |
| MS12-069 | Vulnerability in Kerberos Could Allow Denial of Service (2743555) |
| MS12-068 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) |
| MS12-067 | Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) |
| MS12-066 | Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) |
| MS12-065 | Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670) |
| MS12-064 | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) |
| MS12-058 | Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) |
| MS12-055 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847) |
| MS12-053 | Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135) |
| 2727727 | Skype 5.10 for windows update on august 14, 2012 |
| 2729101 | Windows small business server 2008 update rollup 6 |
| 2729100 | Update rollup 3 for windows small business server 2011 standard is available |
| 2546951 | List of issues that are fixed by SQL Server 2008 Service Pack 3 |
| 2528583 | List of the bugs that are fixed in SQL Server 2008 R2 Service Pack 1 |
| MS12-061 | Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) |
| MS12-063 | Cumulative Security Update for Internet Explorer (2744842) |
| 2705122 | Update Rollup 3 for Windows Storage Server 2008 R2 Essentials is available |
| MS12-052 | Cumulative Security Update for Internet Explorer (2722913) |
| MS12-045 | Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) |
| MS12-034 | Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) |
| MS12-024 | Vulnerability in Windows Could Allow Remote Code Execution (2653956) |
| MS12-020 | Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) |
| MS12-013 | Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) |
| MS12-004 | Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) |
| MS11-092 | Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) |
| 2710559 | Description of the cumulative update for Lync Server 2010, Web Components Server: June 2012 |
| 2708617 | Description of the cumulative update for Lync Server 2010, Mobility Service: June 2012 |
| 2708616 | Description of the cumulative update for Lync Server 2010, Web Conferencing Server: June 2012 |
| 2701664 | Description of the cumulative update package for Lync 2010: June 2012 |
| 2701663 | Description of the cumulative update for Lync Server 2010, Core Components: June 2012 |
| 2701659 | Description of the cumulative update for Lync Server 2010, Conferencing Attendant: June 2012 |
| 2701655 | Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: June 2012 |
| 2701585 | Description of the cumulative update for Lync Server 2010: June 2012 |
| MS12-050 | Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) |
| MS12-047 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) |
| MS12-044 | Cumulative Security Update for Internet Explorer (2719177) |
| MS12-035 | Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) |
| MS12-016 | Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) |
| MS11-100 | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) |
| MS11-078 | Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) |
| MS11-044 | Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) |
| 2699813 | Update Rollup 3 for Windows Server Solutions Best Practices Analyzer 1.0 is available |
| MS12-042 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167) |
| MS12-039 | Vulnerabilities in Lync Could Allow Remote Code Execution (2707956) |
| MS12-038 | Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726) |
| MS12-037 | Cumulative Security Update for Internet Explorer (2699988) |
| MS12-025 | Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) |
| 2695182 | An update is available for System Center Advisor: May 2012 |
| 2691812 | Description of the Update Rollup 2 for System Center Virtual Machine Manager 2008 R2 Service Pack 1 |
| 2661854 | Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2 |
| 2600644 | Update Rollup 8 for Microsoft Dynamics CRM 2011 is available |
| MS12-031 | Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981) |
| MS12-030 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830) |
| MS12-029 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) |
| MS12-021 | Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) |
| 2695369 | Description of the update for Lync Server 2010, Core Components: March 2012 |
| 2689850 | Description of the update for Lync Server 2010, Mobility Service: March 2012 |
| 2689848 | Description of the update package for Lync Server 2010, Web Components Server: March 2012 |
| 2689846 | Description of the update for Lync Server 2010: March 2012 |
| 2684739 | Description of the update for Lync 2010: March 2012 |
| 2670540 | Description of the cumulative update for Lync Server 2010, Conferencing Attendant: February 2012 |
| 2670539 | Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: February 2012 |
| 2670358 | Description of the cumulative update for Lync Server 2010, Administrative Tools: February 2012 |
| 2658819 | Description of the update for Lync Server 2010, Web Conferencing Server: January 2012 |
| 2673774 | Upgrade to Bing Bar version 7.1 from MSN Toolbar and from earlier versions of Bing Bar |
| MS12-028 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) |
| MS12-027 | Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) |
| MS12-023 | Cumulative Security Update for Internet Explorer (2675157) |
| 923706 | How to obtain the latest service pack for System Center Data Protection Manager 2006 |
| 948016 | Update Rollup 2 for Exchange Server 2007 Service Pack 1 |
| 942846 | Update Rollup 6 for Exchange Server 2007 |
| 941421 | Update Rollup 5 for Exchange Server 2007 |
| 870540 | Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup |
| 843188 | Office 2003 Service Pack 1 for Proofing Tools |
| 843187 | Office 2003 Service Pack 1 for Multilingual User Interface Pack |
| 842774 | OneNote 2003 Service Pack 1 |
| 842532 | Office 2003 Service Pack 1 |
| 840663 | Visio 2003 Service Pack 1 |
| 837240 | Project 2003 Service Pack 1 |
| 834693 | Office XP Service Pack 3 for Access 2002 Runtime |
| 832671 | Microsoft Office XP Service Pack 3 |
| 830242 | Visio 2002 Service Pack 2 |
| 830241 | Microsoft Project 2002 Service Pack 1 |
| MS06-061 | Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
| MS06-029 | Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) |
| MS06-019 | Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) |
| MS05-048 | Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) |
| MS05-035 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) |
| MS05-023 | Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) |
| MS05-006 | Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) |
| MS05-005 | Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
| MS04-027 | Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) |
| 2639688 | Description of Service Pack 1 update to SQL Server 2008 R2 - PowerPivot for Microsoft Excel 2010 |
| 2673773 | Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
| 2673772 | Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
| 2660819 | Update Rollup 2 for Windows Small Business Server 2011 Standard is available |
| 2645995 | Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2 |
| MS12-022 | Vulnerability in Expression Design Could Allow Remote Code Execution (2651018) |
| MS12-019 | Vulnerability in DirectWrite Could Allow Denial of Service (2665364) |
| MS12-018 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653) |
| MS12-017 | Vulnerability in DNS Server Could Allow Denial of Service (2647170) |
| MS11-067 | Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) |
| MS11-025 | Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) |
| MS10-058 | Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) |
| 2673771 | Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
| 2673770 | Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
| 2635086 | Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010 |
| 2608656 | Description of Update Rollup 6 for Exchange Server 2007 Service Pack 3 |
| 2670498 | Description of the cumulative update for Lync 2010: January 2012 |
| 2647093 | Description of the cumulative update package for Communicator 2007 R2: January 2012 |
| 2647091 | Description of the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January, 2012 |
| 2630436 | Update Rollup 2 for Windows Storage Server 2008 R2 Essentials is available |
| 2626067 | Update Rollup 1.1 for Windows MultiPoint Server 2011 |
| MS12-015 | Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) |
| MS12-014 | Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) |
| MS12-012 | Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) |
| MS12-011 | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) |
| MS12-010 | Cumulative Security Update for Internet Explorer (2647516) |
| MS12-008 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) |
| 2630976 | "Access Denied" error, or the user is repeatedly prompted for credentials, when the user tries to access an Office 365 resource from a rich client application |
| 2600640 | Update Rollup 6 for Microsoft Dynamics CRM 2011 is available |
| MS11-049 | Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) |
| 2652446 | Description of the update for Lync Server 2010, Web Components Server: December 2011 |
| 2650982 | Description of the update for Lync Server 2010: December 2011 |
| 2650037 | Description of the update for Lync Server 2010 Bandwidth Policy Service: December 2011 |
| 2640253 | Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011 |
| 2514982 | Description of the cumulative update for Lync 2010: November 2011 |
| 2514981 | Description of the cumulative update for Lync Server 2010, Core Components: November 2011 |
| 2514978 | Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011 |
| 2500449 | Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011 |
| MS12-002 | Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) |
| 2633952 | December 2011 cumulative time zone update for Windows operating systems |
| 2626808 | Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
| MS11-099 | Cumulative Security Update for Internet Explorer (2618444) |
| MS11-098 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) |
| MS11-096 | Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) |
| MS11-095 | Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) |
| MS11-094 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) |
| MS11-093 | Vulnerability in OLE Could Allow Remote Code Execution (2624667) |
| MS11-091 | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) |
| MS11-090 | Cumulative Security Update of ActiveX Kill Bits (2618451) |
| MS11-089 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) |
| MS11-088 | Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) |
| MS11-087 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) |
| 2626807 | Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
| 2626806 | Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
| 2608646 | Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1 |
| 2526299 | Description of the 2007 Office Servers SP3 and of the 2007 Office Servers Language Pack SP3 |
| MS11-086 | Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) |
| MS11-084 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) |
| MS11-083 | Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) |
| MS11-037 | Vulnerability in MHTML Could Allow Information Disclosure (2544893) |
| 2626804 | Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
| 2617376 | Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
| 983509 | Description of Visual Studio 2010 Service Pack 1 |
| 2603291 | Description of the cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: September 2011 |
| 2603289 | Description of the cumulative update for Office Communications Server 2007 R2, Core Components: September 2011 |
| 2603287 | Description of the cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: September 2011 |
| 2603285 | Description of the cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: September 2011 |
| 2590699 | Description of the cumulative update package for Communicator 2007 R2: September 2011 |
| 2590695 | Description of the cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: September 2011 |
| 2555840 | Microsoft Forefront Threat Management Gateway 2010 Service Pack 2 |
| 2526310 | Description of Office Access Runtime and Data Connectivity Components 2007 SP3 |
| 2526305 | Description of Windows SharePoint Services 3.0 SP3 and of Windows SharePoint Services 3.0 Language Pack SP3 |
| 2526302 | Description of Office Excel Viewer 2007 SP3 |
| 2526301 | Description of Office Visio Viewer 2007 SP3 |
| 2526298 | Description of PowerPoint Viewer 2007 SP3 |
| 2526297 | Description of Office Compatibility Pack SP3 |
| 2526294 | Description of Calendar Printing Assistant for Office Outlook 2007 SP3 |
| 2526086 | Description of the 2007 Office suite SP3 and of Office Language Pack 2007 SP3 |
| 2182621 | Microsoft Team Foundation Server 2010 Service Pack 1 |
| MS11-058 | Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) |
| 2510766 | List of all SharePoint 2010 and Office Server 2010 SP1 packages |
| 2510690 | List of all Office 2010 SP1 packages |
| 2460073 | Office Web Apps SP1 |
| 2460056 | Office Servers 2010 Language Pack SP1 |
| 2460041 | Office 2010 Filter Pack SP1 |
| 2602324 | Description of Update Rollup 5 for Exchange Server 2007 Service Pack 3 |
| MS11-082 | Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) |
| MS11-081 | Cumulative Security Update for Internet Explorer (2586448) |
| MS11-080 | Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799) |
| MS11-077 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) |
| MS11-074 | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) |
| MS11-072 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) |
| 2582113 | Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1 |
| 2555251 | Update Rollup 1 for Windows Small Business Server 2011 Standard is available |
| 2580221 | Help and Support |
| 2538719 | Description of Hotfix Rollup 3 for Microsoft Forefront Protection for Exchange |
| MS11-073 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) |
| MS11-070 | Vulnerability in WINS Could Allow Elevation of Privilege (2571621) |
| MS10-035 | Cumulative Security Update for Internet Explorer (982381) |
| 2587551 | Introduction to the Microsoft StreamInsight 1.2 release |
| 2579150 | Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1 |
| 2575872 | Description of the update package for Lync Server 2010, Conferencing Attendant: July 2011 |
| 2575871 | Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011 |
| 2575870 | Description of the cumulative update for Lync Server 2010, Conferencing Server: July 2011 |
| 2571547 | Description of the update package for Lync Server 2010, Web Components Server: July 2011 |
| 2571546 | Description of the cumulative update for Lync Server 2010: July 2011 |
| 2571545 | Description of the cumulative update for Lync Server 2010, Core Components: July 2011 |
| 2571543 | Description of the cumulative update package for Lync 2010: July 2011 |
| 2571505 | Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: July 2011 |
| 2570791 | August 2011 cumulative time zone update for Windows operating systems |
| 2568557 | A DTMF-based IVR application that is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs crashes |
| 2509911 | Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3 |
| MS11-069 | Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) |
| 2562937 | Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
| MS11-068 | Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) |
| MS11-066 | Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) |
| MS11-065 | Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) |
| MS11-064 | Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) |
| MS11-063 | Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) |
| MS11-062 | Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) |
| MS11-061 | Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) |
| MS11-060 | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) |
| MS11-059 | Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) |
| MS11-057 | Cumulative Security Update for Internet Explorer (2559049) |
| 2571841 | Expression Web 4 Service Pack 2 |
| 2549042 | Cumulative update package for Communicator 2007 R2: June, 2011 |
| 2562466 | System Center Virtual Machine Manager 2008 R2 SP1 hotfix rollup package: July 12, 2011 |
| 2553006 | Business Contact Manager for Outlook 2010 SP1 |
| MS11-056 | Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938) |
| MS11-055 | Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847) |
| MS11-054 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917) |
| MS11-053 | Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220) |
| MS11-052 | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) |
| MS08-069 | Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
| 2460065 | Visio 2010 Viewer SP1 |
| 2460054 | SharePoint 2010 Indexing Connector for Documentum SP1 |
| 2460050 | PowerPoint 2010 Viewer SP1 |
| 2460044 | Office Language Interface Pack 2010 SP1 |
| 2460043 | Office 2010 Language Pack SP1 |
| 2460011 | A description of Access Database Engine 2010 Service Pack 1 |
| 982861 | Availability of Windows Internet Explorer 9 |
| 2463332 | List of the issues that are fixed in SQL Server 2005 Service Pack 4 |
| 2285068 | List of the bugs that are fixed in SQL Server 2008 Service Pack 2 |
| MS11-051 | Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) |
| MS11-050 | Cumulative Security Update for Internet Explorer (2530548) |
| MS11-048 | Vulnerability in SMB Server Could Allow Denial of Service (2536275) |
| MS11-047 | Vulnerability in Hyper-V Could Allow Denial of Service (2525835) |
| MS11-046 | Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665) |
| MS11-045 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) |
| MS11-042 | Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512) |
| MS11-041 | Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) |
| MS11-040 | Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426) |
| MS11-039 | Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842) |
| MS11-038 | Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490) |
| MS11-028 | Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015) |
| 976932 | Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2 |
| MS11-018 | Cumulative Security Update for Internet Explorer (2497640) |
| 2540951 | Cumulative update package for Lync 2010: April 2011 |
| 2530592 | Cumulative update for Lync Server 2010, Web Conferencing Server: April 2011 |
| 2530488 | Update Rollup 3 for Exchange Server 2007 Service Pack 3 |
| 2529939 | Update Rollup 3 for Exchange Server 2010 Service Pack 1 |
| 2514975 | Cumulative update for Lync Server 2010, Conferencing Server: April 2011 |
| 2502810 | Cumulative update for Lync Server 2010, Mediation Server: April 2011 |
| 2500448 | Cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: April 2011 |
| 2500444 | Cumulative update for Lync Server 2010, Core Components: April 2011 |
| 2500442 | Cumulative update for Lync Server 2010: April 2011 |
| 2500441 | Update package for Lync Server 2010, Web Components Server: April 2011 |
| 2500438 | Cumulative update for Lync 2010 Attendee - Administrator level installation: April 2011 |
| 2496326 | Cumulative update for Lync 2010 Attendant: April 2011 |
| 2467771 | Update package for Lync Server 2010, Administrative Tools: January 2011 |
| MS11-036 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814) |
| MS11-035 | Vulnerability in WINS Could Allow Remote Code Execution (2524426) |
| 2526954 | Update for Microsoft Silverlight: April 19, 2011 |
| 2502324 | Cumulative update for Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Windows Workflow Activities Redist: March, 2011 |
| 2501722 | Cumulative update package for Communicator 2007 R2: March, 2011 |
| 2501721 | Update package for Communications Server 2007 R2, Web Components: March, 2011 |
| 2501720 | Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: March, 2011 |
| 2501717 | Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: March, 2011 |
| MS11-034 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223) |
| MS11-033 | Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663) |
| MS11-032 | Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618) |
| MS11-031 | Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666) |
| MS11-030 | Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) |
| MS11-029 | Vulnerability in GDI+ Could Allow Remote Code Execution (2489979) |
| MS11-027 | Cumulative Security Update of ActiveX Kill Bits (2508272) |
| MS11-026 | Vulnerability in MHTML Could Allow Information Disclosure (2503658) |
| MS11-024 | Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308) |
| MS11-023 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) |
| MS11-022 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283) |
| MS11-021 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) |
| MS11-020 | Vulnerability in SMB Server Could Allow Remote Code Execution (2508429) |
| MS11-019 | Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455) |
| 2519900 | Expression Web 4 Service Pack 1 |
| 2445990 | Microsoft Application Virtualization 4.6 Service Pack 1 |
| 2508148 | Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2 |
| 2508145 | Hotfix Rollup 4 for Microsoft Forefront Security for SharePoint Service Pack 3 |
| 2508121 | Hotfix Rollup 4 for Antigen 9 for Exchange Service Pack 2 |
| MS11-017 | Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) |
| MS11-016 | Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047) |
| MS11-015 | Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) |
| MS11-011 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) |
| 2250444 | Hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010 |
| MS10-077 | Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) |
| MS10-070 | Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) |
| 2492980 | System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 8, 2011 |
| 2181692 | Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange |
| MS11-014 | Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) |
| MS11-013 | Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) |
| MS11-012 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) |
| MS11-010 | Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) |
| MS11-009 | Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) |
| MS11-008 | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) |
| MS11-006 | Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) |
| MS11-005 | Vulnerability in Active Directory Could Allow Denial of Service (2478953) |
| MS11-004 | Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) |
| MS11-003 | Cumulative Security Update for Internet Explorer (2482017) |
| 2458094 | Windows Small Business Server 2008 Update Rollup 5 |
| 2422053 | Hotfix Rollup 3 for Forefront Security for SharePoint Service Pack 3 |
| 2420644 | Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2 |
| 2410679 | Update package for Office Communications Server 2007 R2, Conferencing Announcement Service: November 2010 |
| 2404588 | Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: November 2010 |
| 2404578 | Cumulative update for Office Communications Server 2007 R2, Mediation Server: November 2010 |
| 2404575 | Cumulative update for Office Communications Server 2007 R2, Core Components: November 2010 |
| 2403680 | Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: November 2010 |
| 2403679 | Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: November 2010 |
| 2400402 | Cumulative update for Office Communications Server 2007 R2, Administration Tools: September 2010 |
| 2400375 | Update package for Communications Server 2007 R2, Web Components: September 2010 |
| 2400367 | Cumulative update package for Office Communications Server 2007 R2, Response Group Service: September 2010 |
| 2302001 | Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2 |
| 2291724 | Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010 |
| 2291453 | Cumulative update package for Communicator 2007 R2: November 2010 |
| 2452789 | Introduction to the Microsoft StreamInsight 1.1 release |
| MS11-002 | Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910) |
| MS11-001 | Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935) |
| MS10-090 | Cumulative Security Update for Internet Explorer (2416400) |
| 2467659 | An update is available for Internet Explorer: December 14, 2010 |
| 2443685 | December 2010 cumulative time zone update for Windows operating systems |
| 2425179 | Update Rollup 2 for Exchange Server 2010 Service Pack 1 |
| 2407113 | Update Rollup 5 for Microsoft Exchange Server 2010 Release to Manufacturing |
| 2407025 | Update Rollup 2 for Exchange Server 2007 Service Pack 3 |
| MS10-106 | Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) |
| MS10-105 | Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) |
| MS10-104 | Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) |
| MS10-103 | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) |
| MS10-102 | Vulnerability in Hyper-V Could Allow Denial of Service (2345316) |
| MS10-101 | Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) |
| MS10-100 | Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) |
| MS10-099 | Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) |
| MS10-098 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) |
| MS10-097 | Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) |
| MS10-096 | Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) |
| MS10-095 | Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) |
| MS10-094 | Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) |
| MS10-093 | Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) |
| MS10-092 | Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) |
| MS10-091 | Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) |
| MS10-086 | Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) |
| MS10-085 | Vulnerability in SChannel Could Allow Denial of Service (2207566) |
| MS10-083 | Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882) |
| MS10-081 | Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011) |
| MS10-076 | Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) |
| MS10-075 | Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679) |
| MS10-074 | Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149) |
| MS10-073 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) |
| MS10-051 | Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403) |
| MS10-088 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) |
| MS10-087 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) |
| MS10-054 | Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) |
| MS10-072 | Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) |
| 2407028 | Update Rollup 1 for Exchange Server 2010 Service Pack 1 |
| MS10-084 | Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937) |
| MS10-082 | Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) |
| MS10-080 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211) |
| MS10-079 | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) |
| MS10-078 | Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) |
| MS10-071 | Cumulative Security Update for Internet Explorer (2360131) |
| MS10-062 | Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) |
| 2279665 | Update Rollup 1 for Exchange Server 2007 Service Pack 3 |
| 2158563 | September 2010 cumulative time zone update for Windows operating systems |
| 2308590 | System Center Virtual Machine Manager 2008 R2 hotfix rollup package: September 14, 2010 |
| MS10-069 | Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) |
| MS10-068 | Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) |
| MS10-067 | Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) |
| MS10-066 | Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) |
| MS10-065 | Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) |
| MS10-064 | Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) |
| MS10-063 | Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) |
| MS10-061 | Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) |
| 982114 | How to obtain Service Pack 2 for Microsoft HPC Pack 2008 |
| 981324 | List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1 |
| 948465 | Information about Service Pack 2 for Windows Vista and for Windows Server 2008 |
| 2028888 | Cumulative update package for Communicator 2007 R2: July 2010 |
| MS10-053 | Cumulative Security Update for Internet Explorer (2183461) |
| MS10-050 | Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) |
| MS10-047 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) |
| MS10-046 | Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) |
| MS10-060 | Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) |
| MS10-059 | Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) |
| MS10-057 | Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) |
| MS10-056 | Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) |
| MS10-055 | Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) |
| MS10-052 | Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) |
| MS10-049 | Vulnerabilities in SChannel could allow Remote Code Execution (980436) |
| MS10-048 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329) |
| 982639 | Update Rollup 4 for Microsoft Exchange Server 2010 Release To Manufacturing |
| MS10-045 | Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) |
| MS10-044 | Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) |
| MS10-043 | Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) |
| MS10-042 | Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593) |
| MS10-041 | Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) |
| MS10-024 | Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) |
| MS10-021 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) |
| MS10-026 | Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) |
| MS09-061 | Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) |
| 982523 | System Center Virtual Machine Manager 2008 R2 Admin Console hotfix rollup package: June 8, 2010 |
| 982522 | System Center Virtual Machine Manager 2008 R2 hotfix rollup package: June 8, 2010 |
| 944036 | Availability of Windows Internet Explorer 8 |
| MS10-040 | Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) |
| MS10-039 | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) |
| MS10-038 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) |
| MS10-037 | Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) |
| MS10-036 | Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) |
| MS10-034 | Cumulative Security Update of ActiveX Kill Bits (980195) |
| MS10-033 | Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) |
| MS10-032 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) |
| 981793 | May 2010 cumulative time zone update for Windows operating systems |
| 980847 | Microsoft Application Virtualization 4.5 Service Pack 2 |
| 980586 | Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2 |
| 978300 | Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3 |
| 978297 | Hotfix Rollup 1 for Service Pack 2 for Forefront Security for Exchange Server |
| MS10-031 | Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) |
| MS10-030 | Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) |
| 980408 | April 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2 is available |
| 980372 | Cumulative update for Office Communications Server 2007 R2, Outside Voice Control: April 2010 |
| 980370 | Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: April 2010 |
| 980096 | Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: April 2010 |
| 979454 | Windows Small Business Server 2008 Update Rollup 4 |
| 978564 | Cumulative update package for Communicator 2007 R2: April 2010 |
| 977937 | Cumulative update for Office Communications Server 2007 R2, Mediation Server: April 2010 |
| 977934 | Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: April 2010 |
| 977347 | Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: April 2010 |
| 976657 | Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010 |
| 975614 | Cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: April 2010 |
| MS10-025 | Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) |
| MS10-019 | Vulnerabilities in Windows Could Allow Remote Code Execution (981210) |
| 981407 | Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1 |
| 981401 | Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing |
| 981383 | Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2 |
| MS10-029 | Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338) |
| MS10-028 | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) |
| MS10-027 | Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402) |
| MS10-023 | Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) |
| MS10-022 | Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169) |
| MS10-020 | Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) |
| 979784 | Update Rollup 3 for Exchange Server 2007 Service Pack 2 |
| 971348 | List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2 |
| MS09-033 | Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) |
| MS10-017 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) |
| MS10-016 | Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) |
| MS10-015 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) |
| 979306 | February 2010 cumulative time zone update for Windows operating systems |
| 2006634 | Microsoft Office Accounting 2009 Service Pack 3 for Accounting Professional (MOA) 2009 and for Accounting Express 2009 |
| 978560 | System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010 |
| MS10-014 | Vulnerability in Kerberos Could Allow Denial of Service (977290) |
| MS10-013 | Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) |
| MS10-012 | Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) |
| MS10-011 | Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) |
| MS10-010 | Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) |
| MS10-009 | Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) |
| MS10-007 | Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) |
| MS10-006 | Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) |
| MS10-005 | Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) |
| MS10-004 | Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) |
| MS10-003 | Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) |
| MS09-060 | Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) |
| 977351 | Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January 2010 |
| 977344 | Cumulative update for Office Communications Server 2007 R2, Administration Tools: January 2010 |
| 977343 | Cumulative update for Office Communications Server 2007 R2, Core Components: January 2010 |
| 977074 | January 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2 |
| 976135 | Communicator 2007 R2 cumulative update: January 2010 |
| 975355 | Hotfix Rollup 1 for Antigen 9.0 Service Pack 2 |
| 972076 | Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 2 |
| MS10-002 | Cumulative Security Update for Internet Explorer (978207) |
| 979202 | Update for Silverlight: January 19, 2010 |
| MS10-001 | Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) |
| 975613 | Cumulative update for Office Communications Server 2007 R2, Core Components: October 2009 |
| 975612 | Cumulative update for Office Communications Server 2007 R2, Response Group Service: October 2009 |
| 974007 | Cumulative Update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: October 2009 |
| 972884 | Update for Communicator 2007 R2: Oct 2009 |
| MS09-074 | Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) |
| MS09-073 | Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) |
| MS09-072 | Cumulative Security Update for Internet Explorer (976325) |
| MS09-071 | Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) |
| MS09-070 | Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) |
| MS09-069 | Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) |
| MS08-037 | Vulnerabilities in DNS Could Allow Spoofing (953230) |
| 976594 | Expression Web 3 Service Pack 1 |
| 976098 | December 2009 cumulative time zone update for Microsoft Windows operating systems |
| 971534 | Update Rollup 1 for Exchange Server 2007 Service Pack 2 |
| MS08-076 | Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
| 976244 | System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009 |
| MS09-068 | Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) |
| MS09-067 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) |
| MS09-066 | Vulnerability in Active Directory Could Allow Denial of Service (973309) |
| MS09-065 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) |
| MS09-064 | Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) |
| MS09-063 | Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) |
| MS09-051 | Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) |
| MS09-045 | Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) |
| MS08-070 | Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
| 971975 | Microsoft Office Accounting 2009 Service Pack 2 is available for Accounting Professional 2009 and for Accounting Express 2009 |
| MS09-043 | Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) |
| 951847 | List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1 |
| MS09-062 | Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) |
| 974431 | October 2009 stability and reliability update for Windows 7 and Windows Server 2008 R2 |
| 955706 | List of the bugs that are fixed in SQL Server 2005 Service Pack 3 |
| MS09-059 | Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) |
| MS09-058 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) |
| MS09-057 | Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) |
| MS09-056 | Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) |
| MS09-054 | Cumulative Security Update for Internet Explorer (974455) |
| MS09-053 | Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) |
| MS09-052 | Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) |
| MS09-050 | Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) |
| MS09-024 | Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) |
| MS08-055 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
| MS09-047 | Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) |
| MS09-049 | Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) |
| MS09-048 | Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) |
| MS09-046 | Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) |
| MS09-044 | Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) |
| MS09-037 | Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) |
| MS09-035 | Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) |
| MS09-034 | Cumulative Security Update for Internet Explorer (972260) |
| 972455 | Windows Server Update Services 3.0 Service Pack 2 |
| 970653 | August 2009 cumulative time zone update for Microsoft Windows operating systems |
| 969121 | Windows Small Business Server 2008 Update Rollup 3 |
| MS09-036 | Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) |
| MS09-029 | Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
| MS09-042 | Vulnerability in Telnet Could Allow Remote Code Execution (960859) |
| MS09-041 | Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) |
| MS09-040 | Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) |
| MS09-039 | Vulnerabilities in WINS Could Allow Remote Code Execution (969883) |
| MS09-038 | Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) |
| 972008 | How to obtain the latest Service Pack for Microsoft HPC Pack 2008 |
| 970162 | Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1 |
| 969695 | Update for Communicator 2007 R2: July 2009 |
| 953334 | 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2 |
| MS09-031 | Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) |
| MS09-030 | Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) |
| MS09-028 | Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
| MS09-027 | Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) |
| 967831 | Update package for Communications Server 2007 R2: April 2009 |
| 972042 | Communicator 2007 R2 hotfix rollup package: June 2009 |
| 957262 | Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 2 (SP2) |
| 953336 | Excel Viewer 2007 Service Pack 2 |
| 953335 | Visio Viewer 2007 Service Pack 2 |
| 953332 | PowerPoint Viewer 2007 Service Pack 2 |
| 953331 | Office Compatibility Pack Service Pack 2 |
| 953329 | Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
| 953195 | 2007 Microsoft Office Suite Service Pack 2 (SP2) and of Microsoft Office Language Pack 2007 SP2 |
| MS09-026 | Vulnerability in RPC Could Allow Elevation of Privilege (970238) |
| MS09-025 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) |
| MS09-023 | Vulnerability in Windows Search Could Allow Information Disclosure (963093) |
| MS09-022 | Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
| MS09-021 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) |
| MS09-020 | Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) |
| MS09-019 | Cumulative Security Update for Internet Explorer (969897) |
| MS09-018 | Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
| 971083 | Communicator 2007 R2 hotfix rollup package: May 2009 |
| 968369 | List of the bugs that are fixed in SQL Server 2008 Service Pack 1 |
| 968012 | Update Rollup 8 for Exchange Server 2007 Service Pack 1 |
| MS09-003 | Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) |
| MS07-026 | Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) |
| 936929 | Information about Windows XP Service Pack 3 |
| 961448 | Update Rollup 1 for Windows Essential Business Server 2008 |
| 867460 | List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1 |
| MS09-017 | Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) |
| MS09-008 | Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) |
| MS07-040 | Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) |
| MS09-012 | Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
| 960911 | Windows Small Business Server 2008 Update Rollup 2 |
| 957324 | Descriptions of the Business Contact Manager problems that are fixed in the 2007 Microsoft Office suite Service Pack 2 |
| 953338 | Windows SharePoint Services 3.0 SP2 and of Windows SharePoint Services 3.0 Language Pack SP2 |
| 936330 | What you should know before you install Windows Vista Service Pack 1 |
| 929300 | Benefits of the Microsoft .NET Framework |
| 961983 | Hotfix rollup package for System Center Virtual Machine Manager 2008: April 14th, 2009 |
| MS09-016 | Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) |
| MS09-015 | Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
| MS09-014 | Cumulative Security Update for Internet Explorer (963027) |
| MS09-013 | Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
| MS09-011 | Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) |
| MS09-010 | Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
| MS09-009 | Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) |
| 962902 | Help and Support |
| 928957 | Visual Studio 2005 Service Pack 1 Release Notes |
| 960384 | Update Rollup 7 for Exchange Server 2007 Service Pack 1 |
| MS07-055 | Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) |
| 959057 | Microsoft Office Accounting 2009 Service Pack 1 is available for Accounting Professional 2009 and for Accounting Express 2009 |
| MS09-007 | Vulnerability in SChannel Could Allow Spoofing (960225) |
| MS09-006 | Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
| MS08-072 | Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
| MS08-052 | Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) |
| MS07-050 | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
| MS09-004 | Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) |
| 959596 | System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues |
| 961855 | Microsoft Research AutoCollage 2008 version 1.1 |
| MS09-005 | Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) |
| MS09-002 | Cumulative Security Update for Internet Explorer (961260) |
| 958715 | Windows Small Business Server 2008 Update Rollup 1 |
| MS09-001 | Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
| MS08-066 | Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) |
| MS08-078 | Security Update for Internet Explorer (960714) |
| 955839 | December 2008 cumulative time zone update for Microsoft Windows operating systems |
| 953467 | Update Rollup 5 for Exchange Server 2007 Service Pack 1 |
| MS08-077 | Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
| MS08-075 | Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
| MS08-074 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
| MS08-073 | Cumulative Security Update for Internet Explorer (958215) |
| MS08-071 | Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
| MS07-017 | Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
| MS05-053 | Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) |
| 956389 | Update package for Communications Server 2007: November 2008 |
| MS07-005 | Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) |
| MS08-068 | Vulnerability in SMB Could Allow Remote Code Execution (957097) |
| MS08-065 | Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) |
| MS08-040 | Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) |
| 952580 | Update Rollup 4 for Exchange Server 2007 Service Pack 1 |
| 956831 | Update package for Office Communications Server 2007 Audio Video Conferencing Server: October, 2008 |
| 956829 | Update package for Communications Server 2007 Mediation Server October, 2008 |
| MS08-062 | Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) |
| MS08-067 | Vulnerability in Server Service Could Allow Remote Code Execution (958644) |
| MS08-064 | Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) |
| MS08-063 | Vulnerability in SMB Could Allow Remote Code Execution (957095) |
| MS08-061 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) |
| MS08-060 | Vulnerability in Active Directory Could Allow Remote Code Execution (957280) |
| MS08-059 | Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
| MS08-058 | Cumulative Security Update for Internet Explorer (956390) |
| MS08-057 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) |
| MS08-056 | Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) |
| 957506 | Help and Support |
| MS08-054 | Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) |
| MS08-053 | Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) |
| 952783 | Update package for Communications Server 2007: August 2008 |
| 951951 | Issues that are fixed in Forefront Client Security Service Pack 1 |
| 953649 | List of fixes that are included in System Center Configuration Manager Service Pack 1 |
| 951072 | August 2008 cumulative time zone update for Microsoft Windows operating systems |
| 942763 | December 2007 cumulative time zone update for Microsoft Windows operating systems |
| MS08-051 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
| MS08-050 | Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
| MS08-049 | Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
| MS08-048 | Security Update for Outlook Express and Windows Mail (951066) |
| MS08-047 | Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
| MS08-046 | Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) |
| MS08-045 | Cumulative Security Update for Internet Explorer (953838) |
| MS08-044 | Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
| MS08-043 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) |
| MS08-042 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) |
| MS08-041 | Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) |
| MS08-033 | Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) |
| MS08-022 | Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) |
| MS07-047 | Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) |
| 943462 | List of problems that are fixed in Internet Security and Acceleration Server 2006 Service Pack 1 |
| MS08-039 | Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) |
| MS08-038 | Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) |
| MS08-031 | Cumulative Security Update for Internet Explorer (950759) |
| MS07-042 | Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
| MS08-030 | Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) |
| 941652 | Business Contact Manager for Outlook 2007 Service Pack 1 |
| 940289 | Office Compatibility Pack Service Pack 1 |
| 937961 | Office 2003 Web Components Service Pack 1 for the 2007 Office system |
| 937160 | Visio Viewer 2007 Service Pack 1 |
| 937158 | PowerPoint Viewer 2007 Service Pack 1 |
| 937157 | Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1 |
| 936984 | 2007 Microsoft Office servers Service Pack 1 and the 2007 Microsoft Office servers Language Pack Service Pack 1 |
| 936982 | 2007 Microsoft Office suite Service Pack 1 |
| 934737 | Excel Viewer 2003 Service Pack 3 |
| 934736 | Help and Support |
| 932726 | Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007 |
| 923648 | Outlook Live 2003 Service Pack 3 |
| 923642 | Office 2003 Service Pack 3 for Proofing Tools |
| 923633 | OneNote 2003 Service Pack 3 |
| 923622 | Project 2003 Service Pack 3 |
| 923620 | Visio 2003 Service Pack 3 |
| 923618 | Office 2003 Service Pack 3 |
| MS08-036 | Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
| MS08-035 | Vulnerability in Active Directory Could Allow Denial of Service (953235) |
| MS08-034 | Vulnerability in WINS Could Allow Elevation of Privilege (948745) |
| MS07-068 | Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) |
| MS06-078 | Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) |
| 917275 | How to obtain Windows Rights Management Services with Service Pack 2 |
| 914961 | General information regarding Windows Server 2003 Service Pack 2 |
| 951532 | Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008 |
| 940767 | Windows Internet Explorer 7 Installation and Availability Update |
| MS08-028 | Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) |
| MS08-027 | Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) |
| MS08-026 | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) |
| MS08-024 | Cumulative Security Update for Internet Explorer (947864) |
| MS06-069 | Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) |
| MS08-019 | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) |
| 949426 | Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008 |
| MS08-025 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
| MS08-021 | Vulnerabilities in GDI Could Allow Remote Code Execution (948590) |
| MS08-020 | Vulnerability in DNS Client Could Allow Spoofing (945553) |
| MS08-018 | Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) |
| 867461 | List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3 |
| MS08-014 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) |
| MS08-017 | Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) |
| MS08-016 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) |
| MS08-015 | Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) |
| 945684 | Update Rollup 1 for Exchange Server 2007 Service Pack 1 |
| 941834 | Microsoft Expression Media Service Pack 1 |
| MS08-013 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) |
| MS08-012 | Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) |
| MS08-011 | Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) |
| MS08-010 | Cumulative Security Update for Internet Explorer (944533) |
| MS08-009 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) |
| MS08-008 | Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) |
| MS08-007 | Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) |
| MS08-006 | Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) |
| MS08-005 | Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) |
| MS08-004 | Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) |
| MS08-003 | Vulnerability in Active Directory Could Allow Denial of Service (946538) |
| 945172 | Communications Server 2007 Web Conferencing Server update package: November 30, 2007 |
| 945055 | Update package for Communications Server 2007 and for Communications Server 2007 Archiving and CDR Server: November 30, 2007 |
| MS08-002 | Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
| MS08-001 | Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) |
| 936988 | Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services 3.0 Language Pack Service Pack 1 |
| MS07-069 | Cumulative Security Update for Internet Explorer (942615) |
| MS07-067 | Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
| MS07-066 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) |
| MS07-065 | Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
| MS07-064 | Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
| MS07-063 | Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) |
| MS07-038 | Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
| MS05-004 | ASP.NET Path Validation Vulnerability (887219) |
| MS07-062 | Vulnerability in DNS Could Allow Spoofing (941672) |
| MS07-061 | Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
| MS07-057 | Cumulative Security Update for Internet Explorer (939653) |
| MS07-056 | Security Update for Outlook Express and Windows Mail (941202) |
| MS07-049 | Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
| 942872 | Communications Server 2007 update package: November 2, 2007 |
| MS07-060 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) |
| MS07-059 | Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) |
| MS07-058 | Vulnerability in RPC Could Allow Denial of Service (933729) |
| 891861 | Update Rollup 1 for Windows 2000 SP4 and known issues |
| MS07-053 | Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) |
| 923643 | Windows SharePoint Services Service Pack 3 |
| MS07-052 | Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) |
| MS07-051 | Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) |
| MS07-045 | Cumulative Security Update for Internet Explorer (937143) |
| MS07-033 | Cumulative Security Update for Internet Explorer (933566) |
| MS07-027 | Cumulative Security Update for Internet Explorer (931768) |
| MS04-032 | Security Update for Microsoft Windows (840987) |
| MS04-019 | Vulnerability in Utility Manager Could Allow Code Execution (842526) |
| 933360 | August 2007 cumulative time zone update for Microsoft Windows operating systems |
| 931836 | February 2007 cumulative time zone update for Microsoft Windows operating systems |
| 940006 | Update Rollup 4 for Exchange Server 2007 |
| MS07-048 | Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
| MS07-046 | Vulnerability in GDI Could Allow Remote Code Execution (938829) |
| MS07-044 | Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) |
| MS07-043 | Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) |
| MS06-014 | Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
| MS04-016 | Vulnerability in DirectPlay Could Allow Denial of Service (839643) |
| 933867 | List of problems that are fixed in Microsoft Systems Management Server 2003 Service Pack 3 |
| MS07-041 | Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
| MS07-039 | Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
| MS07-037 | Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) |
| MS07-036 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
| MS06-039 | Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) |
| 935999 | Update Rollup 3 for Exchange Server 2007 |
| 923435 | Microsoft Compute Cluster Pack Service Pack 1 (SP1) is available for Microsoft Windows Compute Cluster Server 2003 |
| MS07-035 | Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) |
| MS07-032 | Vulnerability in Windows Vista Could Allow Information Disclosure (931213) |
| MS07-022 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
| MS07-034 | Cumulative Security Update for Outlook Express and Windows Mail (929123) |
| MS07-031 | Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
| MS07-030 | Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
| MS07-018 | Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) |
| MS07-012 | Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
| MS07-004 | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
| MS07-025 | Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) |
| MS07-023 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) |
| MS07-029 | Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
| MS07-028 | Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
| MS07-024 | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
| MS07-009 | Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) |
| MS06-068 | Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) |
| MS05-032 | Vulnerability in Microsoft Agent Could Allow Spoofing (890046) |
| 924406 | List of problems that are fixed in Microsoft Internet Security and Acceleration Server 2004 Service Pack 3 |
| MS06-071 | Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) |
| MS07-021 | Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
| MS07-020 | Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
| MS07-019 | Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
| MS06-015 | Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
| 921896 | A list of the bugs that are fixed in SQL Server 2005 Service Pack 2 |
| 913090 | A list of the bugs that have been fixed in SQL Server 2005 Service Pack 1 |
| MS07-016 | Cumulative Security Update for Internet Explorer (928090) |
| MS07-015 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
| MS07-014 | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
| MS07-013 | Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
| MS07-011 | Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
| MS07-008 | Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
| MS07-007 | Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
| MS07-006 | Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
| MS07-003 | Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
| MS07-002 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) |
| MS07-001 | Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) |
| MS06-073 | Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) |
| MS06-077 | Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
| MS06-076 | Cumulative Security Update for Outlook Express (923694) |
| MS06-075 | Vulnerability in Windows Could Allow Elevation of Privilege (926255) |
| MS06-074 | Vulnerability in SNMP Could Allow Remote Code Execution (926247) |
| MS06-072 | Cumulative Security Update for Internet Explorer (925454) |
| MS06-066 | Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) |
| MS06-059 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) |
| 899738 | List of issues that are fixed in Systems Management Server 2003 Service Pack 2 |
| MS06-005 | Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) |
| MS06-067 | Cumulative Security Update for Internet Explorer (922760) |
| MS06-070 | Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) |
| MS06-055 | Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) |
| MS06-065 | Vulnerability in Windows Object Packager Could Allow Remote Execution (924496) |
| MS06-064 | Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) |
| MS06-063 | Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution (923414) |
| MS06-062 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) |
| MS06-060 | Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) |
| MS06-058 | Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) |
| MS06-057 | Vulnerability in Windows Explorer Could Allow Remote Execution (923191) |
| MS06-056 | Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) |
| MS05-030 | Vulnerability in Outlook Express Could Allow Remote Code Execution (897715) |
| MS06-049 | Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) |
| MS05-021 | Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) |
| 920115 | Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
| MS06-054 | Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) |
| MS06-053 | Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) |
| MS06-052 | Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) |
| MS06-042 | Cumulative Security Update for Internet Explorer (918899) |
| MS06-040 | Vulnerability in Server Service Could Allow Remote Code Execution (921883) |
| MS06-038 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) |
| MS06-034 | Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) |
| MS06-051 | Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) |
| MS06-050 | Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) |
| MS06-048 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) |
| MS06-047 | Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) |
| MS06-046 | Vulnerability in HTML Help Could Allow Remote Code Execution (922616) |
| MS06-045 | Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) |
| MS06-044 | Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) |
| MS06-043 | Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) |
| MS06-041 | Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683) |
| MS06-037 | Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285) |
| 889101 | Release notes for Windows Server 2003 Service Pack 1 |
| MS06-036 | Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) |
| MS06-035 | Vulnerability in Server Service Could Allow Remote Code Execution (917159) |
| MS06-033 | Vulnerability in ASP.NET Could Allow Information Disclosure (917283) |
| MS06-028 | Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) |
| MS06-027 | Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) |
| MS06-025 | Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) |
| MS06-020 | Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) |
| MS06-032 | Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) |
| MS06-031 | Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736) |
| MS06-030 | Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) |
| MS06-024 | Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) |
| MS06-023 | Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) |
| MS06-022 | Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) |
| MS06-021 | Cumulative Security Update for Internet Explorer (916281) |
| MS06-018 | Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) |
| MS06-011 | Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) |
| 912440 | Update for Office 2003 Alternative User Input: May 9, 2006 |
| 811113 | List of fixes included in Windows XP Service Pack 2 |
| MS06-017 | Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627) |
| MS06-016 | Cumulative Security Update for Outlook Express (911567) |
| MS06-013 | Cumulative Security Update for Internet Explorer (912812) |
| MS04-018 | Cumulative Security Update for Outlook Express (823353) |
| MS06-012 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
| 887618 | Office 2003 Service Pack 2 for Proofing Tools |
| 887616 | Office 2003 Service Pack 2 |
| MS06-007 | Vulnerability in TCP/IP Could Allow Denial of Service (913446) |
| 887624 | Windows SharePoint Services 2.0 Service Pack 2 |
| MS06-009 | Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) |
| MS06-008 | Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) |
| MS06-006 | Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) |
| MS06-004 | Cumulative Security Update for Internet Explorer (910620) |
| MS03-042 | Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232) |
| 902848 | Outlook Live 2003 Service Pack 2 |
| 887622 | Visio 2003 Service Pack 2 |
| 887620 | Project 2003 Service Pack 2 |
| 887619 | OneNote 2003 Service Pack 2 |
| MS06-003 | Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) |
| MS06-002 | Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) |
| MS06-001 | Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) |
| MS05-055 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) |
| MS05-054 | Cumulative Security Update for Internet Explorer (905915) |
| MS05-050 | Vulnerability in DirectShow Could Allow Remote Code Execution (904706) |
| MS05-009 | Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
| MS03-022 | Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) |
| MS05-051 | Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
| 902963 | Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
| MS05-052 | Cumulative Security Update for Internet Explorer (896688) |
| MS05-049 | Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) |
| MS05-047 | Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) |
| MS05-044 | Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) |
| MS05-026 | Vulnerability in HTML Help Could Allow Remote Code Execution (896358) |
| MS05-033 | Vulnerability in Telnet Client Could Allow Information Disclosure (896428) |
| MS05-031 | Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) |
| MS05-027 | Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) |
| MS05-025 | Cumulative Security Update for Internet Explorer (883939) |
| MS05-046 | Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) |
| MS05-045 | Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) |
| MS05-042 | Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) |
| MS05-041 | Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) |
| MS05-040 | Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) |
| MS05-038 | Cumulative Security Update for Internet Explorer (896727) |
| MS05-037 | Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) |
| MS03-044 | Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119) |
| MS05-043 | Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) |
| MS05-039 | Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) |
| 841876 | Windows SharePoint Services Service Pack 1 |
| 321884 | List of Bugs Fixed in Microsoft .NET Framework 1.0 Service Pack 2 |
| MS05-018 | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) |
| MS05-036 | Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
| MS05-028 | Vulnerability in Web Client Service Could Allow Remote Code Execution (896426) |
| MS05-019 | Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) |
| MS05-024 | Vulnerability in Web View Could Allow Remote Code Execution (894320) |
| MS05-010 | Vulnerability in the License Logging Service Could Allow Code Execution (885834) |
| MS04-044 | Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) |
| MS05-020 | Cumulative Security Update for Internet Explorer (890923) |
| MS05-017 | Vulnerability in Message Queuing Could Allow Code Execution (892944) |
| MS05-016 | Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) |
| MS05-008 | Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) |
| MS04-013 | Cumulative Security Update for Outlook Express (837009) |
| MS04-012 | Cumulative Update for Microsoft RPC/DCOM (828741) |
| MS03-018 | Cumulative Patch for Internet Information Service (811114) |
| MS02-051 | Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380) |
| MS02-050 | Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) |
| MS05-011 | Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) |
| MS04-015 | Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) |
| MS04-014 | Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) |
| MS04-011 | Security Update for Microsoft Windows (835732) |
| MS04-008 | Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) |
| MS04-007 | ASN.1 Vulnerability Could Allow Code Execution (828028) |
| MS04-006 | Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) |
| MS04-043 | Vulnerability in HyperTerminal Could Allow Code Execution (873339) |
| MS04-037 | Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) |
| MS04-024 | Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) |
| MS04-022 | Vulnerability in Task Scheduler Could Allow Code Execution (841873) |
| MS04-020 | Vulnerability in POSIX Could Allow Code Execution (841872) |
| MS04-023 | Vulnerability in HTML Help Could Allow Code Execution (840315) |
| MS05-015 | Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) |
| MS05-014 | Cumulative Security Update for Internet Explorer (867282) |
| MS05-013 | Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
| MS05-012 | Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
| MS05-007 | Vulnerability in Windows Could Allow Information Disclosure (888302) |
| MS05-002 | Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) |
| MS05-001 | Vulnerability in HTML Help Could Allow Code Execution (890175) |
| MS05-003 | Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250) |
| MS04-045 | Vulnerability in WINS Could Allow Remote Code Execution (870763) |
| MS04-041 | Vulnerability in WordPad Could Allow Code Execution (885836) |
| MS04-028 | Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) |
| MS03-001 | Unchecked Buffer in Locator Service Could Lead to Code Execution (810833) |
| MS04-034 | Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) |
| MS04-031 | Vulnerability in NetDDE Could Allow Remote Code Execution (841533) |
| MS04-030 | Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) |
| MS04-036 | Vulnerability in NNTP Could Allow Remote Code Execution (883935) |
| MS04-035 | Vulnerability in SMTP Could Allow Remote Code Execution (885881) |
| MS03-051 | Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) |
| MS03-039 | Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) |
| MS03-030 | Unchecked Buffer in DirectX Could Enable System Compromise (819696) |
| MS02-063 | Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834) |
| MS03-013 | Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) |
| MS03-045 | Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141) |
| MS03-043 | Buffer Overrun in Messenger Service Could Allow Code Execution (828035) |
| MS03-041 | Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) |
| MS03-027 | Unchecked Buffer in Windows Shell Could Enable System Compromise (821557) |
| MS03-023 | Buffer Overrun In HTML Converter Could Allow Code Execution (823559) |
| MS03-007 | Unchecked Buffer In Windows Component Could Cause Server Compromise (815021) |
| MS03-021 | Flaw In Windows Media Player May Allow Media Library Access (819639) |
| MS02-071 | Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) |
| MS03-033 | Unchecked Buffer in MDAC Function Could Enable System Compromise (823718) |
| MS03-017 | Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) |
| MS03-008 | Flaw in Windows Script Engine Could Allow Code Execution (814078) |
| MS02-072 | Unchecked Buffer in Windows Shell Could Enable System Compromise (329390) |
| MS03-031 | Cumulative Patch for Microsoft SQL Server (815495) |
| MS03-026 | Buffer Overrun In RPC Interface Could Allow Code Execution (823980) |
| MS02-070 | Flaw in SMB Signing Could Enable Group Policy to be Modified (329170) |
| MS02-053 | Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096) |
| MS02-048 | Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172) |
| MS02-045 | Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830) |
| MS03-049 | Buffer Overrun in the Workstation Service Could Allow Code Execution (828749) |
| MS02-065 | Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414) |
| MS02-042 | Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886) |
| MS02-024 | Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206) |
| MS02-008 | XMLHTTP Control Can Allow Access to Local Files |
| MS02-060 | Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940) |
| MS03-005 | Unchecked buffer in Windows redirector may permit privilege elevation (810577) |
| MS02-054 | Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048) |
| MS03-034 | Flaw in NetBIOS Could Lead to Information Disclosure (824105) |
| MS02-062 | Cumulative Patch for Internet Information Service (Q327696) |
| MS02-029 | Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138) |
| MS02-032 | 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) |
| MS02-006 | Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run |
| MS02-017 | Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967) |
| MS02-009 | Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files |
| MS01-059 | Unchecked Buffer in Universal Plug and Play can Lead to System Compromise |
| Bulletin ID: 2868200 |
Title: Update rollup 4 for system center advisor |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 4 for system center advisor | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: 2852565 |
Title: Update rollup 3 for operations manager 2012 sp1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 3 for operations manager 2012 sp1 | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: 2849744 |
Title: Update rollup 14 for microsoft dynamics crm 2011 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 14 for microsoft dynamics crm 2011 is available | ||||
| Applies to: Microsoft Dynamics CRM 2011 |
Included Updates: |
|||
| Bulletin ID: 2687470 |
Title: Office web apps sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Office web apps sp2 | ||||
| Applies to: Microsoft Excel Web App Microsoft PowerPoint Web App Microsoft Word Web App Microsoft OneNote Web App |
Included Updates: |
|||
| Bulletin ID: 2687469 |
Title: Visio 2010 viewer sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Visio 2010 viewer sp2 | ||||
| Applies to: Microsoft Visio 2010 Viewer |
Included Updates: |
|||
| Bulletin ID: 2687459 |
Title: Sharepoint 2010 indexing connector for documentum sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Sharepoint 2010 indexing connector for documentum sp2 | ||||
| Applies to: Microsoft SharePoint Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2687456 |
Title: Powerpoint 2010 viewer sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Powerpoint 2010 viewer sp2 | ||||
| Applies to: Microsoft PowerPoint 2010 |
Included Updates: |
|||
| Bulletin ID: 2687455 |
Title: Office 2010 sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Office 2010 sp2 | ||||
| Applies to: Microsoft Office Home and Business 2010 Microsoft Office Home and Student 2010 Microsoft Office Professional 2010 Microsoft Office Professional Plus 2010 Microsoft Office Standard 2010 Microsoft Office Starter 2010 Microsoft Office Professional Academic 2010 |
Included Updates: |
|||
| Bulletin ID: 2687453 |
Title: Sharepoint server 2010 sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Sharepoint server 2010 sp2 | ||||
| Applies to: Microsoft SharePoint Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2687450 |
Title: Office language interface pack 2010 sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Office language interface pack 2010 sp2 | ||||
| Applies to: Microsoft Office Home and Business 2010 Microsoft Office Home and Student 2010 Microsoft Office Professional 2010 Microsoft Office Professional Plus 2010 Microsoft Office Standard 2010 Microsoft Office Starter 2010 Microsoft Office Professional Academic 2010 |
Included Updates: |
|||
| Bulletin ID: 2687449 |
Title: Office 2010 language pack sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Office 2010 language pack sp2 | ||||
| Applies to: Microsoft Office Language Pack 2010 |
Included Updates: |
|||
| Bulletin ID: 2687447 |
Title: Office 2010 filter pack sp2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Office 2010 filter pack sp2 | ||||
| Applies to: Microsoft Office Home and Business 2010 Microsoft Office Home and Student 2010 Microsoft Office Professional 2010 Microsoft Office Professional Plus 2010 Microsoft Office Standard 2010 Microsoft Office Starter 2010 Microsoft Office Professional Academic 2010 |
Included Updates: |
|||
| Bulletin ID: MS13-054 |
Title: Vulnerability in GDI+ Could Allow Remote Code Execution (2848295) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio. The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-052 |
Title: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a trusted application uses a particular pattern of code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: 890830 |
Title: Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows XP x64 Edition Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows Internet Explorer 8 Dynamic Installer Windows Internet Explorer 7.0 Dynamic Installer Windows XP Windows 2000 |
Included Updates: |
|||
| Bulletin ID: 2857645 |
Title: Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: july 9, 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: july 9, 2013 | ||||
| Applies to: Windows 8 Windows 8 Release Preview Windows 8 Enterprise Windows 8 Enterprise N Windows 8 N Windows 8 Pro N Windows Server 2012 Datacenter Windows Server 2012 Essentials Windows Server 2012 Foundation Microsoft Hyper-V Server 2012 Windows Server 2012 Standard |
Included Updates: |
|||
| Bulletin ID: MS13-058 |
Title: Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2. The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-057 |
Title: Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT |
Included Updates: |
|||
| Bulletin ID: MS13-056 |
Title: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 |
Included Updates: |
|||
| Bulletin ID: MS13-055 |
Title: Cumulative Security Update for Internet Explorer (2846071) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: MS13-053 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-027 |
Title: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker gains access to a system. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-006 |
Title: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-082 |
Title: Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 |
Included Updates: |
|||
| Bulletin ID: MS12-056 |
Title: Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows Server 2008 Windows Vista Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS12-054 |
Title: Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted response to a Windows print spooler request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows XP Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS12-049 |
Title: Vulnerability in TLS Could Allow Information Disclosure (2655992) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS12-048 |
Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file or directory with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Embedded Standard 7 Windows Server 2008 Windows Vista Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS12-036 |
Title: Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Server 2008 Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS12-006 |
Title: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Vista Windows Embedded Standard 7 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-076 |
Title: Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file. | ||||
| Applies to: Windows Vista Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-043 |
Title: Vulnerability in SMB Client Could Allow Remote Code Execution (2536276) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-007 |
Title: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows 7 Language Packs Windows 7 Windows XP Windows Vista Windows Embedded Standard 7 Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS13-029 |
Title: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS13-048 |
Title: Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Windows. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows 8 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-047 |
Title: Cumulative Security Update for Internet Explorer (2838727) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves nineteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: 2853846 |
Title: Cumulative update for the lync 2010 attendee - administrator level installation: may 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for the lync 2010 attendee - administrator level installation: may 2013 | ||||
| Applies to: Microsoft Lync 2010 Attendee |
Included Updates: |
|||
| Bulletin ID: 2847928 |
Title: Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: june 11, 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: june 11, 2013 | ||||
| Applies to: Windows 8 Windows 8 Enterprise Windows 8 Enterprise N Windows 8 N Windows 8 Pro N Windows Server 2012 Datacenter Windows Server 2012 Essentials Windows Server 2012 Foundation Microsoft Hyper-V Server 2012 Windows Server 2012 Standard |
Included Updates: |
|||
| Bulletin ID: 2824160 |
Title: Update rollup 2 for windows server 2012 essentials |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 2 for windows server 2012 essentials | ||||
| Applies to: Windows Server 2012 Essentials |
Included Updates: |
|||
| Bulletin ID: 2813430 |
Title: An update is available that enables administrators to update trusted and disallowed ctls in disconnected environments in windows |
Update Type: Update Rollup |
Severity: |
|
| Description: An update is available that enables administrators to update trusted and disallowed ctls in disconnected environments in windows | ||||
| Applies to: Windows Vista Service Pack 2, when used with: Windows Vista Business Windows Vista Business 64-bit Edition Windows Vista Enterprise Windows Vista Enterprise 64-bit Edition Windows Vista Home Basic Windows Vista Home Basic 64-bit Edition Windows Vista Home Premium Windows Vista Home Premium 64-bit Edition Windows Vista Starter Windows Vista Ultimate Windows Vista Ultimate 64-bit Edition Windows Server 2008 Service Pack 2, when used with: Windows Server 2008 Datacenter Windows Server 2008 Datacenter without Hyper-V Windows Server 2008 Enterprise Windows Server 2008 Enterprise without Hyper-V Windows Server 2008 Foundation Windows Server 2008 for Itanium-Based Systems Windows Server 2008 Standard Windows Server 2008 Standard without Hyper-V Windows Web Server 2008 Windows 7 Service Pack 1, when used with: Windows 7 Enterprise Windows 7 Home Premium Windows 7 Home Basic Windows 7 Professional Windows 7 Starter Windows 7 Ultimate Windows Server 2008 R2 Service Pack 1, when used with: Windows Server 2008 R2 Datacenter Windows Server 2008 R2 Enterprise Windows Server 2008 R2 for Itanium-Based Systems Windows Server 2008 R2 Foundation Windows Server 2008 R2 Standard Windows Web Server 2008 R2 Windows 8 Windows 8 Pro Windows 8 Enterprise Windows Server 2012 Datacenter Windows Server 2012 Essentials Windows Server 2012 Foundation Windows Server 2012 Standard |
Included Updates: |
|||
| Bulletin ID: MS13-051 |
Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-050 |
Title: Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-049 |
Title: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: 2804622 |
Title: Microsoft application virtualization 5.0 service pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft application virtualization 5.0 service pack 1 | ||||
| Applies to: Microsoft Application Virtualization 5.0 for Terminal Services Microsoft Application Virtualization 5.0 for Windows Desktops |
Included Updates: |
|||
| Bulletin ID: MS13-044 |
Title: Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: 2837385 |
Title: Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: may 14, 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft security advisory: update for vulnerabilities in adobe flash player in internet explorer 10: may 14, 2013 | ||||
| Applies to: Windows 8 Windows 8 Release Preview Windows 8 Enterprise Windows 8 Enterprise N Windows 8 N Windows 8 Pro N Windows Server 2012 Datacenter Windows Server 2012 Essentials Windows Server 2012 Foundation Microsoft Hyper-V Server 2012 Windows Server 2012 Standard |
Included Updates: |
|||
| Bulletin ID: 2826664 |
Title: Update rollup 2 for system center 2012 service pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 2 for system center 2012 service pack 1 | ||||
| Applies to: Microsoft System Center 2012 |
Included Updates: |
|||
| Bulletin ID: 2820197 |
Title: Microsoft security advisory: update rollup for activex kill bits: may 14, 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft security advisory: update rollup for activex kill bits: may 14, 2013 | ||||
| Applies to: Windows RT Windows 8 Windows 8 Enterprise Windows 8 Pro Windows Server 2012 Datacenter Windows Server 2012 Essentials Windows Server 2012 Foundation Windows Server 2012 Standard Windows 7 Service Pack 1, when used with: Windows 7 Enterprise Windows 7 Professional Windows 7 Ultimate Windows 7 Home Premium Windows 7 Home Basic Windows Server 2008 R2 Service Pack 1, when used with: Windows Server 2008 R2 Standard Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Datacenter Windows Server 2008 Service Pack 2, when used with: Windows Server 2008 for Itanium-Based Systems Windows Server 2008 Datacenter Windows Server 2008 Enterprise Windows Server 2008 Standard Windows Web Server 2008 Windows Vista Service Pack 2, when used with: Windows Vista Business Windows Vista Enterprise Windows Vista Home Basic Windows Vista Home Premium Windows Vista Starter Windows Vista Ultimate Windows Vista Enterprise 64-bit Edition Windows Vista Home Basic 64-bit Edition Windows Vista Home Premium 64-bit Edition Windows Vista Ultimate 64-bit Edition Windows Vista Business 64-bit Edition Microsoft Windows Server 2003 Service Pack 2, when used with: Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Web Edition Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems Microsoft Windows XP Service Pack 3, when used with: Microsoft Windows XP Home Edition Microsoft Windows XP Professional |
Included Updates: |
|||
| Bulletin ID: MS13-046 |
Title: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core Installation Option |
Included Updates: |
|||
| Bulletin ID: MS13-043 |
Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Suites and Components Other Microsoft Office Software |
Included Updates: |
|||
| Bulletin ID: MS13-042 |
Title: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user open a specially crafted Publisher file with an affected version of Microsoft Publisher. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Suites and Components |
Included Updates: |
|||
| Bulletin ID: MS13-041 |
Title: Vulnerability in Lync Could Allow Remote Code Execution (2834695) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Lync. The vulnerability could allow remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator and then convinces a user to accept an invitation to view or share the presentable content. In all cases, an attacker would have no way to force users to view or share the attacker-controlled file or program. Instead, an attacker would have to convince users to take action, typically by getting them to accept an invitation in Lync or Communicator to view or share the presentable content. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-040 |
Title: Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in the .NET Framework. The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. An attacker who successfully exploited the vulnerabilities could modify the contents of an XML file without invalidating the file's signature and could gain access to endpoint functions as if they were an authenticated user. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-039 |
Title: Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client. | ||||
| Applies to: Windows 8 Windows 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-038 |
Title: Security Update for Internet Explorer (2847204) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 8 Internet Explorer 9 |
Included Updates: |
|||
| Bulletin ID: MS13-037 |
Title: Cumulative Security Update for Internet Explorer (2829530) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: MS13-009 |
Title: Cumulative Security Update for Internet Explorer (2792100) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves thirteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: 2815354 |
Title: Cumulative update for the lync 2010 attendee - administrator level installation: april 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for the lync 2010 attendee - administrator level installation: april 2013 | ||||
| Applies to: Microsoft Lync 2010 Attendee |
Included Updates: |
|||
| Bulletin ID: 2815347 |
Title: Cumulative update package for lync 2010: april 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for lync 2010: april 2013 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: MS13-036 |
Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the most severe vulnerabilities. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core Installation Option |
Included Updates: |
|||
| Bulletin ID: MS12-041 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Embedded Standard 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-033 |
Title: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows Server 2008 Windows 7 Windows Embedded Standard 7 Windows Server 2008 R2 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS12-032 |
Title: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. | ||||
| Applies to: Windows Embedded Standard 7 Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS12-009 |
Title: Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2008 Windows 7 Windows Vista Windows Embedded Standard 7 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS12-005 |
Title: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS12-003 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. All supported editions of Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Server 2008 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS12-001 |
Title: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-097 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-085 |
Title: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-075 |
Title: Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-071 |
Title: Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Embedded Standard 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows 7 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS13-034 |
Title: Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client. The vulnerability could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: 2793346 |
Title: Cumulative update for lync server 2010, conferencing server: march 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, conferencing server: march 2013 | ||||
| Applies to: Microsoft Lync Server 2010 Enterprise Edition Microsoft Lync Server 2010 Standard Edition |
Included Updates: |
|||
| Bulletin ID: 2793341 |
Title: Cumulative update for lync server 2010, unified communications managed api 3.0 runtime: march 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, unified communications managed api 3.0 runtime: march 2013 | ||||
| Applies to: Microsoft Unified Communications Managed API v3.0 Core Runtime |
Included Updates: |
|||
| Bulletin ID: 2793338 |
Title: Cumulative update for lync server 2010, web components server: march 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, web components server: march 2013 | ||||
| Applies to: Microsoft Lync Server 2010 Enterprise Edition Microsoft Lync Server 2010 Standard Edition |
Included Updates: |
|||
| Bulletin ID: 2791381 |
Title: Cumulative update for lync server 2010: march 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010: march 2013 | ||||
| Applies to: Microsoft Lync Server 2010 Enterprise Edition Microsoft Lync Server 2010 Standard Edition |
Included Updates: |
|||
| Bulletin ID: 2791312 |
Title: Update rollup 13 for microsoft dynamics crm 2011 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 13 for microsoft dynamics crm 2011 is available | ||||
| Applies to: Microsoft Dynamics CRM 2011 |
Included Updates: |
|||
| Bulletin ID: 2768001 |
Title: Sharepoint server 2013 and project server 2013 update: march 12, 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Sharepoint server 2013 and project server 2013 update: march 12, 2013 | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Server 2013 |
Included Updates: |
|||
| Bulletin ID: MS13-035 |
Title: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-033 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in all supported editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-032 |
Title: Vulnerability in Active Directory Could Lead to Denial of Service (2830914) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-031 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-030 |
Title: Vulnerability in SharePoint Could Allow Information Disclosure (2827663) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability. | ||||
| Applies to: Software Update Package Maximum Security Impact Microsoft SharePoint Server |
Included Updates: |
|||
| Bulletin ID: MS13-028 |
Title: Cumulative Security Update for Internet Explorer (2817183) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: 2819679 |
Title: Update rollup 3 for microsoft system center advisor: march 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 3 for microsoft system center advisor: march 2013 | ||||
| Applies to: Microsoft System Center 2012 Advisor |
Included Updates: |
|||
| Bulletin ID: 2814853 |
Title: A hotfix rollup package (build 4.1.3419.0) is available for forefront identity manager 2010 r2 |
Update Type: Update Rollup |
Severity: |
|
| Description: A hotfix rollup package (build 4.1.3419.0) is available for forefront identity manager 2010 r2 | ||||
| Applies to: Microsoft Forefront Identity Manager 2010 R2 |
Included Updates: |
|||
| Bulletin ID: 2796554 |
Title: Cumulative update 5.0.8308.291 for lync server 2013, mediation server: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013, mediation server: february 2013 | ||||
| Applies to: Microsoft Lync Server 2013 |
Included Updates: |
|||
| Bulletin ID: 2787570 |
Title: Cumulative update 5.0.8308.291 for lync server 2013, web conferencing server: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013, web conferencing server: february 2013 | ||||
| Applies to: Microsoft Lync Server 2013 |
Included Updates: |
|||
| Bulletin ID: 2781564 |
Title: Cumulative update 5.0.8308.291 for lync server 2013, web components: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013, web components: february 2013 | ||||
| Applies to: Microsoft Lync Server 2013 |
Included Updates: |
|||
| Bulletin ID: 2781555 |
Title: Cumulative update 5.0.8308.291 for lync server 2013, unified communications managed api 4.0 runtime: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013, unified communications managed api 4.0 runtime: february 2013 | ||||
| Applies to: Microsoft Unified Communications Managed API v3.0 Core Runtime |
Included Updates: |
|||
| Bulletin ID: 2781551 |
Title: Cumulative update 5.0.8308.291 for lync server 2013, conferencing server: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013, conferencing server: february 2013 | ||||
| Applies to: Microsoft Lync Server 2013 |
Included Updates: |
|||
| Bulletin ID: 2781550 |
Title: Cumulative update 5.0.8308.291 for lync server 2013, core components: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013, core components: february 2013 | ||||
| Applies to: Microsoft Lync Server 2013 |
Included Updates: |
|||
| Bulletin ID: 2781549 |
Title: Cumulative update 5.0.8308.291 for the lync server 2013, call park service: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for the lync server 2013, call park service: february 2013 | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: 2781547 |
Title: Cumulative update 5.0.8308.291 for lync server 2013: february 2013 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update 5.0.8308.291 for lync server 2013: february 2013 | ||||
| Applies to: Microsoft Lync Server 2013 |
Included Updates: |
|||
| Bulletin ID: 2791647 |
Title: Windows multipoint server 2012 general availability cumulative update |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows multipoint server 2012 general availability cumulative update | ||||
| Applies to: Windows Multipoint Server 2012 Premium Windows Multipoint Server 2012 Standard |
Included Updates: |
|||
| Bulletin ID: MS13-025 |
Title: Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-024 |
Title: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-023 |
Title: Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-022 |
Title: Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-021 |
Title: Cumulative Security Update for Internet Explorer (2809289) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves eight privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: 2793634 |
Title: Windows installer starts repeatedly after you install sql server 2012 sp1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows installer starts repeatedly after you install sql server 2012 sp1 | ||||
| Applies to: Microsoft SQL Server 2012 Service Pack 1 |
Included Updates: |
|||
| Bulletin ID: 2790947 |
Title: Cumulative update package 2 for sql server 2012 service pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package 2 for sql server 2012 service pack 1 | ||||
| Applies to: Microsoft SQL Server 2012 Service Pack 1, when used with: Microsoft SQL Server 2012 Standard Microsoft SQL Server 2012 Web Microsoft SQL Server 2012 Developer Microsoft SQL Server 2012 Enterprise |
Included Updates: |
|||
| Bulletin ID: 2781267 |
Title: Update rollup 1 for windows server 2012 essentials is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 1 for windows server 2012 essentials is available | ||||
| Applies to: Windows Server 2012 Essentials |
Included Updates: |
|||
| Bulletin ID: 907747 |
Title: "Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide" is now available |
Update Type: Update Rollup |
Severity: |
|
| Description: The Microsoft Exchange Server Intelligent Message Filter v2 Operations Guide is now available. | ||||
| Applies to: Exchange Server 2003 |
Included Updates: |
|||
| Bulletin ID: 2795627 |
Title: Update rollup 12 for microsoft dynamics crm 2011 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 12 for microsoft dynamics crm 2011 is available | ||||
| Applies to: Microsoft Dynamics CRM 2011 |
Included Updates: |
|||
| Bulletin ID: MS13-020 |
Title: Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user opens a specially crafted file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS13-019 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-018 |
Title: Vulnerability in TCP/IP Could Allow Denial of Service (2790655) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an unauthenticated attacker sends a specially crafted connection termination packet to the server. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-017 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities in all supported releases of Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-016 |
Title: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves 30 privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-015 |
Title: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in the .NET Framework. The vulnerability could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-014 |
Title: Vulnerability in NFS Server Could Allow Denial of Service (2790978) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share. An attacker who exploited this vulnerability could cause the affected system to stop responding and restart. The vulnerability only affects Windows servers with the NFS role enabled. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-012 |
Title: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server. The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. | ||||
| Applies to: Microsoft Server Software |
Included Updates: |
|||
| Bulletin ID: MS13-011 |
Title: Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as an .mpg file), opens a Microsoft Office document (such as a .ppt file) that contains a specially crafted embedded media file, or receives specially crafted streaming content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS13-010 |
Title: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). The vulnerability could allow remote code execution if a user viewed a specially crafted webpage using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: MS13-004 |
Title: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves four privately reported vulnerabilities in the .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerabilities could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: 2796170 |
Title: Update rollup 4 for windows server solutions best practices analyzer 1.0 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 4 for windows server solutions best practices analyzer 1.0 is available | ||||
| Applies to: Windows Small Business Server 2011 Essentials Windows Small Business Server 2011 Standard Windows MultiPoint Server 2011 Premium Windows MultiPoint Server 2011 Standard Windows Storage Server 2008 R2 Essentials |
Included Updates: |
|||
| Bulletin ID: 2765224 |
Title: Cumulative update package for office communications server 2007 r2, communicator web access: december 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for office communications server 2007 r2, communicator web access: december 2012 | ||||
| Applies to: Microsoft Office Communications Server 2007 R2 Enterprise Edition Microsoft Office Communications Server 2007 Standard Edition |
Included Updates: |
|||
| Bulletin ID: 2764850 |
Title: Cumulative update package for office communications server 2007 r2, application sharing server: december 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for office communications server 2007 r2, application sharing server: december 2012 | ||||
| Applies to: Microsoft Office Communications Server 2007 R2 Enterprise Edition Microsoft Office Communications Server 2007 R2 Standard Edition |
Included Updates: |
|||
| Bulletin ID: 2755391 |
Title: Cumulative update package for office communicator 2007 r2: december 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for office communicator 2007 r2: december 2012 | ||||
| Applies to: Microsoft Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2686823 |
Title: Update for office communications server 2007 r2, unified communications managed api 2.0 core redist 64-bit: april 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update for office communications server 2007 r2, unified communications managed api 2.0 core redist 64-bit: april 2012 | ||||
| Applies to: Microsoft Office Communications Server 2007 R2 Enterprise Edition Microsoft Office Communications Server 2007 R2 Standard Edition |
Included Updates: |
|||
| Bulletin ID: MS13-007 |
Title: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows XP Windows Server 2003 Service Pack 2 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS13-008 |
Title: Security Update for Internet Explorer (2799329) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 |
Included Updates: |
|||
| Bulletin ID: MS13-005 |
Title: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core Installation Option |
Included Updates: |
|||
| Bulletin ID: MS13-002 |
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website. | ||||
| Applies to: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for 64-bit Systems Windows Server 2012 Windows RT Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) |
Included Updates: |
|||
| Bulletin ID: MS13-001 |
Title: Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-078 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker's website. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: 2757013 |
Title: Update rollup 4 for windows storage server 2008 r2 essentials is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 4 for windows storage server 2008 r2 essentials is available | ||||
| Applies to: Windows Storage Server 2008 R2 Essentials |
Included Updates: |
|||
| Bulletin ID: 2738315 |
Title: Microsoft application virtualization 4.6 service pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft application virtualization 4.6 service pack 2 | ||||
| Applies to: Microsoft Application Virtualization 4.6 for Terminal Services Microsoft Application Virtualization 4.6 for Windows Desktops Microsoft Application Virtualization 4.6 Sequencer |
Included Updates: |
|||
| Bulletin ID: MS12-083 |
Title: Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker presents a revoked certificate to an IP-HTTPS server commonly used in Microsoft DirectAccess deployments. To exploit the vulnerability, an attacker must use a certificate issued from the domain for IP-HTTPS server authentication. Logging on to a system inside the organization would still require system or domain credentials. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2012 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-081 |
Title: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-080 |
Title: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. | ||||
| Applies to: Microsoft Server Software |
Included Updates: |
|||
| Bulletin ID: MS12-079 |
Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Suites and Components Other Microsoft Office Software |
Included Updates: |
|||
| Bulletin ID: MS12-077 |
Title: Cumulative Security Update for Internet Explorer (2761465) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 |
Included Updates: |
|||
| Bulletin ID: MS12-060 |
Title: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability. | ||||
| Applies to: Office 2010 Office 2003 Office 2007 SQL Server 2000 Host Integration Server 2004 |
Included Updates: |
|||
| Bulletin ID: MS12-059 |
Title: Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-057 |
Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or embeds a specially crafted Computer Graphics Metafile (CGM) graphics file into an Office file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS12-043 |
Title: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website. | ||||
| Applies to: Office 2007 Office 2003 Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows 7 Windows Server 2008 R2 Windows XP Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: 2674319 |
Title: Bugs that are fixed in sql server 2012 service pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Bugs that are fixed in sql server 2012 service pack 1 | ||||
| Applies to: Microsoft SQL Server 2012 Service Pack 1, when used with: Microsoft SQL Server 2012 Standard Microsoft SQL Server 2012 Developer Microsoft SQL Server 2012 Enterprise Microsoft SQL Server 2012 Web |
Included Updates: |
|||
| Bulletin ID: 2770835 |
Title: Update rollup 2 is available for system center advisor: november 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 2 is available for system center advisor: november 2012 | ||||
| Applies to: Microsoft System Center 2012 Advisor |
Included Updates: |
|||
| Bulletin ID: 2752160 |
Title: Cumulative update for the lync 2010 attendee - administrator level installation: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for the lync 2010 attendee - administrator level installation: october 2012 | ||||
| Applies to: Microsoft Lync 2010 Attendee |
Included Updates: |
|||
| Bulletin ID: 2751447 |
Title: Cumulative update for lync server 2010, conferencing server: november 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, conferencing server: november 2012 | ||||
| Applies to: Microsoft Lync Server 2010 Enterprise Edition Microsoft Lync Server 2010 Standard Edition |
Included Updates: |
|||
| Bulletin ID: 2743736 |
Title: Cumulative update for lync server 2010, mobility service: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, mobility service: october 2012 | ||||
| Applies to: Microsoft Lync Server 2010 Standard Edition Microsoft Lync Server 2010 Enterprise Edition |
Included Updates: |
|||
| Bulletin ID: 2740406 |
Title: Cumulative update for lync server 2010, unified communications managed api 3.0 runtime: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, unified communications managed api 3.0 runtime: october 2012 | ||||
| Applies to: Microsoft Unified Communications Managed API v3.0 Core Runtime |
Included Updates: |
|||
| Bulletin ID: 2740403 |
Title: Cumulative update for lync server 2010, core components: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, core components: october 2012 | ||||
| Applies to: Microsoft Lync Server 2010 Standard Edition Microsoft Lync Server 2010 Enterprise Edition |
Included Updates: |
|||
| Bulletin ID: 2737915 |
Title: Cumulative update for lync server 2010: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010: october 2012 | ||||
| Applies to: Microsoft Lync Server 2010 Standard Edition Microsoft Lync Server 2010 Enterprise Edition |
Included Updates: |
|||
| Bulletin ID: 2737902 |
Title: Cumulative update for lync server 2010, web components server: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for lync server 2010, web components server: october 2012 | ||||
| Applies to: Microsoft Lync Server 2010 Standard Edition Microsoft Lync Server 2010 Enterprise Edition |
Included Updates: |
|||
| Bulletin ID: 2737155 |
Title: Cumulative update package for lync 2010: october 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for lync 2010: october 2012 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-076 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves four privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file with an affected version of Microsoft Excel. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Suites and Components Microsoft Office for Mac Other Microsoft Office Software |
Included Updates: |
|||
| Bulletin ID: MS12-075 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves three privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker's website. | ||||
| Applies to: Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-074 |
Title: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves five privately reported vulnerabilities in the .NET Framework. The most severe of these vulnerabilities could allow remote code execution if an attacker convinces the user of a target system to use a malicious proxy auto configuration file and then injects code into the currently running application. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-073 |
Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The more severe vulnerability could allow information disclosure if an attacker sends specially crafted FTP commands to the server. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows 7 Windows 2008 R2 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-072 |
Title: Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user browses to a specially crafted briefcase in Windows Explorer. An attacker who successfully exploited the vulnerabilities could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Operating System |
Included Updates: |
|||
| Bulletin ID: MS12-071 |
Title: Cumulative Security Update for Internet Explorer (2761451) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves three privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 9 |
Included Updates: |
|||
| Bulletin ID: MS12-046 |
Title: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2739504 |
Title: Update rollup 11 for microsoft dynamics crm 2011 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 11 for microsoft dynamics crm 2011 is available | ||||
| Applies to: Microsoft Dynamics CRM 2011 |
Included Updates: |
|||
| Bulletin ID: MS12-070 |
Title: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft SQL Server on systems running SQL Server Reporting Services (SSRS). The vulnerability is a cross-site-scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user. An attacker could exploit this vulnerability by sending a specially crafted link to the user and convincing the user to click the link. An attacker could also host a website that contains a webpage designed to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS12-069 |
Title: Vulnerability in Kerberos Could Allow Denial of Service (2743555) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-068 |
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in all supported releases of Microsoft Windows except Windows 8 and Windows Server 2012. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Server Core installation option |
Included Updates: |
|||
| Bulletin ID: MS12-067 |
Title: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves publicly disclosed vulnerabilities in Microsoft FAST Search Server 2010 for SharePoint. The vulnerabilities could allow remote code execution in the security context of a user account with a restricted token. FAST Search Server for SharePoint is only affected by this issue when Advanced Filter Pack is enabled. By default, Advanced Filter Pack is disabled. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS12-066 |
Title: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS12-065 |
Title: Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Word file using Microsoft Works. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Included Updates: |
|||
| Bulletin ID: MS12-064 |
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Office. The more severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Suites and Components Other Microsoft Office Software |
Included Updates: |
|||
| Bulletin ID: MS12-058 |
Title: Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server WebReady Document Viewing. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network. | ||||
| Applies to: Exchange Server 2007 Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-055 |
Title: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows Embedded Standard 7 Windows 7 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS12-053 |
Title: Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. | ||||
| Applies to: Windows XP |
Included Updates: |
|||
| Bulletin ID: 2727727 |
Title: Skype 5.10 for windows update on august 14, 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Skype 5.10 for windows update on august 14, 2012 | ||||
| Applies to: Skype Microsoft Windows Update Microsoft Update |
Included Updates: |
|||
| Bulletin ID: 2729101 |
Title: Windows small business server 2008 update rollup 6 |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows small business server 2008 update rollup 6 | ||||
| Applies to: Windows Small Business Server 2008 Premium Windows Small Business Server 2008 Standard |
Included Updates: |
|||
| Bulletin ID: 2729100 |
Title: Update rollup 3 for windows small business server 2011 standard is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update rollup 3 for windows small business server 2011 standard is available | ||||
| Applies to: Windows Small Business Server 2011 Standard |
Included Updates: |
|||
| Bulletin ID: 2546951 |
Title: List of issues that are fixed by SQL Server 2008 Service Pack 3 |
Update Type: Service Pack |
Severity: |
|
| Description: List of issues that are fixed by SQL Server 2008 Service Pack 3 | ||||
| Applies to: SQL Server 2008 |
Included Updates: |
|||
| Bulletin ID: 2528583 |
Title: List of the bugs that are fixed in SQL Server 2008 R2 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: List of the bugs that are fixed in SQL Server 2008 R2 Service Pack 1 | ||||
| Applies to: SQL Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-061 |
Title: Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. | ||||
| Applies to: Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1 |
Included Updates: |
|||
| Bulletin ID: MS12-063 |
Title: Cumulative Security Update for Internet Explorer (2744842) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
Included Updates: |
|||
| Bulletin ID: 2705122 |
Title: Update Rollup 3 for Windows Storage Server 2008 R2 Essentials is available |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-052 |
Title: Cumulative Security Update for Internet Explorer (2722913) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Internet Explorer 8 Dynamic Installer Windows Internet Explorer 7.0 Dynamic Installer Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Embedded Standard 7 Windows 7 Windows Server 2008 R2 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS12-045 |
Title: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS12-034 |
Title: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. | ||||
| Applies to: Windows Vista Silverlight Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows 7 Windows Server 2008 R2 Windows Server 2008 Office 2010 Office 2003 Office 2007 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS12-024 |
Title: Vulnerability in Windows Could Allow Remote Code Execution (2653956) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system. | ||||
| Applies to: Windows Vista Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS12-020 |
Title: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. | ||||
| Applies to: Windows Vista Windows Embedded Standard 7 Windows 7 Windows Server 2008 R2 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS12-013 |
Title: Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS12-004 |
Title: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows XP Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS11-092 |
Title: Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so. | ||||
| Applies to: Windows Vista Windows XP x64 Edition Windows XP Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2710559 |
Title: Description of the cumulative update for Lync Server 2010, Web Components Server: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2708617 |
Title: Description of the cumulative update for Lync Server 2010, Mobility Service: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2708616 |
Title: Description of the cumulative update for Lync Server 2010, Web Conferencing Server: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2701664 |
Title: Description of the cumulative update package for Lync 2010: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2701663 |
Title: Description of the cumulative update for Lync Server 2010, Core Components: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2701659 |
Title: Description of the cumulative update for Lync Server 2010, Conferencing Attendant: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2701655 |
Title: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2701585 |
Title: Description of the cumulative update for Lync Server 2010: June 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-050 |
Title: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Office 2010 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS12-047 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 R2 Windows Server 2008 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS12-044 |
Title: Cumulative Security Update for Internet Explorer (2719177) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows 7 Windows Server 2008 Windows Embedded Standard 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-035 |
Title: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Vista Windows XP x64 Edition Windows XP Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-016 |
Title: Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Silverlight Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-100 |
Title: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows Server 2008 Windows XP x64 Edition Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-078 |
Title: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows 7 Windows Server 2008 R2 Windows Server 2008 Windows Vista Silverlight |
Included Updates: |
|||
| Bulletin ID: MS11-044 |
Title: Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2699813 |
Title: Update Rollup 3 for Windows Server Solutions Best Practices Analyzer 1.0 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 3 for Windows Server Solutions Best Practices Analyzer 1.0 is available | ||||
| Applies to: Windows Server Solutions Best Practices Analyzer 1.0 |
Included Updates: |
|||
| Bulletin ID: MS12-042 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS12-039 |
Title: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Lync. The most severe vulnerabilities could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts. | ||||
| Applies to: Microsoft Communicator 2007 R2 Microsoft Lync 2010 (32-bit) Microsoft Lync 2010 (64-bit) Microsoft Lync 2010 Attendee Microsoft Lync 2010 Attendee Microsoft Lync 2010 Attendant (32-bit) Microsoft Lync 2010 Attendant (64-bit) |
Included Updates: |
|||
| Bulletin ID: MS12-038 |
Title: Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one privately reported vulnerability in the Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-037 |
Title: Cumulative Security Update for Internet Explorer (2699988) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Embedded Standard 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-025 |
Title: Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows XP x64 Edition Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows XP |
Included Updates: |
|||
| Bulletin ID: 2695182 |
Title: An update is available for System Center Advisor: May 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: An update is available for System Center Advisor: May 2012 | ||||
| Applies to: System Center Advisor |
Included Updates: |
|||
| Bulletin ID: 2691812 |
Title: Description of the Update Rollup 2 for System Center Virtual Machine Manager 2008 R2 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the Update Rollup 2 for System Center Virtual Machine Manager 2008 R2 Service Pack 1 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: 2661854 |
Title: Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2600644 |
Title: Update Rollup 8 for Microsoft Dynamics CRM 2011 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 8 for Microsoft Dynamics CRM 2011 is available | ||||
| Applies to: Microsoft Dynamics CRM 2011 |
Included Updates: |
|||
| Bulletin ID: MS12-031 |
Title: Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-030 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-029 |
Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS12-021 |
Title: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Visual Studio 2010 Visual Studio 2008 |
Included Updates: |
|||
| Bulletin ID: 2695369 |
Title: Description of the update for Lync Server 2010, Core Components: March 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010, Core Components: March 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2689850 |
Title: Description of the update for Lync Server 2010, Mobility Service: March 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010, Mobility Service: March 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2689848 |
Title: Description of the update package for Lync Server 2010, Web Components Server: March 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update package for Lync Server 2010, Web Components Server: March 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2689846 |
Title: Description of the update for Lync Server 2010: March 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010: March 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2684739 |
Title: Description of the update for Lync 2010: March 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync 2010: March 2012 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2670540 |
Title: Description of the cumulative update for Lync Server 2010, Conferencing Attendant: February 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Conferencing Attendant: February 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2670539 |
Title: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: February 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: February 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2670358 |
Title: Description of the cumulative update for Lync Server 2010, Administrative Tools: February 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Administrative Tools: February 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2658819 |
Title: Description of the update for Lync Server 2010, Web Conferencing Server: January 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010, Web Conferencing Server: January 2012 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2673774 |
Title: Upgrade to Bing Bar version 7.1 from MSN Toolbar and from earlier versions of Bing Bar |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Microsoft Update for the following versions of MSN Toolbar and of Bing Bar: MSN Toolbar version 3.0 MSN Toolbar version 4.0 Bing Bar version 5.0 Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.1. | ||||
| Applies to: Bing Bar |
Included Updates: |
|||
| Bulletin ID: MS12-028 |
Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Works 9 Works 6-9 Converter Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS12-027 |
Title: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability. | ||||
| Applies to: Office 2003 Office 2007 Office 2010 SQL Server 2000 |
Included Updates: |
|||
| Bulletin ID: MS12-023 |
Title: Cumulative Security Update for Internet Explorer (2675157) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows Server 2008 R2 Windows Vista Windows 7 |
Included Updates: |
|||
| Bulletin ID: 923706 |
Title: How to obtain the latest service pack for System Center Data Protection Manager 2006 |
Update Type: Service Pack |
Severity: |
|
| Description: How to obtain the latest service pack for System Center Data Protection Manager 2006 | ||||
| Applies to: Data Protection Manager 2006 |
Included Updates: |
|||
| Bulletin ID: 948016 |
Title: Update Rollup 2 for Exchange Server 2007 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 1 (SP1). For more information about this update rollup, see the following Microsoft Web site: | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 942846 |
Title: Update Rollup 6 for Exchange Server 2007 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft has released Update Rollup 6 for Microsoft Exchange Server 2007. For more information about this update rollup, see the following Microsoft Web site: | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 941421 |
Title: Update Rollup 5 for Exchange Server 2007 |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft has released Update Rollup 5 for Microsoft Exchange Server 2007. For more information about this update rollup, see the following Microsoft Web site: | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 870540 |
Title: Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup |
Update Type: Update |
Severity: |
|
| Description: Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup | ||||
| Applies to: Exchange 2000 Server |
Included Updates: |
|||
| Bulletin ID: 843188 |
Title: Office 2003 Service Pack 1 for Proofing Tools |
Update Type: Service Pack |
Severity: |
|
| Description: Office 2003 Service Pack 1 for Proofing Tools | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: 843187 |
Title: Office 2003 Service Pack 1 for Multilingual User Interface Pack |
Update Type: Service Pack |
Severity: |
|
| Description: Office 2003 Service Pack 1 for Multilingual User Interface Pack | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: 842774 |
Title: OneNote 2003 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: OneNote 2003 Service Pack 1 | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: 842532 |
Title: Office 2003 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft has released a service pack for Microsoft Office 2003. Microsoft Office 2003 Service Pack 1 (SP1) provides the latest updates to Microsoft Office 2003. Office 2003 SP1 contains significant security enhancements and stability and performance improvements. Office 2003 SP1 also includes many performance and feature enhancements to Microsoft Office InfoPath 2003. | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: 840663 |
Title: Visio 2003 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Visio 2003 Service Pack 1 | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: 837240 |
Title: Project 2003 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Project 2003 Service Pack 1 | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: 834693 |
Title: Office XP Service Pack 3 for Access 2002 Runtime |
Update Type: Service Pack |
Severity: |
|
| Description: Office XP Service Pack 3 for Access 2002 Runtime | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 832671 |
Title: Microsoft Office XP Service Pack 3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office XP Service Pack 3 | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 830242 |
Title: Visio 2002 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Visio 2002 Service Pack 2 | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 830241 |
Title: Microsoft Project 2002 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Project 2002 Service Pack 1 | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS06-061 |
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. | ||||
| Applies to: Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows XP x64 Edition Office 2003 SQL Server Feature Pack |
Included Updates: |
|||
| Bulletin ID: MS06-029 |
Title: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) |
Update Type: Security Update |
Severity: Important |
|
| Description: This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could perform script injection attacks. | ||||
| Applies to: Exchange Server 2003 Exchange 2000 Server |
Included Updates: |
|||
| Bulletin ID: MS06-019 |
Title: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. | ||||
| Applies to: Exchange Server 2003 Exchange 2000 Server |
Included Updates: |
|||
| Bulletin ID: MS05-048 |
Title: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) |
Update Type: Security Update |
Severity: Important |
|
| Description: This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Exchange 2000 Server |
Included Updates: |
|||
| Bulletin ID: MS05-035 |
Title: Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS05-023 |
Title: Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. The vulnerabilities are documented in the Vulnerability Details section of this bulletin. | ||||
| Applies to: Office 2002/XP Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS05-006 |
Title: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This update resolves a newly-discovered, privately-reported vulnerability. A cross-site scripting and spoofing vulnerability exists in the affected software that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. | ||||
| Applies to: Office 2002/XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS05-005 |
Title: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS04-027 |
Title: Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) |
Update Type: Security Update |
Severity: Important |
|
| Description: This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the WordPerfect 5.x Converter that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin. | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 2639688 |
Title: Description of Service Pack 1 update to SQL Server 2008 R2 - PowerPivot for Microsoft Excel 2010 |
Update Type: Service Pack |
Severity: |
|
| Description: Description of Service Pack 1 update to SQL Server 2008 R2 - PowerPivot for Microsoft Excel 2010 | ||||
| Applies to: Microsoft SQL Server 2008 R2 - PowerPivot for Microsoft Excel 2010 |
Included Updates: |
|||
| Bulletin ID: 2673773 |
Title: Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for the following versions of MSN Toolbar and of Bing Bar: MSN Toolbar version 3.0 MSN Toolbar version 4.0 Bing Bar version 5.0 Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the toolbar that is currently installed on your computer is upgraded to Bing Bar version 7.1. | ||||
| Applies to: Bing Bar |
Included Updates: |
|||
| Bulletin ID: 2673772 |
Title: Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for the following versions of MSN Toolbar and of Bing Bar: MSN Toolbar version 3.0 MSN Toolbar version 4.0 Bing Bar version 5.0 Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the toolbar that is currently installed on your computer is upgraded to Bing Bar version 7.1. | ||||
| Applies to: Bing Bar |
Included Updates: |
|||
| Bulletin ID: 2660819 |
Title: Update Rollup 2 for Windows Small Business Server 2011 Standard is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Consider the following scenario: You enable the Unified Extensible Firmware Interface (UEFI) mode on a computer that is running Windows Small Business Server 2011 Standard. You configure a recurring backup task on the computer. You try to perform a bare-metal recovery by using the Recovery Console.In this scenario, bare metal recovery does not find any valid backups. | ||||
| Applies to: Windows Small Business Server 2011 Standard |
Included Updates: |
|||
| Bulletin ID: 2645995 |
Title: Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-022 |
Title: Vulnerability in Expression Design Could Allow Remote Code Execution (2651018) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Expression Design could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN file) from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Expression Design 4 Expression Design 3 Expression Design 2 Expression Design 1 |
Included Updates: |
|||
| Bulletin ID: MS12-019 |
Title: Vulnerability in DirectWrite Could Allow Denial of Service (2665364) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows DirectWrite. In an Instant Messenger-based attack scenario, the vulnerability could allow denial of service if an attacker sends a specially crafted sequence of Unicode characters directly to an Instant Messenger client. The target application could become unresponsive when DirectWrite renders the specially crafted sequence of Unicode characters. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows Vista Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS12-018 |
Title: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Server 2008 R2 Windows Vista Windows Embedded Standard 7 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS12-017 |
Title: Vulnerability in DNS Server Could Allow Denial of Service (2647170) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-067 |
Title: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. | ||||
| Applies to: Report Viewer 2005 Visual Studio 2005 |
Included Updates: |
|||
| Bulletin ID: MS11-025 |
Title: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application. | ||||
| Applies to: Visual Studio 2010 Visual Studio 2008 Visual Studio 2005 |
Included Updates: |
|||
| Bulletin ID: MS10-058 |
Title: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows Embedded Standard 7 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2673771 |
Title: Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for the following versions of MSN Toolbar and Bing Bar: MSN Toolbar version 3.0 MSN Toolbar version 4.0 Bing Bar version 5.0 Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.1. | ||||
| Applies to: Bing Bar |
Included Updates: |
|||
| Bulletin ID: 2673770 |
Title: Upgrade to Bing Bar version 7.1 from MSN Toolbar and earlier versions of Bing Bar |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for the following versions of MSN Toolbar and Bing Bar: MSN Toolbar version 3.0 MSN Toolbar version 4.0 Bing Bar version 5.0 Bing Bar version 6.0This update improves the stability and reliability of these toolbars. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.1. | ||||
| Applies to: Bing Bar |
Included Updates: |
|||
| Bulletin ID: 2635086 |
Title: Update Rollup 2 (build 4.0.3606.2) is available for Forefront Identity Manager 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 2 (build 4.0.3606.2) is available for Microsoft Forefront Identity Manager (FIM) 2010. This hotfix package resolves several issues and adds several features that are described in the "More Information" section. Additionally, this update contains all servicing fixes that were made since the release of FIM 2010. | ||||
| Applies to: Forefront Identity Manager 2010 |
Included Updates: |
|||
| Bulletin ID: 2608656 |
Title: Description of Update Rollup 6 for Exchange Server 2007 Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 6 for Exchange Server 2007 Service Pack 3 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 2670498 |
Title: Description of the cumulative update for Lync 2010: January 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync 2010: January 2012 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2647093 |
Title: Description of the cumulative update package for Communicator 2007 R2: January 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update package for Communicator 2007 R2: January 2012 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2647091 |
Title: Description of the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January, 2012 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January, 2012 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2630436 |
Title: Update Rollup 2 for Windows Storage Server 2008 R2 Essentials is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 2 for Windows Storage Server 2008 R2 Essentials is available | ||||
| Applies to: Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2626067 |
Title: Update Rollup 1.1 for Windows MultiPoint Server 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 1.1 for Windows MultiPoint Server 2011 resolves issues that were found in MultiPoint Server 2011 after the software was released. This update rollup is highly recommended for all MultiPoint Server 2011 customers. | ||||
| Applies to: Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS12-015 |
Title: Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-014 |
Title: Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP |
Included Updates: |
|||
| Bulletin ID: MS12-012 |
Title: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS12-011 |
Title: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL. | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-010 |
Title: Cumulative Security Update for Internet Explorer (2647516) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Embedded Standard 7 Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS12-008 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Vista Windows Server 2008 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2630976 |
Title: "Access Denied" error, or the user is repeatedly prompted for credentials, when the user tries to access an Office 365 resource from a rich client application |
Update Type: Update Rollup |
Severity: |
|
| Description: When a user tries to access a Microsoft Office 365 resource from a rich client application, the user experiences one of the following symptoms:The user is repeatedly prompted to enter his or her credentials.The user receives the following error message: | ||||
| Applies to: Microsoft Online Services Sign-In Assistant |
Included Updates: |
|||
| Bulletin ID: 2600640 |
Title: Update Rollup 6 for Microsoft Dynamics CRM 2011 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 6 for Microsoft Dynamics CRM 2011 is available | ||||
| Applies to: Microsoft Dynamics CRM 2011 |
Included Updates: |
|||
| Bulletin ID: MS11-049 |
Title: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. | ||||
| Applies to: Visual Studio 2008 Visual Studio 2005 SQL Server 2008 SQL Server 2008 R2 Office 2007 Office 2010 Visual Studio 2010 SQL Server 2005 |
Included Updates: |
|||
| Bulletin ID: 2652446 |
Title: Description of the update for Lync Server 2010, Web Components Server: December 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010, Web Components Server: December 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2650982 |
Title: Description of the update for Lync Server 2010: December 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010: December 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2650037 |
Title: Description of the update for Lync Server 2010 Bandwidth Policy Service: December 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update for Lync Server 2010 Bandwidth Policy Service: December 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2640253 |
Title: Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Mediation Server: November 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2514982 |
Title: Description of the cumulative update for Lync 2010: November 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync 2010: November 2011 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2514981 |
Title: Description of the cumulative update for Lync Server 2010, Core Components: November 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Core Components: November 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2514978 |
Title: Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Conferencing Server: November 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2500449 |
Title: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: November 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS12-002 |
Title: Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: 2633952 |
Title: December 2011 cumulative time zone update for Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: Important This update supersedes and replaces update 2570791 (http://support.microsoft.com/KB/2570791) , which was released in August 2011. No additional time zone changes were released as hotfixes after update 2570791 (http://support.microsoft.com/KB/2570791) was published. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Vista Windows 7 Windows Embedded Standard 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2626808 |
Title: Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0. | ||||
| Applies to: Windows Live |
Included Updates: |
|||
| Bulletin ID: MS11-099 |
Title: Cumulative Security Update for Internet Explorer (2618444) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file. | ||||
| Applies to: Windows Internet Explorer 8 Dynamic Installer Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows Server 2008 R2 Windows XP Windows Internet Explorer 7.0 Dynamic Installer Windows Server 2008 Windows Vista Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS11-098 |
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows 7 Windows Server 2008 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS11-096 |
Title: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-095 |
Title: Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Vista Windows Server 2008 R2 Windows Server 2008 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS11-094 |
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-093 |
Title: Vulnerability in OLE Could Allow Remote Code Execution (2624667) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-091 |
Title: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-090 |
Title: Cumulative Security Update of ActiveX Kill Bits (2618451) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Embedded Standard 7 Windows Server 2008 Windows Vista Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-089 |
Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-088 |
Title: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected. | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS11-087 |
Title: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files. | ||||
| Applies to: Windows Embedded Standard 7 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows XP Windows Server 2008 Windows XP x64 Edition Windows Vista Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2626807 |
Title: Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0. | ||||
| Applies to: Windows Live |
Included Updates: |
|||
| Bulletin ID: 2626806 |
Title: Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0. | ||||
| Applies to: Windows Live |
Included Updates: |
|||
| Bulletin ID: 2608646 |
Title: Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 6 for Exchange Server 2010 Service Pack 1 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2526299 |
Title: Description of the 2007 Office Servers SP3 and of the 2007 Office Servers Language Pack SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: The 2007 Microsoft Office servers Service Pack 3 (SP3) and the 2007 Microsoft Office servers Language Pack SP3 provide the latest updates to the 2007 Office Servers and to the 2007 Office Servers Language Pack. This package includes 2007 Microsoft Project Server. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through September 2011.Note Some server products in this service pack install over Windows SharePoint Services 3.0. These server products require Windows SharePoint Services 3.0 SP3. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-086 |
Title: Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-084 |
Title: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message. | ||||
| Applies to: Windows Embedded Standard 7 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-083 |
Title: Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-037 |
Title: Vulnerability in MHTML Could Allow Information Disclosure (2544893) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2626804 |
Title: Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0. | ||||
| Applies to: Windows Live |
Included Updates: |
|||
| Bulletin ID: 2617376 |
Title: Upgrade to Bing Bar version 7.0 from Windows Live Toolbar version 14.0 |
Update Type: Service Pack |
Severity: |
|
| Description: An update is available through Windows Update for Windows Live Toolbar version 14.0. This update improves the stability and reliability of Windows Live Toolbar version 14.0. After you install this update, the currently installed toolbar on your computer is upgraded to Bing Bar version 7.0. | ||||
| Applies to: Windows Live |
Included Updates: |
|||
| Bulletin ID: 983509 |
Title: Description of Visual Studio 2010 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Description of Visual Studio 2010 Service Pack 1 | ||||
| Applies to: Visual Studio 2010 |
Included Updates: |
|||
| Bulletin ID: 2603291 |
Title: Description of the cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: September 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: September 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2603289 |
Title: Description of the cumulative update for Office Communications Server 2007 R2, Core Components: September 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Office Communications Server 2007 R2, Core Components: September 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2603287 |
Title: Description of the cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: September 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: September 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2603285 |
Title: Description of the cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: September 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: September 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2590699 |
Title: Description of the cumulative update package for Communicator 2007 R2: September 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update package for Communicator 2007 R2: September 2011 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2590695 |
Title: Description of the cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: September 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: September 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2555840 |
Title: Microsoft Forefront Threat Management Gateway 2010 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Forefront Threat Management Gateway 2010 Service Pack 2 | ||||
| Applies to: Forefront TMG |
Included Updates: |
|||
| Bulletin ID: 2526310 |
Title: Description of Office Access Runtime and Data Connectivity Components 2007 SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 3 (SP3) provides the latest updates to Microsoft Office Access 2007 Runtime and the Database Connectivity Components driver for the 2007 Microsoft Office system. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2526305 |
Title: Description of Windows SharePoint Services 3.0 SP3 and of Windows SharePoint Services 3.0 Language Pack SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Windows SharePoint Services 3.0 Service Pack 3 (SP3) and Microsoft Windows SharePoint Services 3.0 Language Pack SP3 provide the latest updates to Windows SharePoint Services 3.0 and to Windows SharePoint Services 3.0 Language Pack. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Before you try to install this service pack, visit the following Microsoft website: | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2526302 |
Title: Description of Office Excel Viewer 2007 SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Excel Viewer 2007 Service Pack 3 (SP3) provides the latest updates to Office Excel Viewer 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2526301 |
Title: Description of Office Visio Viewer 2007 SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Visio Viewer 2007 Service Pack 3 (SP3) provides the latest updates to Office Visio Viewer 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2526298 |
Title: Description of PowerPoint Viewer 2007 SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office PowerPoint Viewer 2007 Service Pack 3 (SP3) provides the latest updates to Office PowerPoint Viewer 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, in performance, and in security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2526297 |
Title: Description of Office Compatibility Pack SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Compatibility Pack Service Pack 3 (SP3) provides the latest updates to Office Compatibility Pack. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2526294 |
Title: Description of Calendar Printing Assistant for Office Outlook 2007 SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 3 (SP3) provides the latest updates to Calendar Printing Assistant for Office Outlook 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security.All the public updates, security updates, cumulative updates, and hotfixes that were released through August 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2526086 |
Title: Description of the 2007 Office suite SP3 and of Office Language Pack 2007 SP3 |
Update Type: Service Pack |
Severity: |
|
| Description: The 2007 Microsoft Office suite Service Pack 3 (SP3) and Microsoft Office Language Pack 2007 SP3 provide the latest updates to the 2007 Office suite and to Office Language Pack 2007. These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, in performance, and in security.All the public updates, security updates, cumulative updates, and hotfixes that were released through September 2011.Because Office service packs are cumulative, you do not have to install Service Pack 1 or Service Pack 2 before you install Service Pack 3. Service Pack 3 includes all fixes which were included in Service Pack 1 and Service Pack 2.MORE INFORMATION | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 2182621 |
Title: Microsoft Team Foundation Server 2010 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Team Foundation Server 2010 Service Pack 1 | ||||
| Applies to: Visual Studio 2010 |
Included Updates: |
|||
| Bulletin ID: MS11-058 |
Title: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk. | ||||
| Applies to: Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2510766 |
Title: List of all SharePoint 2010 and Office Server 2010 SP1 packages |
Update Type: Service Pack |
Severity: |
|
| Description: List of all SharePoint 2010 and Office Server 2010 SP1 packages | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2510690 |
Title: List of all Office 2010 SP1 packages |
Update Type: Service Pack |
Severity: |
|
| Description: List of all Office 2010 SP1 packages | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460073 |
Title: Office Web Apps SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Web Apps Service Pack 1 (SP1) provides the latest updates for Office Web Apps. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460056 |
Title: Office Servers 2010 Language Pack SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Servers 2010 Language Pack Service Pack 1 (SP1) provides the latest updates for Office Servers 2010 Language Pack. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460041 |
Title: Office 2010 Filter Pack SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office 2010 Filter Pack Service Pack 1 (SP1) provides the latest updates for Office 2010 Filter Pack. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2602324 |
Title: Description of Update Rollup 5 for Exchange Server 2007 Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 5 for Exchange Server 2007 Service Pack 3 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-082 |
Title: Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet. | ||||
| Applies to: Host Integration Server 2010 Host Integration Server 2009 Host Integration Server 2006 Host Integration Server 2004 |
Included Updates: |
|||
| Bulletin ID: MS11-081 |
Title: Cumulative Security Update for Internet Explorer (2586448) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-080 |
Title: Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: MS11-077 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-074 |
Title: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone. | ||||
| Applies to: Office 2010 Office 2007 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-072 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. | ||||
| Applies to: Office 2010 Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: 2582113 |
Title: Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 5 for Exchange Server 2010 Service Pack 1 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2555251 |
Title: Update Rollup 1 for Windows Small Business Server 2011 Standard is available |
Update Type: Update Rollup |
Severity: |
|
| Description: The following alert notifications do not appear in Windows Small Business Server 2011 Standard:"An error prevented Backup from completing successfully""An error prevented Backup from starting""The server restarted""The server shut down unexpectedly" | ||||
| Applies to: Windows Small Business Server 2011 Standard |
Included Updates: |
|||
| Bulletin ID: 2580221 |
Title: Help and Support |
Update Type: Update Rollup |
Severity: |
|
| Description: Help and Support | ||||
| Applies to: Visual Studio 2010 |
Included Updates: |
|||
| Bulletin ID: 2538719 |
Title: Description of Hotfix Rollup 3 for Microsoft Forefront Protection for Exchange |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Hotfix Rollup 3 for Microsoft Forefront Protection for Exchange | ||||
| Applies to: Forefront Protection Category |
Included Updates: |
|||
| Bulletin ID: MS11-073 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-070 |
Title: Vulnerability in WINS Could Allow Elevation of Privilege (2571621) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS10-035 |
Title: Cumulative Security Update for Internet Explorer (982381) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows 2000 Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows Internet Explorer 8 Dynamic Installer Windows Internet Explorer 7.0 Dynamic Installer |
Included Updates: |
|||
| Bulletin ID: 2587551 |
Title: Introduction to the Microsoft StreamInsight 1.2 release |
Update Type: Service Pack |
Severity: |
|
| Description: Introduction to the Microsoft StreamInsight 1.2 release | ||||
| Applies to: Microsoft StreamInsight V1.0 |
Included Updates: |
|||
| Bulletin ID: 2579150 |
Title: Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2575872 |
Title: Description of the update package for Lync Server 2010, Conferencing Attendant: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update package for Lync Server 2010, Conferencing Attendant: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2575871 |
Title: Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Web Conferencing Server: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2575870 |
Title: Description of the cumulative update for Lync Server 2010, Conferencing Server: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Conferencing Server: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2571547 |
Title: Description of the update package for Lync Server 2010, Web Components Server: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the update package for Lync Server 2010, Web Components Server: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2571546 |
Title: Description of the cumulative update for Lync Server 2010: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2571545 |
Title: Description of the cumulative update for Lync Server 2010, Core Components: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Core Components: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2571543 |
Title: Description of the cumulative update package for Lync 2010: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update package for Lync 2010: July 2011 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2571505 |
Title: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: July 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of the cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: July 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2570791 |
Title: August 2011 cumulative time zone update for Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: August 2011 cumulative time zone update for Windows operating systems | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Vista Windows Embedded Standard 7 Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2568557 |
Title: A DTMF-based IVR application that is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs crashes |
Update Type: Update Rollup |
Severity: |
|
| Description: Consider the following scenario: You deploy a dual tone multi-frequency (DTMF) based Interactive Voice Response (IVR) application. The application is developed by using Microsoft Lync Server 2010, Unified Communications Managed API 3.0 (UCMA3.0) Workflow Speech controls. The application contains a SpeechQuestionAnswerActivity and an associated ConsecutiveNoInputsSpeechEventActivity, ConsecutiveNoRecognitionsSpeechEventActivity, SpeechHelpCommandActivity, or SpeechRepeatCommandActivity. These event or command activities contain a StatementActivity or SpeechQuestionAnswerActivity.A user connects to the application, and then the user starts pressing DTMF digits while a question message plays back.The application stops playing the question message and stays silent, and then the user disconnects.In this scenario, the UCMA 3.0 workflow IVR application crashes. Additionally, you receive the following error message: | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2509911 |
Title: Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Description of Update Rollup 4 for Exchange Server 2007 Service Pack 3 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-069 |
Title: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Vista Windows XP x64 Edition Windows 7 Windows XP |
Included Updates: |
|||
| Bulletin ID: 2562937 |
Title: Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
Update Type: Update Rollup |
Severity: |
|
| Description: Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website: | ||||
| Applies to: Windows Vista Windows Server 2008 R2 Windows 7 Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows XP |
Included Updates: |
|||
| Bulletin ID: MS11-068 |
Title: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2008 Windows Vista Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-066 |
Title: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows XP x64 Edition Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-065 |
Title: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. | ||||
| Applies to: Windows XP Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-064 |
Title: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled. | ||||
| Applies to: Windows 7 Windows Vista Windows Embedded Standard 7 Windows Server 2008 R2 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-063 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-062 |
Title: Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-061 |
Title: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone. | ||||
| Applies to: Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-060 |
Title: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-059 |
Title: Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-057 |
Title: Cumulative Security Update for Internet Explorer (2559049) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: 2571841 |
Title: Expression Web 4 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Expression Web 4 Service Pack 2 | ||||
| Applies to: Expression Web 4 |
Included Updates: |
|||
| Bulletin ID: 2549042 |
Title: Cumulative update package for Communicator 2007 R2: June, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Communicator 2007 R2: June, 2011 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2562466 |
Title: System Center Virtual Machine Manager 2008 R2 SP1 hotfix rollup package: July 12, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 SP1 hotfix rollup package: July 12, 2011 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: 2553006 |
Title: Business Contact Manager for Outlook 2010 SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Business Contact Manager for Outlook 2010 Service Pack 1 (SP1) provides the latest updates for Business Contact Manager for Outlook 2010. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: MS11-056 |
Title: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-055 |
Title: Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-054 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Server 2008 R2 Windows Server 2008 Windows Embedded Standard 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS11-053 |
Title: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability. | ||||
| Applies to: Windows Embedded Standard 7 Windows 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS11-052 |
Title: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS08-069 |
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows Server 2008 Windows 7 Windows XP x64 Edition Windows Server 2008 R2 Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: 2460065 |
Title: Visio 2010 Viewer SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Visio 2010 Viewer Service Pack 1 (SP1) provides the latest updates for Visio 2010 Viewer. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460054 |
Title: SharePoint 2010 Indexing Connector for Documentum SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft SharePoint 2010 Indexing Connector for Documentum Service Pack 1 (SP1) provides the latest updates for SharePoint 2010 Indexing Connector for Documentum. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460050 |
Title: PowerPoint 2010 Viewer SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft PowerPoint 2010 Viewer Service Pack 1 (SP1) provides the latest updates for PowerPoint 2010 Viewer. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460044 |
Title: Office Language Interface Pack 2010 SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Language Interface Pack 2010 Service Pack 1 (SP1) provides the latest updates for Office Language Interface Pack 2010. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460043 |
Title: Office 2010 Language Pack SP1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office 2010 Language Pack Service Pack 1 (SP1) provides the latest updates for Office 2010 Language Pack. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2460011 |
Title: A description of Access Database Engine 2010 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Access Database Engine 2010 Service Pack 1 (SP1) provides the latest updates for Access Database Engine 2010. This service pack includes two main categories of fixes:Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, these fixes include improvements in stability, performance, and in security.All the public updates that were released through June 2011, and all the cumulative updates that were released through April 2011. RESOLUTION | ||||
| Applies to: Office 2010 |
Included Updates: |
|||
| Bulletin ID: 982861 |
Title: Availability of Windows Internet Explorer 9 |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows Internet Explorer 9 is now available. Internet Explorer 9 is the latest version of the familiar web browser that you are most comfortable using. It helps you obtain everything that you want from the web faster, easier, and safer than ever. | ||||
| Applies to: Windows Vista Windows Server 2008 R2 Windows Server 2008 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2463332 |
Title: List of the issues that are fixed in SQL Server 2005 Service Pack 4 |
Update Type: Service Pack |
Severity: |
|
| Description: List of the issues that are fixed in SQL Server 2005 Service Pack 4 | ||||
| Applies to: SQL Server 2005 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2285068 |
Title: List of the bugs that are fixed in SQL Server 2008 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: List of the bugs that are fixed in SQL Server 2008 Service Pack 2 | ||||
| Applies to: SQL Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-051 |
Title: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-050 |
Title: Cumulative Security Update for Internet Explorer (2530548) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows Server 2008 R2 Windows 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS11-048 |
Title: Vulnerability in SMB Server Could Allow Denial of Service (2536275) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability. | ||||
| Applies to: Windows Embedded Standard 7 Windows Server 2008 R2 Windows 7 Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-047 |
Title: Vulnerability in Hyper-V Could Allow Denial of Service (2525835) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-046 |
Title: Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-045 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273. | ||||
| Applies to: Office 2002/XP Office 2010 Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-042 |
Title: Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-041 |
Title: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Vista Windows Embedded Standard 7 Windows Server 2008 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-040 |
Title: Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used. | ||||
| Applies to: TMG Firewall Client |
Included Updates: |
|||
| Bulletin ID: MS11-039 |
Title: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. | ||||
| Applies to: Silverlight Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-038 |
Title: Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-028 |
Title: Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: 976932 |
Title: Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2 |
Update Type: Service Pack |
Severity: |
|
| Description: Service Pack 1 (SP1) for Windows 7 and for Windows Server 2008 R2 is now available. This service pack is an update to Windows 7 and to Windows Server 2008 R2 that addresses customer and partner feedback. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-018 |
Title: Cumulative Security Update for Internet Explorer (2497640) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Server 2008 Windows Vista Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2540951 |
Title: Cumulative update package for Lync 2010: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Lync 2010: April 2011 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2530592 |
Title: Cumulative update for Lync Server 2010, Web Conferencing Server: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync Server 2010, Web Conferencing Server: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2530488 |
Title: Update Rollup 3 for Exchange Server 2007 Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 3 for Exchange Server 2007 Service Pack 3 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 2529939 |
Title: Update Rollup 3 for Exchange Server 2010 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 3 for Exchange Server 2010 Service Pack 1 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2514975 |
Title: Cumulative update for Lync Server 2010, Conferencing Server: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync Server 2010, Conferencing Server: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2502810 |
Title: Cumulative update for Lync Server 2010, Mediation Server: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync Server 2010, Mediation Server: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2500448 |
Title: Cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync Server 2010, Unified Communications Managed API 3.0 Runtime: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2500444 |
Title: Cumulative update for Lync Server 2010, Core Components: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync Server 2010, Core Components: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2500442 |
Title: Cumulative update for Lync Server 2010: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync Server 2010: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2500441 |
Title: Update package for Lync Server 2010, Web Components Server: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update package for Lync Server 2010, Web Components Server: April 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2500438 |
Title: Cumulative update for Lync 2010 Attendee - Administrator level installation: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync 2010 Attendee - Administrator level installation: April 2011 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2496326 |
Title: Cumulative update for Lync 2010 Attendant: April 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Lync 2010 Attendant: April 2011 | ||||
| Applies to: Microsoft Lync 2010 |
Included Updates: |
|||
| Bulletin ID: 2467771 |
Title: Update package for Lync Server 2010, Administrative Tools: January 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update package for Lync Server 2010, Administrative Tools: January 2011 | ||||
| Applies to: Microsoft Lync Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS11-036 |
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. | ||||
| Applies to: Office 2002/XP Office 2003 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-035 |
Title: Vulnerability in WINS Could Allow Remote Code Execution (2524426) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: 2526954 |
Title: Update for Microsoft Silverlight: April 19, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update for Microsoft Silverlight: April 19, 2011 | ||||
| Applies to: Silverlight |
Included Updates: |
|||
| Bulletin ID: 2502324 |
Title: Cumulative update for Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Windows Workflow Activities Redist: March, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Windows Workflow Activities Redist: March, 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2501722 |
Title: Cumulative update package for Communicator 2007 R2: March, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Communicator 2007 R2: March, 2011 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2501721 |
Title: Update package for Communications Server 2007 R2, Web Components: March, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update package for Communications Server 2007 R2, Web Components: March, 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2501720 |
Title: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: March, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: March, 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2501717 |
Title: Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: March, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: March, 2011 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-034 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves thirty privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS11-033 |
Title: Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-032 |
Title: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows Server 2008 Windows Vista Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-031 |
Title: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow remote code execution if a user visited a specially crafted Web site. An attacker would have no way to force users to visit the Web site. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Server 2008 Windows Vista Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS11-030 |
Title: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows DNS resolution. The vulnerability could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the LLMNR ports should be blocked from the Internet. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 R2 Windows Embedded Standard 7 Windows Server 2008 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-029 |
Title: Vulnerability in GDI+ Could Allow Remote Code Execution (2489979) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows GDI+. The vulnerability could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-027 |
Title: Cumulative Security Update of ActiveX Kill Bits (2508272) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows XP x64 Edition Windows XP Windows 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS11-026 |
Title: Vulnerability in MHTML Could Allow Information Disclosure (2503658) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. In a Web-based attack scenario, a Web site could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the Web site and open the specially crafted link. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS11-024 |
Title: Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opened a specially crafted fax cover page file (.cov) using the Windows Fax Cover Page Editor. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Server 2008 Windows Vista Windows Embedded Standard 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-023 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS11-022 |
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves three privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The automated Microsoft Fix it solution for PowerPoint 2010, "Disable Edit in Protected View for PowerPoint 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-0655 and CVE-2011-0656. | ||||
| Applies to: Office 2010 Office 2003 Office 2002/XP Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-021 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves nine privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2010 Office 2007 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS11-020 |
Title: Vulnerability in SMB Server Could Allow Remote Code Execution (2508429) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows Server 2008 Windows Vista Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS11-019 |
Title: Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2519900 |
Title: Expression Web 4 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Expression Web 4 Service Pack 1 | ||||
| Applies to: Expression Web 4 |
Included Updates: |
|||
| Bulletin ID: 2445990 |
Title: Microsoft Application Virtualization 4.6 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Application Virtualization 4.6 Service Pack 1 (App-V 4.6 SP1) is now available. This service pack provides the latest updates to Microsoft Application Virtualization 4.6. Additionally, this service pack includes some improvements and a rollup of hotfixes. | ||||
| Applies to: Microsoft Application Virtualization 4.6 |
Included Updates: |
|||
| Bulletin ID: 2508148 |
Title: Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2 | ||||
| Applies to: Forefront Server Security Category |
Included Updates: |
|||
| Bulletin ID: 2508145 |
Title: Hotfix Rollup 4 for Microsoft Forefront Security for SharePoint Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 4 for Microsoft Forefront Security for SharePoint Service Pack 3 | ||||
| Applies to: Forefront Server Security Category |
Included Updates: |
|||
| Bulletin ID: 2508121 |
Title: Hotfix Rollup 4 for Antigen 9 for Exchange Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 4 for Antigen 9 for Exchange Service Pack 2 | ||||
| Applies to: Antigen for Exchange/SMTP |
Included Updates: |
|||
| Bulletin ID: MS11-017 |
Title: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Vista Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-016 |
Title: Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Groove that could allow remote code execution if a user opens a legitimate Groove-related file that is located in the same network directory as a specially crafted library file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS11-015 |
Title: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so. | ||||
| Applies to: Windows XP Windows Vista Windows XP x64 Edition Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS11-011 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Server 2008 Windows Vista Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: 2250444 |
Title: Hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix rollup package for System Center Data Protection Manager 2010: November 10, 2010 | ||||
| Applies to: Microsoft System Center DPM 2010 |
Included Updates: |
|||
| Bulletin ID: MS10-077 |
Title: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Vista Windows XP x64 Edition Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-070 |
Title: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows Server 2008 Windows 7 Windows XP x64 Edition Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 2492980 |
Title: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 8, 2011 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 8, 2011 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: 2181692 |
Title: Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 1 for Microsoft Forefront Protection for Exchange | ||||
| Applies to: Forefront Protection Category |
Included Updates: |
|||
| Bulletin ID: MS11-014 |
Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS11-013 |
Title: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS11-012 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows XP x64 Edition Windows XP Windows 7 Windows Server 2008 R2 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS11-010 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS11-009 |
Title: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS11-008 |
Title: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS11-006 |
Title: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Windows Shell graphics processor. The vulnerability could allow remote code execution if a user views a specially crafted thumbnail image. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: MS11-005 |
Title: Vulnerability in Active Directory Could Allow Denial of Service (2478953) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sent a specially crafted packet to an affected Active Directory server. The attacker must have valid local administrator privileges on the domain-joined computer in order to exploit this vulnerability. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS11-004 |
Title: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS11-003 |
Title: Cumulative Security Update for Internet Explorer (2482017) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: 2458094 |
Title: Windows Small Business Server 2008 Update Rollup 5 |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows Small Business Server (Windows SBS) 2008 Update Rollup 5 is now available. | ||||
| Applies to: Windows Small Business Server 2008 |
Included Updates: |
|||
| Bulletin ID: 2422053 |
Title: Hotfix Rollup 3 for Forefront Security for SharePoint Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 3 for Forefront Security for SharePoint Service Pack 3 | ||||
| Applies to: Forefront Server Security Category |
Included Updates: |
|||
| Bulletin ID: 2420644 |
Title: Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 3 for Forefront Security for Exchange Service Pack 2 | ||||
| Applies to: Forefront Server Security Category |
Included Updates: |
|||
| Bulletin ID: 2410679 |
Title: Update package for Office Communications Server 2007 R2, Conferencing Announcement Service: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update package for Office Communications Server 2007 R2, Conferencing Announcement Service: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2404588 |
Title: Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2404578 |
Title: Cumulative update for Office Communications Server 2007 R2, Mediation Server: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Mediation Server: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2404575 |
Title: Cumulative update for Office Communications Server 2007 R2, Core Components: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Core Components: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2403680 |
Title: Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2403679 |
Title: Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2400402 |
Title: Cumulative update for Office Communications Server 2007 R2, Administration Tools: September 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Administration Tools: September 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2400375 |
Title: Update package for Communications Server 2007 R2, Web Components: September 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update package for Communications Server 2007 R2, Web Components: September 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2400367 |
Title: Cumulative update package for Office Communications Server 2007 R2, Response Group Service: September 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Office Communications Server 2007 R2, Response Group Service: September 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2302001 |
Title: Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2 | ||||
| Applies to: Antigen for Exchange/SMTP |
Included Updates: |
|||
| Bulletin ID: 2291724 |
Title: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2291453 |
Title: Cumulative update package for Communicator 2007 R2: November 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Communicator 2007 R2: November 2010 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 2452789 |
Title: Introduction to the Microsoft StreamInsight 1.1 release |
Update Type: Service Pack |
Severity: |
|
| Description: Introduction to the Microsoft StreamInsight 1.1 release | ||||
| Applies to: Microsoft StreamInsight V1.0 |
Included Updates: |
|||
| Bulletin ID: MS11-002 |
Title: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Data Access Components. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Embedded Standard 7 Windows Server 2008 R2 Windows Vista Windows 7 Windows XP |
Included Updates: |
|||
| Bulletin ID: MS11-001 |
Title: Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file. | ||||
| Applies to: Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS10-090 |
Title: Cumulative Security Update for Internet Explorer (2416400) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Server 2008 R2 Windows 7 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: 2467659 |
Title: An update is available for Internet Explorer: December 14, 2010 |
Update Type: Security Update |
Severity: |
|
| Description: This update addresses an issue that is introduced by the following Microsoft Knowledge Base article: | ||||
| Applies to: Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Vista |
Included Updates: |
|||
| Bulletin ID: 2443685 |
Title: December 2010 cumulative time zone update for Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: December 2010 cumulative time zone update for Windows operating systems | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Windows Vista Windows Server 2008 Windows Embedded Standard 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: 2425179 |
Title: Update Rollup 2 for Exchange Server 2010 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 2 for Exchange Server 2010 Service Pack 1 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2407113 |
Title: Update Rollup 5 for Microsoft Exchange Server 2010 Release to Manufacturing |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 5 for Microsoft Exchange Server 2010 Release to Manufacturing | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 2407025 |
Title: Update Rollup 2 for Exchange Server 2007 Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 2 for Exchange Server 2007 Service Pack 3 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-106 |
Title: Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-105 |
Title: Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves seven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2010 Office 2007 Office 2002/XP Microsoft Works 9 |
Included Updates: |
|||
| Bulletin ID: MS10-104 |
Title: Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft SharePoint. The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-103 |
Title: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-102 |
Title: Vulnerability in Hyper-V Could Allow Denial of Service (2345316) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-101 |
Title: Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Netlogon RPC Service on affected versions of Windows Server that are configured to serve as domain controllers. The vulnerability could allow denial of service if an attacker sends a specially crafted RPC packet to the Netlogon RPC Service interface on an affected system. An attacker requires administrator privileges on a machine that is joined to the same domain as the affected domain controller in order to exploit this vulnerability. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-100 |
Title: Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Consent User Interface (UI). The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and the SeImpersonatePrivilege and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-099 |
Title: Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update addresses a privately reported vulnerability in the Routing and Remote Access NDProxy component of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-098 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-097 |
Title: Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard of Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-096 |
Title: Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Address Book. The vulnerability could allow remote code execution if a user opens a Windows Address Book file located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-095 |
Title: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file type such as .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-094 |
Title: Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Media Encoder. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Media Profile (.prx) file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS10-093 |
Title: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate Windows Movie Maker file that is located in the same network directory as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. | ||||
| Applies to: Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS10-092 |
Title: Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Task Scheduler. The vulnerability could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-091 |
Title: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in the Windows Open Type Font (OTF) driver that could allow remote code execution. An attacker could host a specially crafted OpenType font on a network share. The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Applies to: Windows 7 Windows Embedded Standard 7 Windows Server 2008 R2 Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Vista Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-086 |
Title: Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster. | ||||
| Applies to: Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-085 |
Title: Vulnerability in SChannel Could Allow Denial of Service (2207566) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected system received a specially crafted packet message via Secure Sockets Layer (SSL). By default, all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not configured to receive SSL network traffic. | ||||
| Applies to: Windows Embedded Standard 7 Windows Vista Windows 7 Windows Server 2008 R2 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS10-083 |
Title: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 Windows Embedded Standard 7 Windows Vista Windows 7 Windows Server 2008 R2 Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-081 |
Title: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Embedded Standard 7 Windows Server 2008 R2 Windows Vista Windows 7 Windows Server 2008 Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-076 |
Title: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 Windows Server 2008 Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-075 |
Title: Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player Network Sharing Service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet. | ||||
| Applies to: Windows 7 Windows Embedded Standard 7 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS10-074 |
Title: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows Embedded Standard 7 Windows 7 Windows Server 2008 R2 Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-073 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Vista Windows 7 Windows Server 2008 R2 Windows Embedded Standard 7 Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: MS10-051 |
Title: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. | ||||
| Applies to: Windows Server 2008 Windows XP Windows Vista Windows XP x64 Edition Windows Embedded Standard 7 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-088 |
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-087 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and five privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-054 |
Title: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows XP x64 Edition Windows XP Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-072 |
Title: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services. The vulnerabilities could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Office 2007 Office 2010 |
Included Updates: |
|||
| Bulletin ID: 2407028 |
Title: Update Rollup 1 for Exchange Server 2010 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 1 for Exchange Server 2010 Service Pack 1 | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS10-084 |
Title: Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-082 |
Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows XP x64 Edition Windows Server 2008 Windows Server 2008 R2 Windows Vista Windows Embedded Standard 7 Windows 7 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-080 |
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2002/XP Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-079 |
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2010 Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-078 |
Title: Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-071 |
Title: Cumulative Security Update for Internet Explorer (2360131) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows 7 Windows Vista Windows XP |
Included Updates: |
|||
| Bulletin ID: MS10-062 |
Title: Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in MPEG-4 codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: 2279665 |
Title: Update Rollup 1 for Exchange Server 2007 Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 1 for Exchange Server 2007 Service Pack 3 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 2158563 |
Title: September 2010 cumulative time zone update for Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: September 2010 cumulative time zone update for Windows operating systems | ||||
| Applies to: Windows 7 Windows XP Windows Embedded Standard 7 Windows Server 2008 R2 Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: 2308590 |
Title: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: September 14, 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: September 14, 2010 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: MS10-069 |
Title: Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-068 |
Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if an authenticated attacker sent specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. In order to successfully exploit this vulnerability, an attacker must have a member account within the target Windows domain. However, the attacker does not need to have a workstation joined to the Windows domain. | ||||
| Applies to: Windows XP Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-067 |
Title: Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-066 |
Title: Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-065 |
Title: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Information Services (IIS). The most severe of these vulnerabilities could allow remote code execution if a client sends a specially crafted HTTP request to the server. An attacker who successfully exploited this vulnerability could take complete control of an affected system. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS10-064 |
Title: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened or previewed a specially crafted e-mail message using an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-063 |
Title: Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Unicode Scripts Processor. The vulnerability could allow remote code execution if a user viewed a specially crafted document or Web page with an application that supports embedded OpenType fonts. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-061 |
Title: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 982114 |
Title: How to obtain Service Pack 2 for Microsoft HPC Pack 2008 |
Update Type: Service Pack |
Severity: |
|
| Description: Service Pack 2 (SP2) for Microsoft HPC Pack 2008 is now available. This service pack improves reliability, performance, and security for Microsoft HPC Pack 2008. | ||||
| Applies to: HPC Pack 2008 |
Included Updates: |
|||
| Bulletin ID: 981324 |
Title: List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1 | ||||
| Applies to: Forefront TMG |
Included Updates: |
|||
| Bulletin ID: 948465 |
Title: Information about Service Pack 2 for Windows Vista and for Windows Server 2008 |
Update Type: Service Pack |
Severity: |
|
| Description: Service Pack 2 (SP2) for Windows Vista and for Windows Server 2008 supports new kinds of hardware and emerging hardware standards. This service pack includes all the updates that have been delivered since Service Pack 1, and it simplifies deployment for consumers, for developers, and for IT professionals. | ||||
| Applies to: Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: 2028888 |
Title: Cumulative update package for Communicator 2007 R2: July 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Communicator 2007 R2: July 2010 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-053 |
Title: Cumulative Security Update for Internet Explorer (2183461) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows Server 2008 Windows XP x64 Edition Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-050 |
Title: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Vista Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-047 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS10-046 |
Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Server 2008 R2 Windows Server 2008 Windows Vista Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-060 |
Title: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario. | ||||
| Applies to: Silverlight Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Server 2008 Windows Vista Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-059 |
Title: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-057 |
Title: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-056 |
Title: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2002/XP Microsoft Works 9 |
Included Updates: |
|||
| Bulletin ID: MS10-055 |
Title: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Vista Windows XP x64 Edition Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-052 |
Title: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-049 |
Title: Vulnerabilities in SChannel could allow Remote Code Execution (980436) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS10-048 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows XP Windows XP x64 Edition Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Embedded Standard 7 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 982639 |
Title: Update Rollup 4 for Microsoft Exchange Server 2010 Release To Manufacturing |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 4 for Microsoft Exchange Server 2010 Release To Manufacturing | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: MS10-045 |
Title: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-044 |
Title: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-043 |
Title: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 Windows Embedded Standard 7 |
Included Updates: |
|||
| Bulletin ID: MS10-042 |
Title: Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: MS10-041 |
Title: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability. | ||||
| Applies to: Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-024 |
Title: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Exchange 2000 Server Windows 2000 Exchange Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-021 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows 7 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-026 |
Title: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-061 |
Title: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability. | ||||
| Applies to: Windows 2000 Windows XP Windows Vista Windows XP x64 Edition Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: 982523 |
Title: System Center Virtual Machine Manager 2008 R2 Admin Console hotfix rollup package: June 8, 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 Admin Console hotfix rollup package: June 8, 2010 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: 982522 |
Title: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: June 8, 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: June 8, 2010 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: 944036 |
Title: Availability of Windows Internet Explorer 8 |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows Internet Explorer 8 is now available. Internet Explorer 8 is the latest version of the familiar Web browser that you are most comfortable using. It helps you obtain everything that you want from the Web faster, easier, and safer than ever. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows XP Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-040 |
Title: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 R2 Windows Vista Windows 7 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS10-039 |
Title: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-038 |
Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2002/XP Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-037 |
Title: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows 7 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: MS10-036 |
Title: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message. | ||||
| Applies to: Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-034 |
Title: Cumulative Security Update of ActiveX Kill Bits (980195) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Server 2008 Windows Vista Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-033 |
Title: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows Server 2008 Windows Vista Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-032 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 981793 |
Title: May 2010 cumulative time zone update for Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: May 2010 cumulative time zone update for Windows operating systems | ||||
| Applies to: Windows Server 2008 Windows Vista Windows 7 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: 980847 |
Title: Microsoft Application Virtualization 4.5 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Application Virtualization 4.5 Service Pack 2 (App-V 4.5 SP2) is now available. This service pack provides the latest updates to Microsoft Application Virtualization 4.5. Because Microsoft Application Virtualization service packs are cumulative, you do not have to install Service Pack 1 before you install Service Pack 2. Service Pack 2 includes all of the fixes that were included in Service Pack 1. Additionally, App-V 4.5 SP2 contains the following improvements. | ||||
| Applies to: Microsoft Application Virtualization 4.5 |
Included Updates: |
|||
| Bulletin ID: 980586 |
Title: Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2 | ||||
| Applies to: Antigen for Exchange/SMTP |
Included Updates: |
|||
| Bulletin ID: 978300 |
Title: Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3 | ||||
| Applies to: Forefront Server Security Category |
Included Updates: |
|||
| Bulletin ID: 978297 |
Title: Hotfix Rollup 1 for Service Pack 2 for Forefront Security for Exchange Server |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 1 for Service Pack 2 for Forefront Security for Exchange Server | ||||
| Applies to: Forefront Server Security Category |
Included Updates: |
|||
| Bulletin ID: MS10-031 |
Title: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-030 |
Title: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: 980408 |
Title: April 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2 is available |
Update Type: Update Rollup |
Severity: |
|
| Description: This update improves the stability and the reliability of Windows 7 and of Windows Server 2008 R2. The update was released in April 2010. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 980372 |
Title: Cumulative update for Office Communications Server 2007 R2, Outside Voice Control: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Outside Voice Control: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 980370 |
Title: Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Conferencing Attendant: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 980096 |
Title: Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Web Conferencing Server: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 979454 |
Title: Windows Small Business Server 2008 Update Rollup 4 |
Update Type: Update Rollup |
Severity: |
|
| Description: You may be unable to rename and to join a computer that is running Windows 7 to your Windows SBS 2008-based domain by using the Windows SBS client Join wizard. | ||||
| Applies to: Windows Small Business Server 2008 |
Included Updates: |
|||
| Bulletin ID: 978564 |
Title: Cumulative update package for Communicator 2007 R2: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Communicator 2007 R2: April 2010 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 977937 |
Title: Cumulative update for Office Communications Server 2007 R2, Mediation Server: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Mediation Server: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 977934 |
Title: Cumulative update package for Office Communications Server 2007 R2, Audio/Video Conferencing Server: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: This article describes the issue that is fixed in the update package for Microsoft Office Communications Server 2007 R2, Audio/Video Conferencing Server that is dated April 2010. | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 977347 |
Title: Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Office Communications Server 2007 R2, Application Sharing Server: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 976657 |
Title: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 975614 |
Title: Cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: April 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update package for Office Communications Server 2007 R2, Communicator Web Access: April 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-025 |
Title: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default. | ||||
| Applies to: Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-019 |
Title: Vulnerabilities in Windows Could Allow Remote Code Execution (981210) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: 981407 |
Title: Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 981401 |
Title: Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing | ||||
| Applies to: Exchange Server 2010 |
Included Updates: |
|||
| Bulletin ID: 981383 |
Title: Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-029 |
Title: Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-028 |
Title: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-027 |
Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-023 |
Title: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2002/XP Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-022 |
Title: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable, however, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating. For more information, see the subsection, Affected and Non-Affected Software, in this section. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 Windows Server 2008 Windows Vista Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-020 |
Title: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: 979784 |
Title: Update Rollup 3 for Exchange Server 2007 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 3 for Exchange Server 2007 Service Pack 2 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 971348 |
Title: List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2 | ||||
| Applies to: System Center Configuration Manager 2007 |
Included Updates: |
|||
| Bulletin ID: MS09-033 |
Title: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Applies to: Virtual Server Virtual PC |
Included Updates: |
|||
| Bulletin ID: MS10-017 |
Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS10-016 |
Title: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Vista Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS10-015 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows XP Windows Vista Windows Server 2008 Windows 7 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: 979306 |
Title: February 2010 cumulative time zone update for Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: February 2010 cumulative time zone update for Windows operating systems | ||||
| Applies to: Windows Server 2008 R2 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 2006634 |
Title: Microsoft Office Accounting 2009 Service Pack 3 for Accounting Professional (MOA) 2009 and for Accounting Express 2009 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Accounting 2009 Service Pack 3 provides the latest updates for the U.S. and U.K. versions of Microsoft Office Accounting Professional 2009 and Microsoft Office Accounting Express 2009. This service pack also includes stability and performance improvements. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 978560 |
Title: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: MS10-014 |
Title: Vulnerability in Kerberos Could Allow Denial of Service (977290) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted. | ||||
| Applies to: Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-013 |
Title: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2008 R2 Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows XP x64 Edition Windows XP Windows Vista Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-012 |
Title: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS10-011 |
Title: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-010 |
Title: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: MS10-009 |
Title: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link. | ||||
| Applies to: Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS10-007 |
Title: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-006 |
Title: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-005 |
Title: Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS10-004 |
Title: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2002/XP Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS10-003 |
Title: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS09-060 |
Title: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 977351 |
Title: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: January 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 977344 |
Title: Cumulative update for Office Communications Server 2007 R2, Administration Tools: January 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Administration Tools: January 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 977343 |
Title: Cumulative update for Office Communications Server 2007 R2, Core Components: January 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Core Components: January 2010 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 977074 |
Title: January 2010 stability and reliability update for Windows 7 and Windows Server 2008 R2 |
Update Type: Update Rollup |
Severity: |
|
| Description: This update improves the stability and the reliability of Windows 7 and of Windows Server 2008 R2. The update was released in January 2010. | ||||
| Applies to: Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 976135 |
Title: Communicator 2007 R2 cumulative update: January 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: Communicator 2007 R2 cumulative update: January 2010 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 975355 |
Title: Hotfix Rollup 1 for Antigen 9.0 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Hotfix Rollup 1 for Antigen 9.0 Service Pack 2 | ||||
| Applies to: Antigen for Exchange/SMTP |
Included Updates: |
|||
| Bulletin ID: 972076 |
Title: Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 2 for Microsoft Exchange Server 2007 Service Pack 2 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS10-002 |
Title: Cumulative Security Update for Internet Explorer (978207) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 979202 |
Title: Update for Silverlight: January 19, 2010 |
Update Type: Update Rollup |
Severity: |
|
| Description: An update is available for Microsoft Silverlight. This update offers a new build that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers. If your computer does not have Silverlight installed, the installer will be offered to you by Microsoft Update or by Windows Server Update Services (WSUS). | ||||
| Applies to: Silverlight |
Included Updates: |
|||
| Bulletin ID: MS10-001 |
Title: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 7 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Server 2008 R2 Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: 975613 |
Title: Cumulative update for Office Communications Server 2007 R2, Core Components: October 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Core Components: October 2009 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 975612 |
Title: Cumulative update for Office Communications Server 2007 R2, Response Group Service: October 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative update for Office Communications Server 2007 R2, Response Group Service: October 2009 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 974007 |
Title: Cumulative Update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: October 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Cumulative Update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: October 2009 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 972884 |
Title: Update for Communicator 2007 R2: Oct 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update for Communicator 2007 R2: Oct 2009 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: MS09-074 |
Title: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS09-073 |
Title: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges. | ||||
| Applies to: Office 2003 Office 2002/XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows 2000 Microsoft Works 8 |
Included Updates: |
|||
| Bulletin ID: MS09-072 |
Title: Cumulative Security Update for Internet Explorer (976325) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section. | ||||
| Applies to: Windows Server 2008 R2 Windows XP Windows 2000 Windows Server 2008 Windows 7 Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS09-071 |
Title: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS09-070 |
Title: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-069 |
Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system. | ||||
| Applies to: Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS08-037 |
Title: Vulnerabilities in DNS Could Allow Spoofing (953230) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. | ||||
| Applies to: Windows 2000 Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: 976594 |
Title: Expression Web 3 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: Expression Web 3 Service Pack 1 | ||||
| Applies to: Expression Web 3 |
Included Updates: |
|||
| Bulletin ID: 976098 |
Title: December 2009 cumulative time zone update for Microsoft Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: December 2009 cumulative time zone update for Microsoft Windows operating systems | ||||
| Applies to: Windows Server 2008 Windows Server 2008 R2 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 |
Included Updates: |
|||
| Bulletin ID: 971534 |
Title: Update Rollup 1 for Exchange Server 2007 Service Pack 2 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 1 for Exchange Server 2007 Service Pack 2 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: MS08-076 |
Title: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows XP x64 Edition Windows Vista |
Included Updates: |
|||
| Bulletin ID: 976244 |
Title: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009 | ||||
| Applies to: Microsoft System Center Virtual Machine Manager 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-068 |
Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2002/XP Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-067 |
Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2002/XP Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-066 |
Title: Vulnerability in Active Directory Could Allow Denial of Service (973309) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (ADÂ LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or ADÂ LDS. | ||||
| Applies to: Windows 2000 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows XP x64 Edition Windows XP |
Included Updates: |
|||
| Bulletin ID: MS09-065 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-064 |
Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. | ||||
| Applies to: Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS09-063 |
Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. | ||||
| Applies to: Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-051 |
Title: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows Server 2008 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-045 |
Title: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS08-070 |
Title: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 971975 |
Title: Microsoft Office Accounting 2009 Service Pack 2 is available for Accounting Professional 2009 and for Accounting Express 2009 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Accounting 2009 Service Pack 2 (SP2) includes the latest updates for the U.S. version and the U.K version of Microsoft Office Accounting Professional 2009 and of Microsoft Office Accounting Express 2009. This service pack includes stability and performance improvements. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS09-043 |
Title: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2003 Office 2007 Office 2002/XP Internet Security and Acceleration Server 2006 Internet Security and Acceleration Server 2004 BizTalk Server 2002 |
Included Updates: |
|||
| Bulletin ID: 951847 |
Title: List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1 |
Update Type: Service Pack |
Severity: |
|
| Description: List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1 | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Internet Explorer 7.0 Dynamic Installer |
Included Updates: |
|||
| Bulletin ID: MS09-062 |
Title: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Visual Studio 2008 Office 2002/XP Office 2007 Office 2003 Visual Studio 2005 Windows 2000 Report Viewer 2008 Report Viewer 2005 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Forefront Client Security Microsoft Works 8 SQL Server 2005 SQL Server 2000 |
Included Updates: |
|||
| Bulletin ID: 974431 |
Title: October 2009 stability and reliability update for Windows 7 and Windows Server 2008 R2 |
Update Type: Update Rollup |
Severity: |
|
| Description: This update improves the stability and reliability of Windows 7 and of Windows Server 2008 R2. The update was released in October 2009. | ||||
| Applies to: Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 955706 |
Title: List of the bugs that are fixed in SQL Server 2005 Service Pack 3 |
Update Type: Service Pack |
Severity: |
|
| Description: List of the bugs that are fixed in SQL Server 2005 Service Pack 3 | ||||
| Applies to: SQL Server 2005 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-059 |
Title: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS09-058 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. | ||||
| Applies to: Windows Server 2008 Windows Vista Windows 2000 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-057 |
Title: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-056 |
Title: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 7 |
Included Updates: |
|||
| Bulletin ID: MS09-054 |
Title: Cumulative Security Update for Internet Explorer (974455) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability – CVE-2009-2529. | ||||
| Applies to: Windows 2000 Windows Server 2008 R2 Windows 7 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-053 |
Title: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0. | ||||
| Applies to: Windows 2000 Windows XP x64 Edition Windows XP Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-052 |
Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS09-050 |
Title: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-024 |
Title: Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Works 9 Microsoft Works 8 Works 6-9 Converter Office 2007 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: MS08-055 |
Title: Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 Office 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-047 |
Title: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP Windows 2000 Windows Vista Windows Server 2008 Windows XP x64 Edition |
Included Updates: |
|||
| Bulletin ID: MS09-049 |
Title: Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability. | ||||
| Applies to: Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-048 |
Title: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. | ||||
| Applies to: Windows Vista Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-046 |
Title: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows 2000 Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-044 |
Title: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows XP x64 Edition Windows 2000 Windows XP Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-037 |
Title: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP Windows Vista Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-035 |
Title: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) |
Update Type: Security Update |
Severity: Moderate |
|
| Description: This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin. | ||||
| Applies to: Visual Studio 2008 Visual Studio 2005 |
Included Updates: |
|||
| Bulletin ID: MS09-034 |
Title: Cumulative Security Update for Internet Explorer (972260) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows 2000 Windows XP x64 Edition Windows Vista Windows XP |
Included Updates: |
|||
| Bulletin ID: 972455 |
Title: Windows Server Update Services 3.0 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Windows Server Update Services 3.0 Service Pack 2 | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 |
Included Updates: |
|||
| Bulletin ID: 970653 |
Title: August 2009 cumulative time zone update for Microsoft Windows operating systems |
Update Type: Update Rollup |
Severity: |
|
| Description: August 2009 cumulative time zone update for Microsoft Windows operating systems | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: 969121 |
Title: Windows Small Business Server 2008 Update Rollup 3 |
Update Type: Update Rollup |
Severity: |
|
| Description: Windows Small Business Server (Windows SBS) 2008 Update Rollup 3 is now available. | ||||
| Applies to: Windows Small Business Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-036 |
Title: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability. | ||||
| Applies to: Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: MS09-029 |
Title: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Server 2008 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-042 |
Title: Vulnerability in Telnet Could Allow Remote Code Execution (960859) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows 2000 Windows Vista Windows Server 2008 Windows XP Windows XP x64 Edition Windows Server 2003, Datacenter Edition Windows Server 2003 |
Included Updates: |
|||
| Bulletin ID: MS09-041 |
Title: Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. | ||||
| Applies to: Windows XP Windows XP x64 Edition Windows Server 2008 Windows Server 2003, Datacenter Edition Windows Server 2003 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-040 |
Title: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Vista |
Included Updates: |
|||
| Bulletin ID: MS09-039 |
Title: Vulnerabilities in WINS Could Allow Remote Code Execution (969883) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue. | ||||
| Applies to: Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS09-038 |
Title: Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 Windows Vista Windows Server 2008 |
Included Updates: |
|||
| Bulletin ID: 972008 |
Title: How to obtain the latest Service Pack for Microsoft HPC Pack 2008 |
Update Type: Service Pack |
Severity: |
|
| Description: Service Pack 1 (SP1) for Microsoft HPC Pack 2008 is now available. This service pack provides improved reliability, performance, and security for Microsoft HPC Pack 2008. | ||||
| Applies to: HPC Pack 2008 |
Included Updates: |
|||
| Bulletin ID: 970162 |
Title: Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1 | ||||
| Applies to: Exchange Server 2007 |
Included Updates: |
|||
| Bulletin ID: 969695 |
Title: Update for Communicator 2007 R2: July 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update for Communicator 2007 R2: July 2009 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 953334 |
Title: 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: The 2007 Microsoft Office servers Service Pack 2 (SP2) package gives customers the latest updates to the 2007 Office server products. This service pack includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to providing general product fixes, SP2 includes improvements in stability, in performance, and in security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. Note Some server products in this service pack install over Windows SharePoint Services. These server products require Windows SharePoint Services 3.0 Service Pack 2. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS09-031 |
Title: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation. | ||||
| Applies to: Internet Security and Acceleration Server 2006 |
Included Updates: |
|||
| Bulletin ID: MS09-030 |
Title: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) |
Update Type: Security Update |
Severity: Important |
|
| Description: This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: MS09-028 |
Title: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Windows XP x64 Edition Windows XP Windows Server 2003, Datacenter Edition Windows Server 2003 Windows 2000 |
Included Updates: |
|||
| Bulletin ID: MS09-027 |
Title: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) |
Update Type: Security Update |
Severity: Critical |
|
| Description: This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Applies to: Office 2007 Office 2003 Office 2002/XP |
Included Updates: |
|||
| Bulletin ID: 967831 |
Title: Update package for Communications Server 2007 R2: April 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Update package for Communications Server 2007 R2: April 2009 | ||||
| Applies to: Office Communications Server 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 972042 |
Title: Communicator 2007 R2 hotfix rollup package: June 2009 |
Update Type: Update Rollup |
Severity: |
|
| Description: Communicator 2007 R2 hotfix rollup package: June 2009 | ||||
| Applies to: Office Communicator 2007 R2 |
Included Updates: |
|||
| Bulletin ID: 957262 |
Title: Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 2 (SP2) |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Access Runtime and Data Connectivity Components 2007 Service Pack 2 (SP2) provides the latest updates to the following products: Microsoft Office Access 2007 RuntimeThe Database Connectivity Components driver for the 2007 Microsoft Office system These updates include two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, in performance, and in security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 953336 |
Title: Excel Viewer 2007 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office Excel Viewer 2007 Service Pack 2 (SP2) gives customers the latest updates to the Excel Viewer 2007. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 953335 |
Title: Visio Viewer 2007 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: The Microsoft Office Visio Viewer 2007 Service Pack 2 (SP2) gives customers the latest updates to the Visio Viewer 2007. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||
| Bulletin ID: 953332 |
Title: PowerPoint Viewer 2007 Service Pack 2 |
Update Type: Service Pack |
Severity: |
|
| Description: Microsoft Office PowerPoint Viewer 2007 Service Pack 2 (SP2) gives customers the latest updates to the PowerPoint Viewer 2007. This update includes two main categories of fixes: Previously unreleased fixes that were made specifically for this service pack. In addition to general product fixes, this includes improvements in stability, performance, and security. All the public updates, security updates, cumulative updates, and hotfixes that were released through February 2009. | ||||
| Applies to: Office 2007 |
Included Updates: |
|||