|
| Bulletin ID |
Title |
| MS09-068 |
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) |
| MS09-067 |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) |
| MS09-066 |
Vulnerability in Active Directory Could Allow Denial of Service (973309) |
| MS09-065 |
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) |
| MS09-064 |
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) |
| MS09-063 |
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) |
| 971975 |
Microsoft Office Accounting 2009 Service Pack 2 is available for Accounting Professional 2009 and for Accounting Express 2009 |
| MS09-062 |
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) |
| MS09-061 |
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) |
| MS09-060 |
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) |
| MS09-059 |
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) |
| MS09-058 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) |
| MS09-057 |
Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) |
| MS09-056 |
Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) |
| MS09-055 |
Cumulative Security Update of ActiveX Kill Bits (973525) |
| MS09-054 |
Cumulative Security Update for Internet Explorer (974455) |
| MS09-053 |
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) |
| MS09-052 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) |
| MS09-051 |
Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) |
| MS09-050 |
Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) |
| 974431 |
Update to improve the stability and reliability of Windows 7 and Windows Server 2008 R2 |
| MS09-049 |
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) |
| MS09-048 |
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) |
| MS09-047 |
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) |
| MS09-046 |
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) |
| MS09-045 |
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) |
| 974331 |
Update for Silverlight: August 27, 2009 |
| 972455 |
Windows Server Update Services 3.0 Service Pack 2 |
| 972036 |
August 2009 Windows Vista and Windows Server 2008 Application Compatibility Update |
| 970653 |
August 2009 cumulative time zone update for Microsoft Windows operating systems |
| 970363 |
Microsoft Silverlight 3 |
| 970162 |
Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1 |
| 969898 |
Update Rollup for ActiveX Kill Bits |
| 969121 |
Windows Small Business Server 2008 Update Rollup 3 |
| 968012 |
Update Rollup 8 for Exchange Server 2007 Service Pack 1 |
| 961448 |
Update Rollup 1 for Windows Essential Business Server 2008 |
| 944036 |
Windows Internet Explorer 8 |
| MS09-044 |
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) |
| MS09-043 |
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) |
| MS09-042 |
Vulnerability in Telnet Could Allow Remote Code Execution (960859) |
| MS09-041 |
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) |
| MS09-040 |
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) |
| MS09-039 |
Vulnerabilities in WINS Could Allow Remote Code Execution (969883) |
| MS09-038 |
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) |
| MS09-037 |
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) |
| MS09-036 |
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) |
| MS09-035 |
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) |
| MS09-034 |
Cumulative Security Update for Internet Explorer (972260) |
| MS09-033 |
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) |
| MS09-032 |
Cumulative Security Update of ActiveX Kill Bits (973346) |
| MS09-031 |
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) |
| MS09-030 |
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) |
| MS09-029 |
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
| MS09-028 |
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
| MS09-027 |
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) |
| MS09-026 |
Vulnerability in RPC Could Allow Elevation of Privilege (970238) |
| MS09-025 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) |
| MS09-024 |
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) |
| MS09-023 |
Vulnerability in Windows Search Could Allow Information Disclosure (963093) |
| MS09-022 |
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
| MS09-021 |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) |
| MS09-020 |
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) |
| MS09-019 |
Cumulative Security Update for Internet Explorer (969897) |
| MS09-018 |
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
| 948465 |
Windows Vista SP2 and Windows Server 2008 SP2 |
| MS09-017 |
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) |
| 968369 |
SQL Server 2008 Service Pack 1 |
| 960911 |
Windows Small Business Server 2008 Update Rollup 2 |
| 957324 |
Office 2007 Service Pack 2 - Business Contact Manager |
| 957262 |
Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components |
| 953338 |
Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2) |
| 953336 |
Excel Viewer 2007 Service Pack 2 |
| 953335 |
Visio Viewer 2007 Service Pack 2 |
| 953334 |
Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2 |
| 953332 |
PowerPoint Viewer 2007 Service Pack 2 |
| 953331 |
Office Compatibility Pack Service Pack 2 |
| 953329 |
Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
| 953195 |
Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2 |
| MS09-016 |
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) |
| MS09-015 |
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
| MS09-014 |
Cumulative Security Update for Internet Explorer (963027) |
| MS09-013 |
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
| MS09-012 |
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
| MS09-011 |
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) |
| MS09-010 |
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
| MS09-009 |
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) |
| 960384 |
Update Rollup for Exchange Server 2007 Service Pack 1 |
| MS09-008 |
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) |
| MS09-007 |
Vulnerability in SChannel Could Allow Spoofing (960225) |
| MS09-006 |
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
| 960353 |
Update for Microsoft Silverlight, February 18, 2009 |
| 959057 |
Microsoft Office Accounting 2009 Service Pack 1 |
| MS09-005 |
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) |
| MS09-004 |
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) |
| MS09-003 |
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) |
| MS09-002 |
Cumulative Security Update for Internet Explorer (961260) |
| 960715 |
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
| 958715 |
Windows Small Business Server 2008 Update Rollup 1 |
| 955706 |
SQL Server 2005 Service Pack 3 |
| 951847 |
.NET Framework 3.5 Service Pack 1 |
| MS09-001 |
Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
| MS08-078 |
Security Update for Internet Explorer (960714) |
| MS08-077 |
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
| MS08-076 |
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
| MS08-075 |
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
| MS08-074 |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
| MS08-073 |
Cumulative Security Update for Internet Explorer (958215) |
| MS08-072 |
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
| MS08-071 |
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
| MS08-070 |
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
| 957388 |
December 2008 Windows Vista and Windows Server 2008 Application Compatibility Update |
| 955839 |
December 2008 cumulative time zone update for Microsoft Windows operating systems |
| 953467 |
Update Rollup 5 for Exchange Server 2007 Service Pack 1
|
| MS08-069 |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
| MS08-068 |
Vulnerability in SMB Could Allow Remote Code Execution (957097) |
| MS08-067 |
Vulnerability in Server Service Could Allow Remote Code Execution (958644) |
| 957938 |
Update for Silverlight: October 20, 2008 |
| MS08-066 |
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) |
| MS08-065 |
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) |
| MS08-064 |
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) |
| MS08-063 |
Vulnerability in SMB Could Allow Remote Code Execution (957095) |
| MS08-062 |
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) |
| MS08-061 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) |
| MS08-060 |
Vulnerability in Active Directory Could Allow Remote Code Execution (957280) |
| MS08-059 |
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
| MS08-058 |
Cumulative Security Update for Internet Explorer (956390) |
| MS08-057 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) |
| MS08-056 |
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) |
| 956391 |
Cumulative Security Update of ActiveX Kill Bits |
| MS08-055 |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
| MS08-054 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) |
| MS08-053 |
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) |
| MS08-052 |
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) |
| 955305 |
Update for Silverlight 1.0: July 23, 2008 |
| 951951 |
Forefront Client Security Service Pack 1 |
| MS08-051 |
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
| MS08-050 |
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
| MS08-049 |
Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
| MS08-048 |
Security Update for Outlook Express and Windows Mail (951066) |
| MS08-047 |
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
| MS08-046 |
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) |
| MS08-045 |
Cumulative Security Update for Internet Explorer (953838) |
| MS08-044 |
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
| MS08-043 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) |
| MS08-042 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) |
| MS08-041 |
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) |
| 951072 |
August 2008 cumulative time zone update for Microsoft Windows operating systems |
| 943462 |
Internet Security and Acceleration Server 2006 Service Pack 1 |
| MS08-040 |
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) |
| MS08-039 |
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) |
| MS08-038 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) |
| MS08-037 |
Vulnerabilities in DNS Could Allow Spoofing (953230) |
| 953649 |
System Center Configuration Manager Service Pack 1 |
| MS08-036 |
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
| MS08-035 |
Vulnerability in Active Directory Could Allow Denial of Service (953235) |
| MS08-034 |
Vulnerability in WINS Could Allow Elevation of Privilege (948745) |
| MS08-033 |
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) |
| MS08-032 |
Cumulative Security Update of ActiveX Kill Bits (950760) |
| MS08-031 |
Cumulative Security Update for Internet Explorer (950759) |
| MS08-030 |
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) |
| 951532 |
Description of the Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008 |
| 951213 |
Description of the update for Silverlight 1.0: April 4, 2008 |
| MS08-028 |
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) |
| MS08-027 |
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) |
| MS08-026 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) |
| 948016 |
Description of Update Rollup 2 for Exchange Server 2007 Service Pack 1 |
| 936929 |
Windows XP Service Pack 3 |
| 949426 |
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008 |
| 936330 |
Windows Vista Service Pack 1 (SP1) |
| MS08-025 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
| MS08-024 |
Cumulative Security Update for Internet Explorer (947864) |
| MS08-023 |
Security Update of ActiveX Kill Bits (948881) |
| MS08-022 |
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) |
| MS08-021 |
Vulnerabilities in GDI Could Allow Remote Code Execution (948590) |
| MS08-020 |
Vulnerability in DNS Client Could Allow Spoofing (945553) |
| MS08-019 |
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) |
| MS08-018 |
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) |
| 948014 |
Windows Server Update Services 3.0 Service Pack 1 |
| MS08-017 |
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) |
| MS08-016 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) |
| MS08-015 |
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) |
| MS08-014 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) |
| 946140 |
Update for Business Contact Manager for Outlook 2007: February 12, 2008 |
| 945684 |
Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1 |
| 942846 |
Update Rollup 6 for Exchange Server 2007 |
| 941834 |
Microsoft Expression Media Service Pack 1 |
| MS08-013 |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) |
| MS08-012 |
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) |
| MS08-011 |
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) |
| MS08-010 |
Cumulative Security Update for Internet Explorer (944533) |
| MS08-009 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) |
| MS08-008 |
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) |
| MS08-007 |
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) |
| MS08-006 |
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) |
| MS08-005 |
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) |
| MS08-004 |
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) |
| MS08-003 |
Vulnerability in Active Directory Could Allow Denial of Service (946538) |
| 940767 |
Windows Internet Explorer 7 Installation and Availability Update |
| 110806 |
Microsoft .NET Framework 2.0 Service Pack 1 |
| MS08-002 |
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
| MS08-001 |
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) |
| 941652 |
Business Contact Manager for Outlook 2007 Service Pack 1 |
| 940289 |
Office Compatibility Pack Service Pack 1 |
| 937961 |
Office 2003 Web Components Service Pack 1 for the 2007 Office system |
| 937160 |
Visio Viewer 2007 Service Pack 1 |
| 937158 |
PowerPoint Viewer 2007 Service Pack 1 |
| 937157 |
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1 |
| 936988 |
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1 |
| 936984 |
Microsoft Office 2007 servers Service Pack 1 and Microsoft Office 2007 servers Language Pack Service Pack 1 |
| 936982 |
Microsoft Office 2007 suite Service Pack 1 |
| MS07-069 |
Cumulative Security Update for Internet Explorer (942615) |
| MS07-068 |
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) |
| MS07-067 |
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
| MS07-066 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) |
| MS07-065 |
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
| MS07-064 |
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
| MS07-063 |
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) |
| 942840 |
You may experience slow Web browser performance when you view a Web page that uses JScript in Internet Explorer on a Windows Server 2003-based computer or on a Windows XP-based computer |
| 942763 |
December 2007 cumulative time zone update for Microsoft Windows operating systems |
| 929300 |
Microsoft .NET Framework Service Pack 1 for versions 3.0, 2.0, and 1.1 |
| MS07-062 |
Vulnerability in DNS Could Allow Spoofing (941672) |
| MS07-061 |
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
| 941421 |
Update Rollup 5 for Exchange 2007 |
| MS07-060 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) |
| MS07-059 |
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) |
| MS07-058 |
Vulnerability in RPC Could Allow Denial of Service (933729) |
| MS07-057 |
Cumulative Security Update for Internet Explorer (939653) |
| MS07-056 |
Security Update for Outlook Express and Windows Mail (941202) |
| MS07-055 |
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) |
| 940006 |
Update Rollup 4 for Exchange 2007 |
| 935999 |
Update Rollup 3 for Exchange 2007 |
| 934737 |
Excel Viewer 2003 Service Pack 3 |
| 934736 |
Word Viewer 2003 Service Pack 3 |
| 933867 |
Microsoft Systems Management Server 2003 Service Pack 3 |
| 933360 |
August 2007 cumulative time zone update for Microsoft Windows operating systems |
| 923648 |
Outlook Live 2003 Service Pack 3 |
| 923643 |
Windows SharePoint Services Service Pack 3 |
| 923642 |
Office 2003 Service Pack 3 for Proofing Tools |
| 923633 |
OneNote 2003 Service Pack 3 |
| 923622 |
Project 2003 Service Pack 3 |
| 923620 |
Visio 2003 Service Pack 3 |
| 923618 |
Office 2003 Service Pack 3 |
| MS07-053 |
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) |
| MS07-052 |
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) |
| MS07-051 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) |
| MS07-050 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
| MS07-049 |
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
| MS07-048 |
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
| MS07-047 |
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) |
| MS07-046 |
Vulnerability in GDI Could Allow Remote Code Execution (938829) |
| MS07-045 |
Cumulative Security Update for Internet Explorer (937143) |
| MS07-044 |
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) |
| MS07-043 |
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) |
| MS07-042 |
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
| MS07-041 |
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
| MS07-040 |
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) |
| MS07-039 |
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
| MS07-038 |
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
| MS07-037 |
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) |
| MS07-036 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
| MS07-035 |
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) |
| MS07-034 |
Cumulative Security Update for Outlook Express and Windows Mail (929123) |
| MS07-033 |
Cumulative Security Update for Internet Explorer (933566) |
| MS07-032 |
Vulnerability in Windows Vista Could Allow Information Disclosure (931213) |
| MS07-031 |
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
| MS07-030 |
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
| MS07-029 |
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
| MS07-028 |
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
| MS07-027 |
Cumulative Security Update for Internet Explorer (931768) |
| MS07-026 |
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) |
| MS07-025 |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) |
| MS07-024 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
| MS07-023 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) |
| 933669 |
Update for PowerPoint 2003: May 8, 2007 |
| 924406 |
Microsoft Internet Security and Acceleration Server 2004 Service Pack 3 |
| MS07-022 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
| MS07-021 |
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
| MS07-020 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
| MS07-019 |
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
| MS07-018 |
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) |
| 932726 |
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007. |
| MS07-017 |
Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
| 923435 |
Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003 |
| 914961 |
Windows Server 2003 Service Pack 2 |
| 921896 |
SQL Server 2005 Service Pack 2 |
| MS07-016 |
Cumulative Security Update for Internet Explorer (928090) |
| MS07-015 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
| MS07-014 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
| MS07-013 |
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
| MS07-012 |
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
| MS07-011 |
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
| MS07-009 |
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) |
| MS07-008 |
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
| MS07-007 |
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
| MS07-006 |
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
| MS07-005 |
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) |
| 931836 |
February 2007 cumulative time zone update for Microsoft Windows operating systems |
| 929060 |
Update for PowerPoint 2003: February 13, 2007 |
| 929058 |
Update for Excel 2003: February 13, 2007 |
| 928957 |
Visual Studio 2005 Service Pack 1 release notes |
| MS07-004 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
| MS07-003 |
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
| MS07-002 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) |
| MS07-001 |
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) |
| 924886 |
Update for Office 2003: December 12, 2006 |
| MS06-078 |
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) |
| MS06-077 |
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
| MS06-076 |
Cumulative Security Update for Outlook Express (923694) |
| MS06-075 |
Vulnerability in Windows Could Allow Elevation of Privilege (926255) |
| MS06-074 |
Vulnerability in SNMP Could Allow Remote Code Execution (926247) |
| MS06-073 |
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) |
| MS06-072 |
Cumulative Security Update for Internet Explorer (925454) |
| 899738 |
Systems Management Server 2003 Service Pack 2 |
| 917275 |
Windows Rights Management Services with Service Pack 2 |
| MS06-071 |
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) |
| MS06-070 |
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) |
| MS06-069 |
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) |
| MS06-068 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) |
| MS06-067 |
Cumulative Security Update for Internet Explorer (922760) |
| MS06-066 |
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) |
| 926874 |
Windows Internet Explorer 7 |
| MS06-065 |
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496) |
| MS06-064 |
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) |
| MS06-063 |
Vulnerability in Server Service Could Allow Denial of Service (923414) |
| MS06-062 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) |
| MS06-061 |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
| MS06-060 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) |
| MS06-059 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) |
| MS06-058 |
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) |
| MS06-057 |
Vulnerability in Windows Explorer Could Allow Remote Execution (923191) |
| MS06-056 |
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) |
| MS06-055 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) |
| MS06-054 |
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) |
| MS06-053 |
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) |
| MS06-052 |
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) |
| MS06-051 |
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) |
| MS06-050 |
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) |
| MS06-049 |
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) |
| MS06-048 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) |
| MS06-047 |
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) |
| MS06-046 |
Vulnerability in HTML Help Could Allow Remote Code Execution (922616) |
| MS06-045 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) |
| MS06-044 |
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) |
| MS06-043 |
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) |
| MS06-042 |
Cumulative Security Update for Internet Explorer (918899) |
| MS06-041 |
Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) |
| MS06-040 |
Vulnerability in Server Service Could Allow Remote Code Execution (921883) |
| 920115 |
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
| MS06-039 |
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) |
| MS06-038 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) |
| MS06-037 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285) |
| MS06-036 |
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) |
| MS06-035 |
Vulnerability in Server Service Could Allow Remote Code Execution (917159) |
| MS06-034 |
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) |
| MS06-033 |
Vulnerability in ASP.NET Could Allow Information Disclosure (917283) |
| MS06-032 |
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) |
| MS06-031 |
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736) |
| MS06-030 |
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) |
| MS06-029 |
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) |
| MS06-028 |
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) |
| MS06-027 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) |
| MS06-025 |
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) |
| MS06-024 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) |
| MS06-023 |
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) |
| MS06-022 |
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) |
| MS06-021 |
Cumulative Security Update for Internet Explorer (916281) |
| MS06-020 |
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) |
| MS06-019 |
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) |
| MS06-018 |
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) |
| MS06-017 |
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627) |
| MS06-016 |
Cumulative Security Update for Outlook Express (911567) |
| MS06-015 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
| MS06-014 |
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
| MS06-013 |
Cumulative Security Update for Internet Explorer (912812) |
| MS06-012 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
| MS06-011 |
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) |
| MS06-009 |
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) |
| MS06-008 |
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) |
| MS06-007 |
Vulnerability in TCP/IP Could Allow Denial of Service (913446) |
| MS06-006 |
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) |
| MS06-005 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) |
| MS06-004 |
Cumulative Security Update for Internet Explorer (910620) |
| MS06-003 |
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) |
| MS06-002 |
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) |
| MS06-001 |
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) |
| MS05-055 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) |
| MS05-054 |
Cumulative Security Update for Internet Explorer (905915) |
| MS05-053 |
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) |
| MS05-052 |
Cumulative Security Update for Internet Explorer (896688) |
| MS05-051 |
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
| MS05-050 |
Vulnerability in DirectShow Could Allow Remote Code Execution (904706) |
| MS05-049 |
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) |
| MS05-048 |
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) |
| MS05-047 |
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) |
| MS05-046 |
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) |
| MS05-045 |
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) |
| MS05-044 |
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) |
| MS05-043 |
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) |
| MS05-042 |
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) |
| MS05-041 |
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) |
| MS05-040 |
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) |
| MS05-039 |
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) |
| MS05-038 |
Cumulative Security Update for Internet Explorer (896727) |
| MS05-037 |
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) |
| MS05-036 |
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
| MS05-035 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) |
| MS05-033 |
Vulnerability in Telnet Client Could Allow Information Disclosure (896428) |
| MS05-032 |
Vulnerability in Microsoft Agent Could Allow Spoofing (890046) |
| MS05-031 |
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) |
| MS05-030 |
Vulnerability in Outlook Express Could Allow Remote Code Execution (897715) |
| MS05-028 |
Vulnerability in Web Client Service Could Allow Remote Code Execution (896426) |
| MS05-027 |
Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) |
| MS05-026 |
Vulnerability in HTML Help Could Allow Remote Code Execution (896358) |
| MS05-025 |
Cumulative Security Update for Internet Explorer (883939) |
| MS05-024 |
Vulnerability in Web View Could Allow Remote Code Execution (894320) |
| MS05-023 |
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) |
| MS05-021 |
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) |
| MS05-020 |
Cumulative Security Update for Internet Explorer (890923) |
| MS05-019 |
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) |
| MS05-018 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) |
| MS05-017 |
Vulnerability in Message Queuing Could Allow Code Execution (892944) |
| MS05-016 |
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) |
| MS05-015 |
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) |
| MS05-014 |
Cumulative Security Update for Internet Explorer (867282) |
| MS05-013 |
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
| MS05-012 |
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
| MS05-011 |
Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) |
| MS05-010 |
Vulnerability in the License Logging Service Could Allow Code Execution (885834) |
| MS05-009 |
Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
| MS05-008 |
Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) |
| MS05-007 |
Vulnerability in Windows Could Allow Information Disclosure (888302) |
| MS05-006 |
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) |
| MS05-005 |
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
| MS05-004 |
ASP.NET Path Validation Vulnerability (887219) |
| MS05-003 |
Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250) |
| MS05-002 |
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) |
| MS05-001 |
Vulnerability in HTML Help Could Allow Code Execution (890175) |
| MS04-045 |
Vulnerability in WINS Could Allow Remote Code Execution (870763) |
| MS04-044 |
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) |
| MS04-043 |
Vulnerability in HyperTerminal Could Allow Code Execution (873339) |
| MS04-041 |
Vulnerability in WordPad Could Allow Code Execution (885836) |
| MS04-040 |
Cumulative Security Update for Internet Explorer (889293) |
| MS04-038 |
Cumulative Security Update for Internet Explorer (834707) |
| MS04-037 |
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) |
| MS04-036 |
Vulnerability in NNTP Could Allow Remote Code Execution (883935) |
| MS04-035 |
Vulnerability in SMTP Could Allow Remote Code Execution (885881) |
| MS04-034 |
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) |
| MS04-032 |
Security Update for Microsoft Windows (840987) |
| MS04-031 |
Vulnerability in NetDDE Could Allow Remote Code Execution (841533) |
| MS04-030 |
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) |
| MS04-028 |
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) |
| MS04-027 |
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) |
| MS04-025 |
Cumulative Security Update for Internet Explorer (867801) |
| MS04-024 |
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) |
| MS04-023 |
Vulnerability in HTML Help Could Allow Code Execution (840315) |
| MS04-022 |
Vulnerability in Task Scheduler Could Allow Code Execution (841873) |
| MS04-020 |
Vulnerability in POSIX Could Allow Code Execution (841872) |
| MS04-019 |
Vulnerability in Utility Manager Could Allow Code Execution (842526) |
| MS04-018 |
Cumulative Security Update for Outlook Express (823353) |
| MS04-016 |
Vulnerability in DirectPlay Could Allow Denial of Service (839643) |
| MS04-015 |
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) |
| MS04-014 |
Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) |
| MS04-013 |
Cumulative Security Update for Outlook Express (837009) |
| MS04-012 |
Cumulative Update for Microsoft RPC/DCOM (828741) |
| MS04-011 |
Security Update for Microsoft Windows (835732) |
| MS04-008 |
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) |
| MS04-007 |
ASN.1 Vulnerability Could Allow Code Execution (828028) |
| MS04-006 |
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
|
| MS04-004 |
Cumulative Security Update for Internet Explorer (832894) |
| MS04-003 |
Buffer Overrun in MDAC Function Could Allow Code Execution (832483) |
| MS03-051 |
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) |
| MS03-049 |
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749) |
| MS03-048 |
Cumulative Security Update for Internet Explorer (824145) |
| MS03-045 |
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141) |
| MS03-044 |
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119) |
| MS03-043 |
Buffer Overrun in Messenger Service Could Allow Code Execution (828035) |
| MS03-042 |
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232) |
| MS03-041 |
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) |
| MS03-040 |
Cumulative Patch for Internet Explorer (828750) |
| MS03-039 |
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) |
| MS03-034 |
Flaw in NetBIOS Could Lead to Information Disclosure (824105) |
| MS03-033 |
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718) |
| MS03-031 |
Cumulative Patch for Microsoft SQL Server (815495) |
| MS03-030 |
Unchecked Buffer in DirectX Could Enable System Compromise (819696) |
| MS03-027 |
Unchecked Buffer in Windows Shell Could Enable System Compromise (821557) |
| MS03-026 |
Buffer Overrun In RPC Interface Could Allow Code Execution (823980) |
| MS03-025 |
Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679) |
| MS03-024 |
Buffer Overrun in Windows Could Lead to Data Corruption (817606) |
| MS03-023 |
Buffer Overrun In HTML Converter Could Allow Code Execution (823559) |
| MS03-022 |
Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) |
| MS03-021 |
Flaw In Windows Media Player May Allow Media Library Access (819639) |
| MS03-018 |
Cumulative Patch for Internet Information Service (811114) |
| MS03-017 |
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) |
| MS03-014 |
Cumulative Patch for Outlook Express (330994) |
| MS03-013 |
Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) |
| MS03-011 |
Flaw in Microsoft VM Could Enable System Compromise (816093) |
| MS03-010 |
Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953) |
| MS03-008 |
Flaw in Windows Script Engine Could Allow Code Execution (814078) |
| MS03-007 |
Unchecked Buffer In Windows Component Could Cause Server Compromise (815021) |
| MS03-005 |
No Title Available |
| MS03-001 |
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833) |
| MS02-072 |
Unchecked Buffer in Windows Shell Could Enable System Compromise (329390) |
| MS02-071 |
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) |
| MS02-070 |
Flaw in SMB Signing Could Enable Group Policy to be Modified (329170) |
| MS02-065 |
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414) |
| MS02-063 |
Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834) |
| MS02-062 |
Cumulative Patch for Internet Information Service (Q327696) |
| MS02-060 |
Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940) |
| MS02-058 |
Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676) |
| MS02-055 |
Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255) |
| MS02-054 |
Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048) |
| MS02-053 |
Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096) |
| MS02-051 |
Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380) |
| MS02-050 |
Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) |
| MS02-048 |
Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172) |
| MS02-045 |
Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830) |
| MS02-042 |
Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886) |
| MS02-032 |
26 June 2002 Cumulative Patch for Windows Media Player (Q320920) |
| MS02-029 |
Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138) |
| MS02-024 |
Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206) |
| MS02-017 |
Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967) |
| MS02-012 |
Malformed Data Transfer Request can Cause Windows SMTP Service to Fail |
| MS02-009 |
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files |
| MS02-008 |
XMLHTTP Control Can Allow Access to Local Files |
| MS02-006 |
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run |
| MS01-059 |
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise |
| 919004 |
Windows Server Update Services Service Pack 1 |
| 917347 |
Update for Word 2002: July 11, 2006 |
| 917153 |
Update for PowerPoint 2002: July 11, 2006 |
| 913807 |
Update for Outlook 2003: March 14, 2006 |
| 913571 |
Updates for Office 2003: March 14, 2006 |
| 913090 |
SQL Server 2005 Service Pack 1 |
| 912440 |
Description of the update for Office 2003 Alternative User Input: May 9, 2006 |
| 907747 |
Update for Intelligent Message Filter for Exchange Server 2003 |
| 903676 |
Microsoft Internet Security and Acceleration Server 2004 Service Pack (SP2). |
| 902963 |
Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
| 902848 |
Outlook Live 2003 Service Pack 2 |
| 891861 |
Update Rollup 1 for Windows 2000 SP4 and known issues |
| 890830 |
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000 |
| 889101 |
Release notes for Windows Server 2003 Service Pack 1 |
| 887624 |
Description of Windows SharePoint Services Service Pack 2 |
| 887622 |
Description of Visio 2003 Service Pack 2 |
| 887620 |
Description of Project 2003 Service Pack 2 |
| 887619 |
Description of OneNote 2003 Service Pack 2 |
| 887618 |
Description of Office 2003 Service Pack 2 for Proofing Tools |
| 887616 |
Description of Office 2003 Service Pack 2 |
| 870540 |
Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup |
| 867461 |
List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3 |
| 867460 |
List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1 (SP1) |
| 843188 |
Description of Office 2003 Service Pack 1 for Proofing Tools |
| 842774 |
Description of OneNote 2003 Service Pack 1 |
| 842532 |
Description of Office 2003 Service Pack 1 |
| 841876 |
Description of Windows SharePoint Services Service Pack 1 |
| 840663 |
Description of Visio 2003 Service Pack 1 |
| 837240 |
Description of Project 2003 Service Pack 1 |
| 834693 |
Description of Office XP Service Pack 3 for Access 2002 Runtime |
| 832671 |
Description of Microsoft Office XP Service Pack 3 |
| 830242 |
Description of Visio 2002 Service Pack 2 |
| 830241 |
Description of Microsoft Project 2002 Service Pack 1 |
| 826939 |
Help and Support |
| 811113 |
List of fixes included in Windows XP Service Pack 2 |
| 321884 |
INFO: List of Bugs Fixed in Microsoft .NET Framework Service Pack 2 |
| 899456 |
Release manifest for MDAC 2.8 Service Pack 1 (2.81.1117.6) |
| 884525 |
Additions to the SQL Server 2000 Service Pack 4 readme files |
| 842262 |
Release manifest for the MDAC 2.7 Service Pack 1 Refresh (2.71.9040.2) |
|
 More information on each product update |
Bulletin ID:
MS09-068 |
Title:
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS09-067 |
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.
The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records. |
Applies to:
Office 2002/XP
Office 2007
Office 2003 |
Bulletin ID:
MS09-066 |
Title:
Vulnerability in Active Directory Could Allow Denial of Service (973309) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS09-065 |
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-064 |
Title:
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
This security update is rated Critical for Microsoft Windows 2000. |
Applies to:
Windows 2000 |
Bulletin ID:
MS09-063 |
Title:
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability.
This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
971975 |
Title:
Microsoft Office Accounting 2009 Service Pack 2 is available for Accounting Professional 2009 and for Accounting Express 2009 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Accounting Professional 2009 and of Microsoft Office Accounting Express 2009 Service Pack 2. |
Applies to:
Office 2007 |
Bulletin ID:
MS09-062 |
Title:
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003; Windows Vista and Windows Vista Service Pack 1; Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1; Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems; Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, Microsoft Report Viewer 2008 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package Service Pack 1. This security update is rated Important for all supported editions of Microsoft .NET Framework 1.1 and Microsoft .NET Framework 2.0 on Microsoft Windows 2000; Microsoft Office XP; Microsoft Office 2003; all affected Office Viewer software for Microsoft Office 2003; 2007 Microsoft Office System; all affected Office Viewer software for 2007 Microsoft Office System; Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Expression Web 2, Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1; Microsoft Office Project 2002; Microsoft Office Visio 2002; Microsoft Works 8.5; and Microsoft Forefront Client Security 1.0. |
Applies to:
Visual Studio 2008
Office 2002/XP
Office 2007
Office 2003
Visual Studio 2005
Windows 2000
Report Viewer 2008
Report Viewer 2005
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Forefront Client Security
Microsoft Works 8
SQL Server 2005
SQL Server 2000 |
Bulletin ID:
MS09-061 |
Title:
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability. This security update is rated Critical for all affected editions of the Microsoft .NET Framework on Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7; Microsoft Silverlight 2 when installed on Mac; and Microsoft Silverlight 2 when installed on all releases of Microsoft Windows clients. This security update is rated Important for all affected editions of the Microsoft .NET Framework on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. This security update is rated Moderate for Microsoft Silverlight 2 when installed on all releases of Microsoft Windows servers. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2008
Windows Vista
Windows 7
Windows Server 2008 R2 |
Bulletin ID:
MS09-060 |
Title:
Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Outlook 2002, Microsoft Office Outlook 2003, Microsoft Office Outlook 2007, Microsoft Visio 2002 Viewer, Microsoft Office Visio 2003 Viewer, and Microsoft Office Visio Viewer 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS09-059 |
Title:
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. Supported editions of Windows XP and Windows Server 2003 are only affected if they have previously installed the non-security update described in KB968389. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7 |
Bulletin ID:
MS09-058 |
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; and Moderate for Service Pack 2 for all editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-057 |
Title:
Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-056 |
Title:
Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2008 R2
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 7 |
Bulletin ID:
MS09-055 |
Title:
Cumulative Security Update of ActiveX Kill Bits (973525) |
Update Type:
Security Update |
Severity:
Critical |
| This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. |
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows 7
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-054 |
Title:
Cumulative Security Update for Internet Explorer (974455) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. |
Applies to:
Windows Internet Explorer 8 Dynamic Installer
Windows Internet Explorer 7.0 Dynamic Installer
Windows 2000
Windows Server 2008 R2
Windows 7
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-053 |
Title:
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
This security update is rated Important for IIS 5.0; IIS 5.1; IIS 6.0; and FTP Service 6.0 on IIS 7.0. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-052 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Windows Media Player 6.4 when installed on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-051 |
Title:
Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on supported editions of Microsoft Windows 2000; Windows XP; Windows Server 2003, except for Itanium-based editions; Windows Vista; and Windows Server 2008, except for Itanium-based editions. |
Applies to:
Windows 2000
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS09-050 |
Title:
Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
974431 |
Title:
Update to improve the stability and reliability of Windows 7 and Windows Server 2008 R2 |
Update Type:
Update Rollup |
Severity:
|
| This update improves the stability and reliability of Windows 7 and of Windows Server 2008 R2. |
Applies to:
Windows 7
Windows Server 2008 R2 |
Bulletin ID:
MS09-049 |
Title:
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.
This security update is rated Critical for supported editions of Windows Vista and Important for supported editions of Windows Server 2008. |
Applies to:
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-048 |
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008, and Important for all supported editions of Microsoft Windows 2000 Service Pack 4 and Windows Server 2003. |
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-047 |
Title:
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows Vista
Windows Server 2008
Windows XP x64 Edition |
Bulletin ID:
MS09-046 |
Title:
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP and Moderate for all supported editions of Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-045 |
Title:
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for JScript 5.1 on Microsoft Windows 2000 Service Pack 4 and Critical for JScript 5.6, JScript 5.7 and JScript 5.8 on all supported releases of the Windows operating system except Windows 7 and Windows Server 2008 R2. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
974331 |
Title:
Update for Silverlight: August 27, 2009 |
Update Type:
Update Rollup |
Severity:
|
| Update for Silverlight: August 27, 2009 |
Applies to:
Silverlight |
Bulletin ID:
972455 |
Title:
Windows Server Update Services 3.0 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Windows Server Update Services 3.0 Service Pack 2 |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2 |
Bulletin ID:
972036 |
Title:
August 2009 Windows Vista and Windows Server 2008 Application Compatibility Update |
Update Type:
Update |
Severity:
|
| August 2009 Application Compatibility Update for Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
970653 |
Title:
August 2009 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| August 2009 cumulative time zone update for Microsoft Windows operating systems |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
970363 |
Title:
Microsoft Silverlight 3 |
Update Type:
Update Rollup |
Severity:
|
| Microsoft Silverlight 3 |
Applies to:
Silverlight |
Bulletin ID:
970162 |
Title:
Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 9 for Microsoft Exchange Server 2007 Service Pack 1 |
Applies to:
Exchange Server 2007 |
Bulletin ID:
969898 |
Title:
Update Rollup for ActiveX Kill Bits |
Update Type:
Unknown Type |
Severity:
N/A |
| Update Rollup for ActiveX Kill Bits |
Applies to:
|
Bulletin ID:
969121 |
Title:
Windows Small Business Server 2008 Update Rollup 3 |
Update Type:
Update Rollup |
Severity:
|
| Windows Small Business Server 2008 Update Rollup 3 |
Applies to:
Windows Small Business Server 2008 |
Bulletin ID:
968012 |
Title:
Update Rollup 8 for Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 8 for Exchange Server 2007 Service Pack 1 |
Applies to:
Exchange Server 2007 |
Bulletin ID:
961448 |
Title:
Update Rollup 1 for Windows Essential Business Server 2008 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 1 for Windows Essential Business Server 2008 |
Applies to:
Windows Essential Business Server 2008
Windows Essential Business Server 2008 Setup Updates |
Bulletin ID:
944036 |
Title:
Windows Internet Explorer 8 |
Update Type:
Update Rollup |
Severity:
|
| Windows Internet Explorer 8 |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-044 |
Title:
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for default versions of RDP on affected editions of Windows Vista, Windows Vista for x64-based Systems, and Remote Desktop Connection Client for Mac 2.0 and is rated Critical for all default versions of RDP on all other affected Windows editions. This security update is rated Important for RDP Version 6.0 that administrators can manually install on Windows Server 2003 Service Pack 2 and Windows Server 2003 x64 Edition Service Pack 2 and is rated Critical for all other versions of RDP that administrators can manually install on affected Windows editions. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-043 |
Title:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2000 Web Components, Microsoft Office XP Web Components, Microsoft Office 2003 Web Components, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system, Microsoft Internet Security and Acceleration Server 2004 Standard Edition, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition, Microsoft Internet Security and Acceleration Server 2006, Microsoft BizTalk Server 2002, Microsoft Visual Studio .NET 2003, and Microsoft Office Small Business Accounting 2006. |
Applies to:
Office 2003
Office 2007
Office 2002/XP
Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2004
BizTalk Server 2002 |
Bulletin ID:
MS09-042 |
Title:
Vulnerability in Telnet Could Allow Remote Code Execution (960859) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows 2000
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS09-041 |
Title:
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS09-040 |
Title:
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.
This security update is rated Important for Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Professional x64 Edition Service Pack 2; all supported editions of Windows Server 2003; and Windows Vista and Windows Vista x64 Edition. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS09-039 |
Title:
Vulnerabilities in WINS Could Allow Remote Code Execution (969883) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server Service Pack 4 and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-038 |
Title:
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-037 |
Title:
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 Service Pack 4, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008 |
Bulletin ID:
MS09-036 |
Title:
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) |
Update Type:
Security Update |
Severity:
Important |
| This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.
This security update is rated Important for all affected versions of Microsoft Windows. |
Applies to:
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-035 |
Title:
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin. This security bulletin discusses vulnerabilities that could allow remote code execution if a user loaded a component or control built with the vulnerable versions of ATL. While most Microsoft Security Bulletins discuss the risk of a vulnerability for a specific product, this security bulletin discusses the vulnerabilities that may be present in products built using the ATL. Therefore, this security update is rated Moderate for all supported editions of Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005 Redistributable Package, and Microsoft Visual C++ 2008 Redistributable Package. |
Applies to:
Visual Studio 2008
Visual Studio 2005 |
Bulletin ID:
MS09-034 |
Title:
Cumulative Security Update for Internet Explorer (972260) |
Update Type:
Security Update |
Severity:
Critical |
| This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP; Critical for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Vista; Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003; and Moderate for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Server 2008. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 2000
Windows XP x64 Edition
Windows Vista
Windows XP |
Bulletin ID:
MS09-033 |
Title:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Important for all supported editions of Virtual PC 2004, Virtual PC 2007, and Virtual Server 2005. |
Applies to:
Virtual PC
Virtual Server |
Bulletin ID:
MS09-032 |
Title:
Cumulative Security Update of ActiveX Kill Bits (973346) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Windows XP and Moderate for all supported editions of Windows Server 2003. |
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008 |
Bulletin ID:
MS09-031 |
Title:
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
This security update is rated Important for Microsoft Internet Security and Acceleration (ISA) Server 2006. |
Applies to:
Internet Security and Acceleration Server 2006 |
Bulletin ID:
MS09-030 |
Title:
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Publisher 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
MS09-029 |
Title:
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-028 |
Title:
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-027 |
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported editions of Microsoft Office Word 2000. For all supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac, and all supported versions of Open XML File Format Converter for Mac, Microsoft Office Compatibility Pack, and Microsoft Office Word Viewers, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS09-026 |
Title:
Vulnerability in RPC Could Allow Elevation of Privilege (970238) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-025 |
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-024 |
Title:
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office Word 2000. This security update is also rated important for supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003 with the Microsoft Works 6–9 File Converter, and Microsoft Office Word 2007 Service Pack 1; and Microsoft Works 8.5 and Microsoft Works 9. |
Applies to:
Microsoft Works 9
Office 2007
Office 2002/XP |
Bulletin ID:
MS09-023 |
Title:
Vulnerability in Windows Search Could Allow Information Disclosure (963093) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not preinstalled on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability.
This security update is rated Moderate for Windows Search installed on all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS09-022 |
Title:
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Microsoft Windows 2000; Moderate for all supported editions of Windows XP and Windows Server 2003; and Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-021 |
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack, this security update is rated Important.
The update addresses the vulnerabilities by modifying the way that Excel parses Excel files. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS09-020 |
Title:
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs.
This security update is rated Important for Microsoft Internet Information Services on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-019 |
Title:
Cumulative Security Update for Internet Explorer (969897) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Important for Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP and Windows Vista; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003 and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows Vista
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008 |
Bulletin ID:
MS09-018 |
Title:
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server, and rated Important for supported versions of Windows XP Professional and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
948465 |
Title:
Windows Vista SP2 and Windows Server 2008 SP2 |
Update Type:
Service Pack |
Severity:
|
| Service Pack 2 for Windows Vista and for Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-017 |
Title:
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000. For supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; all supported versions of PowerPoint Viewer, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; Microsoft Works 8.5; and Microsoft Works 9.0, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
968369 |
Title:
SQL Server 2008 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2008 Service Pack 1 |
Applies to:
SQL Server 2008 |
Bulletin ID:
960911 |
Title:
Windows Small Business Server 2008 Update Rollup 2 |
Update Type:
Update Rollup |
Severity:
|
| Windows Small Business Server 2008 Update Rollup 2 |
Applies to:
Windows Small Business Server 2008 |
Bulletin ID:
957324 |
Title:
Office 2007 Service Pack 2 - Business Contact Manager |
Update Type:
Service Pack |
Severity:
|
| Office 2007 Service Pack 2 - Business Contact Manager |
Applies to:
Office 2007 |
Bulletin ID:
957262 |
Title:
Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components |
Update Type:
Service Pack |
Severity:
|
| Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components |
Applies to:
Office 2007 |
Bulletin ID:
953338 |
Title:
Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2) |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2) |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
953336 |
Title:
Excel Viewer 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Excel Viewer 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953335 |
Title:
Visio Viewer 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Visio Viewer 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953334 |
Title:
Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953332 |
Title:
PowerPoint Viewer 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| PowerPoint Viewer 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953331 |
Title:
Office Compatibility Pack Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Office Compatibility Pack Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953329 |
Title:
Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953195 |
Title:
Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2 |
Applies to:
Office 2007 |
Bulletin ID:
MS09-016 |
Title:
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
This security update is rated Important for Forefront TMG MBE, ISA Server 2004, and ISA Server 2006. |
Applies to:
Forefront TMG MBE
Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2004 |
Bulletin ID:
MS09-015 |
Title:
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.
This security update is rated Moderate for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. On Microsoft Windows 2000, this update is only classified as a defense-in-depth change. Details are available in the section, Frequently Asked Questions (FAQ) Related to This Security Update. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-014 |
Title:
Cumulative Security Update for Internet Explorer (963027) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows XP; and Internet Explorer 7 running on supported editions of Windows Vista. For Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Important. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-013 |
Title:
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-012 |
Title:
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-011 |
Title:
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-010 |
Title:
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.
This security update is rated Critical for supported editions of Microsoft Office Word 2000. This security update is also rated Important for supported editions of Microsoft Office Word 2002; Microsoft Office Converter Pack; and WordPad on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP
Office 2002/XP
Office 2003 |
Bulletin ID:
MS09-009 |
Title:
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; all supported versions of Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack Service Pack 1, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
960384 |
Title:
Update Rollup for Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup for Exchange Server 2007 Service Pack 1 |
Applies to:
Exchange Server 2007 |
Bulletin ID:
MS09-008 |
Title:
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 2000 |
Bulletin ID:
MS09-007 |
Title:
Vulnerability in SChannel Could Allow Spoofing (960225) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-006 |
Title:
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows 7 Client
Windows 7 Server |
Bulletin ID:
960353 |
Title:
Update for Microsoft Silverlight, February 18, 2009 |
Update Type:
Update Rollup |
Severity:
|
| This update includes stability improvements in media and in accessibility. This update is backward-compatible with applications that were created against earlier versions of Silverlight. |
Applies to:
Silverlight |
Bulletin ID:
959057 |
Title:
Microsoft Office Accounting 2009 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Accounting 2009 Service Pack 1 for Accounting Professional 2009 and for Accounting Express 2009. |
Applies to:
Office 2007 |
Bulletin ID:
MS09-005 |
Title:
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, and Microsoft Office Visio 2007 Service Pack 1. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS09-004 |
Title:
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
This security update is rated Important for supported releases of SQL Server 2000, SQL Server 2005 Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
SQL Server
SQL Server 2005 |
Bulletin ID:
MS09-003 |
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) |
Update Type:
Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007. |
Applies to:
Exchange Server 2003
Exchange Server 2007
Exchange 2000 Server |
Bulletin ID:
MS09-002 |
Title:
Cumulative Security Update for Internet Explorer (961260) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Vista |
Bulletin ID:
960715 |
Title:
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
Update Type:
Unknown Type |
Severity:
N/A |
| Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
Applies to:
|
Bulletin ID:
958715 |
Title:
Windows Small Business Server 2008 Update Rollup 1 |
Update Type:
Update Rollup |
Severity:
|
| Windows Small Business Server 2008 Update Rollup 1 |
Applies to:
Windows Small Business Server 2008 |
Bulletin ID:
955706 |
Title:
SQL Server 2005 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2005 Service Pack 3 |
Applies to:
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
951847 |
Title:
.NET Framework 3.5 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| .NET Framework 3.5 Service Pack 1 |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Internet Explorer 7.0 Dynamic Installer |
Bulletin ID:
MS09-001 |
Title:
Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-078 |
Title:
Security Update for Internet Explorer (960714) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. |
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS08-077 |
Title:
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008. |
Applies to:
Office 2007 |
Bulletin ID:
MS08-076 |
Title:
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008. |
Applies to:
Windows Server 2008
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
MS08-075 |
Title:
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-074 |
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-073 |
Title:
Cumulative Security Update for Internet Explorer (958215) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-072 |
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-071 |
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-070 |
Title:
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported components of the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, Microsoft Office Project 2007; and the Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean versions of Microsoft Office FrontPage 2002. |
Applies to:
Office 2007
Office 2003 |
Bulletin ID:
957388 |
Title:
December 2008 Windows Vista and Windows Server 2008 Application Compatibility Update |
Update Type:
Update Rollup |
Severity:
|
| December2008 Windows Vista and Windows Server 2008 Application Compatibility Update. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
955839 |
Title:
December 2008 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| December 2008 cumulative time zone update for Microsoft Windows operating systems |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
953467 |
Title:
Update Rollup 5 for Exchange Server 2007 Service Pack 1
|
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 5 for Exchange Server 2007 Service Pack 1. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
MS08-069 |
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft XML Core Services 3.0 and Important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0. |
Applies to:
Office 2007
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows 7
Windows XP x64 Edition
Windows Server 2008 R2
Office 2003 |
Bulletin ID:
MS08-068 |
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957097) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-067 |
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (958644) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
957938 |
Title:
Update for Silverlight: October 20, 2008 |
Update Type:
Update Rollup |
Severity:
|
| This major update includes improvements in performance, in security, and in functionality. This update is backward compatible with Silverlight 1.0 Web applications. |
Applies to:
Silverlight |
Bulletin ID:
MS08-066 |
Title:
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS08-065 |
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
This security update is rated Important for all supported editions of Microsoft Windows 2000. |
Applies to:
Windows 2000 |
Bulletin ID:
MS08-064 |
Title:
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-063 |
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957095) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS08-062 |
Title:
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-061 |
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-060 |
Title:
Vulnerability in Active Directory Could Allow Remote Code Execution (957280) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
This security update is rated Critical for implementations of Active Directory on Microsoft Windows 2000 Server. |
Applies to:
Windows 2000 |
Bulletin ID:
MS08-059 |
Title:
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Host Integration Server 2000, Microsoft Host Integration Server 2004, and Microsoft Host Integration Server 2006. |
Applies to:
Host Integration Server 2006
Host Integration Server 2004
Host Integration Server 2000 |
Bulletin ID:
MS08-058 |
Title:
Cumulative Security Update for Internet Explorer (956390) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on all supported editions of Microsoft Windows 2000, and for Internet Explorer 6 running on all supported editions of Windows XP. For Internet Explorer 7 running on all supported editions of Windows XP and Windows Vista, this security update is rated Important. Otherwise, this security update is rated Moderate or Low. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-057 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000 and rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack , Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-056 |
Title:
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
This security update is rated Moderate for supported editions of Microsoft Office XP.
The security update addresses the vulnerability by unregistering the CDO protocol. |
Applies to:
Office 2002/XP |
Bulletin ID:
956391 |
Title:
Cumulative Security Update of ActiveX Kill Bits |
Update Type:
Unknown Type |
Severity:
N/A |
| Cumulative Security Update of ActiveX Kill Bits |
Applies to:
|
Bulletin ID:
MS08-055 |
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Applies to:
Office 2007
Office 2003 |
Bulletin ID:
MS08-054 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported and affected editions of Windows Media Player 11. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS08-053 |
Title:
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported and affected editions of Microsoft Windows 2000, Windows XP, and Windows Vista, and Moderate for supported and affected versions of Windows Server 2003 and Windows Server 2008. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS08-052 |
Title:
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.
This security update is rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, Microsoft Visio 2002, Microsoft Office PowerPoint Viewer 2003, Microsoft Works 8, and Microsoft Forefront Client Security 1.0. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
SQL Server 2005
Windows 2000
Visual Studio 2008
Visual Studio 2005
Forefront Client Security
Office 2002/XP
Office 2003
Office 2007
Windows Server 2008
Windows Vista
SQL Server |
Bulletin ID:
955305 |
Title:
Update for Silverlight 1.0: July 23, 2008 |
Update Type:
Update Rollup |
Severity:
|
| Update for Silverlight 1.0: July 23, 2008 |
Applies to:
Silverlight |
Bulletin ID:
951951 |
Title:
Forefront Client Security Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Forefront Client Security Service Pack 1 |
Applies to:
Forefront Client Security |
Bulletin ID:
MS08-051 |
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000 and rated Important for supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office PowerPoint Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
MS08-050 |
Title:
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user.
This security update is rated Important for all supported editions of Microsoft Windows 2000 and Windows XP, and Moderate for all supported versions of Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS08-049 |
Title:
Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
This security update is rated Important for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-048 |
Title:
Security Update for Outlook Express and Windows Mail (951066) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for supported editions of Windows XP and Windows Vista and rated Low for supported editions of Windows Server 2003 and Windows Server 2008. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-047 |
Title:
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
This update is rated Important for all supported versions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-046 |
Title:
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This update is rated Critical for all supported versions of Microsoft Windows 2000, Windows XP and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-045 |
Title:
Cumulative Security Update for Internet Explorer (953838) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-044 |
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office 2000, and Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Project 2002 Service Pack 1, Microsoft Office Converter Pack, and Microsoft Works 8. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-043 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel 2003 Service Pack 3, Excel Viewer 2003, Excel Viewer 2003 Service Pack 3, Excel 2007, Excel 2007 Service Pack 1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-042 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for supported editions of Microsoft Word 2002 and Microsoft Word 2003. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-041 |
Title:
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.
The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
951072 |
Title:
August 2008 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| August 2008 cumulative time zone update for Microsoft Windows operating systems. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows XP x64 Edition |
Bulletin ID:
943462 |
Title:
Internet Security and Acceleration Server 2006 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Internet Security and Acceleration Server 2006 Service Pack 1. |
Applies to:
Internet Security and Acceleration Server 2006 |
Bulletin ID:
MS08-040 |
Title:
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for supported releases of SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). The security update addresses the vulnerabilities by modifying the way that SQL Server manages page reuse, allocating more memory for the convert function, validating on-disk files before loading them, and validating insert statements. |
Applies to:
SQL Server
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
MS08-039 |
Title:
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.
This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. |
Applies to:
Exchange Server 2007
Exchange Server 2003 |
Bulletin ID:
MS08-038 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-037 |
Title:
Vulnerabilities in DNS Could Allow Spoofing (953230) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Server 2008 |
Bulletin ID:
953649 |
Title:
System Center Configuration Manager Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| System Center Configuration Manager Service Pack 1. |
Applies to:
System Center Configuration Management 2007 |
Bulletin ID:
MS08-036 |
Title:
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003 and rated Moderate for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-035 |
Title:
Vulnerability in Active Directory Could Allow Denial of Service (953235) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, and rated Moderate for select editions of Windows XP Professional, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS08-034 |
Title:
Vulnerability in WINS Could Allow Elevation of Privilege (948745) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privilege. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-033 |
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows 2000
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
MS08-032 |
Title:
Cumulative Security Update of ActiveX Kill Bits (950760) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb.
The security update is rated Moderate for Microsoft Windows 2000 Service Pack 4; all supported editions of Windows XP; and all editions of the original release version of Windows Vista. However, the kill bit deployment also includes Windows Vista Service Pack 1.
For all other supported versions of Windows, this security update is rated Low. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-031 |
Title:
Cumulative Security Update for Internet Explorer (950759) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.
This security update is rated Critical for Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 on supported versions of Windows XP; and Internet Explorer 7 on supported versions of Windows XP and Windows Vista. The security update is also rated Important for Internet Explorer 5.01 on Microsoft Windows 2000 Service Pack 4, and Moderate for all other supported releases of Internet Explorer. |
Applies to:
Windows 2000
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-030 |
Title:
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported editions of Windows XP and Windows Vista. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
951532 |
Title:
Description of the Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008 |
Update Type:
Update Rollup |
Severity:
|
| Describes the Microsoft Expression Media issues that are fixed in the Post-SP1 Rollup that is dated April 15, 2008. |
Applies to:
Expression Media V1 |
Bulletin ID:
951213 |
Title:
Description of the update for Silverlight 1.0: April 4, 2008 |
Update Type:
Update Rollup |
Severity:
|
| Describes the update for Silverlight 1.0 that was released on April 4, 2008. Provides links to the update and to product release notes. |
Applies to:
Silverlight |
Bulletin ID:
MS08-028 |
Title:
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for the Microsoft Jet 4.0 Database Engine. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-027 |
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Publisher 2000 Service Pack 3 and Important for supported versions of Microsoft Publisher 2002, Microsoft Publisher 2003, and Microsoft Publisher 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-026 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Word 2000 and Microsoft Outlook 2007 and rated Important for supported editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
948016 |
Title:
Description of Update Rollup 2 for Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Describes Update Rollup 2 for Exchange Server 2007 Service Pack 1. Contains information about the issues that the update rollup fixes, the prerequisites for installing it, how to obtain it, and the files that it contains. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
936929 |
Title:
Windows XP Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Windows XP Service Pack 3. |
Applies to:
Windows XP |
Bulletin ID:
949426 |
Title:
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008. |
Applies to:
Office 2007 |
Bulletin ID:
936330 |
Title:
Windows Vista Service Pack 1 (SP1) |
Update Type:
Service Pack |
Severity:
|
| Windows Vista Service Pack 1 (SP1). |
Applies to:
Windows Vista |
Bulletin ID:
MS08-025 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-024 |
Title:
Cumulative Security Update for Internet Explorer (947864) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated Critical for all supported releases of Internet Explorer. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-023 |
Title:
Security Update of ActiveX Kill Bits (948881) |
Update Type:
Unknown Type |
Severity:
Critical |
| This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated Critical for Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4; Windows XP Service Pack 2; and Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2.
The security update is rated Important for Windows Vista and Windows Vista Service Pack 1; and Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1.
The security update is rated Moderate for all supported editions of Windows Server 2003.
For all other supported versions of Windows, this security update is rated Low. |
Applies to:
|
Bulletin ID:
MS08-022 |
Title:
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS08-021 |
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (948590) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for Microsoft Windows 2000 Service Pack 4, and all supported releases of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-020 |
Title:
Vulnerability in DNS Client Could Allow Spoofing (945553) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
This is an important security update for Windows Vista and all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS08-019 |
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007, and Microsoft Office Visio 2007 Service Pack 1. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-018 |
Title:
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Office Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Project 2000 Service Release 1 and rated Important for Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 2. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
948014 |
Title:
Windows Server Update Services 3.0 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Windows Server Update Services 3.0 Service Pack 1. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition |
Bulletin ID:
MS08-017 |
Title:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) |
Update Type:
Security Update |
Severity:
Critical |
| This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for implementations of Microsoft Office Web Components 2000 on supported editions of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003 Service Pack 1, Microsoft BizTalk Server 2000 and Microsoft BizTalk Server 2002, Microsoft Commerce Server 2000, and Internet Security and Acceleration Server 2000 Service Pack 2. |
Applies to:
Office 2002/XP |
Bulletin ID:
MS08-016 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office 2000 and rated Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Excel Viewer 2003 and Microsoft Excel Viewer 2003 Service Pack 3, and Microsoft Office 2004 for Mac. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-015 |
Title:
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
This security update is rated Critical for supported editions of Microsoft Office Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2 and Service Pack 3, and Outlook 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-014 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office 2004 for Mac, and Office 2008 for Mac. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
946140 |
Title:
Update for Business Contact Manager for Outlook 2007: February 12, 2008 |
Update Type:
Critical Update |
Severity:
|
| This update changes the startup behavior of the SQL Server service so that the service is started only when Business Contact Manager for Outlook 2007 requires it. |
Applies to:
Office 2007 |
Bulletin ID:
945684 |
Title:
Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 1 for Microsoft Exchange Server 2007 SP1. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
942846 |
Title:
Update Rollup 6 for Exchange Server 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 6 for Exchange Server 2007. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
941834 |
Title:
Microsoft Expression Media Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Expression Media Service Pack 1. |
Applies to:
Expression Media V1 |
Bulletin ID:
MS08-013 |
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Microsoft Office 2000 and an important security update for Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2004 for Mac. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS08-012 |
Title:
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported releases of Microsoft Office Publisher 2000; supported releases of Microsoft Office Publisher 2002; and supported editions of Microsoft Office Publisher 2003 Service Pack 2. Microsoft Publisher 2003 Service Pack 3, Microsoft Office Publisher 2007, and Microsoft Office Publisher 2007 Service Pack 1 are not impacted by this vulnerability. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS08-011 |
Title:
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves three privately reported vulnerabilities in the Microsoft Works File Converter. These vulnerabilities could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Microsoft Works Converter. |
Applies to:
Office 2003 |
Bulletin ID:
MS08-010 |
Title:
Cumulative Security Update for Internet Explorer (944533) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated critical for all supported releases of Internet Explorer. |
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-009 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000 and an important security update for Microsoft Office XP, Microsoft Office 2003, and Microsoft Office Word Viewer 2003. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-008 |
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS08-007 |
Title:
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves one privately reported vulnerability in the WebDAV Mini-Redirector. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Windows XP and Windows Vista and an important security update for all supported editions of Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-006 |
Title:
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.
The security update is rated important for Microsoft Internet Information Services on all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-005 |
Title:
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated Important for Microsoft Internet Information Services 5.0 on Microsoft Windows 2000, Microsoft Internet Information Services 5.1 on Windows XP, Microsoft Internet Information Server 6.0 on Windows Server 2003, and Microsoft Internet Information Services 7.0 on Windows Vista. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-004 |
Title:
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
This is an important security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS08-003 |
Title:
Vulnerability in Active Directory Could Allow Denial of Service (946538) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability could allow a denial of service condition. On Windows Server 2003 and Windows XP an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
This is an important security update for all supported editions of Microsoft Windows 2000, and a moderate security update for Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
940767 |
Title:
Windows Internet Explorer 7 Installation and Availability Update |
Update Type:
Update Rollup |
Severity:
|
| Windows Internet Explorer 7 Installation and Availability Update. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
110806 |
Title:
Microsoft .NET Framework 2.0 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft .NET Framework 2.0 Service Pack 1 provides cumulative roll-up updates for customer reported issues found after the release of Microsoft .NET Framework 2.0. In addition, this release provides security improvements, and prerequisite feature support for .NET Framework 3.0 Service Pack 1, and .NET Framework 3.5. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS08-002 |
Title:
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-001 |
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Windows XP and Windows Vista, an important security update for all supported editions of Windows Server 2003, and a moderate security update for all supported editions of Microsoft Windows 2000. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 2000 |
Bulletin ID:
941652 |
Title:
Business Contact Manager for Outlook 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Business Contact Manager for Outlook 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
940289 |
Title:
Office Compatibility Pack Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| This service pack delivers important customer-requested stability and performance improvements. It also includes improvements in user security. |
Applies to:
Office 2007 |
Bulletin ID:
937961 |
Title:
Office 2003 Web Components Service Pack 1 for the 2007 Office system |
Update Type:
Service Pack |
Severity:
|
| Office 2003 Web Components SP1 for the 2007 Office system. This service pack provides the latest updates to the Office 2003 Web Components for the 2007 Office system. |
Applies to:
Office 2007 |
Bulletin ID:
937160 |
Title:
Visio Viewer 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Office Visio Viewer 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
937158 |
Title:
PowerPoint Viewer 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office PowerPoint Viewer 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
937157 |
Title:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
936988 |
Title:
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services 3.0 SP1 and Windows SharePoint Services Language Pack 3.0 SP1. These service packs contain the latest updates to Windows SharePoint Services 3.0. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
936984 |
Title:
Microsoft Office 2007 servers Service Pack 1 and Microsoft Office 2007 servers Language Pack Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office servers 2007 SP1 and Microsoft Office 2007 servers Language Pack SP1. This service pack provides the latest updates to all of the 2007 Microsoft Office servers. |
Applies to:
Office 2007 |
Bulletin ID:
936982 |
Title:
Microsoft Office 2007 suite Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office 2007 suite Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
MS07-069 |
Title:
Cumulative Security Update for Internet Explorer (942615) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS07-068 |
Title:
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Windows Media Format Runtime 7.1, 9, 9.5, 11 and for Windows Media Services 9.1. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows Vista |
Bulletin ID:
MS07-067 |
Title:
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. An attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS07-066 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
This is an important security update for supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-065 |
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in Message Queuing Service (MSMQ) that could allow remote code execution in implementations on Microsoft Windows 2000 Server, or elevation of privilege in implementations on Microsoft Windows 2000 Professional and Windows XP. An attacker must have valid logon credentials to exploit this vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is an important security update for supported editions of Microsoft Windows 2000 Server and a moderate security update for supported editions of Windows XP and Windows 2000 Professional. |
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS07-064 |
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Vista. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-063 |
Title:
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2.
This is an Important security update for all supported versions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
942840 |
Title:
You may experience slow Web browser performance when you view a Web page that uses JScript in Internet Explorer on a Windows Server 2003-based computer or on a Windows XP-based computer |
Update Type:
Unknown Type |
Severity:
N/A |
| Fixes a problem in which you experience slow performance when you view a Web page in Internet Explorer. Specifically, this problem occurs in Windows Server 2003 and Windows CP environments. This hotfix provides improvements over hotfix 919237. |
Applies to:
|
Bulletin ID:
942763 |
Title:
December 2007 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| December 2007 cumulative time zone update for Windows XP, for Windows Vista, and for Windows Server 2003. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
929300 |
Title:
Microsoft .NET Framework Service Pack 1 for versions 3.0, 2.0, and 1.1 |
Update Type:
Service Pack |
Severity:
|
| Service Pack 1 for Microsoft .NET Framework versions 3.0, 2.0, and 1.1. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS07-062 |
Title:
Vulnerability in DNS Could Allow Spoofing (941672) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. This is an important security update for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-061 |
Title:
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.
This is a critical security update for all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
941421 |
Title:
Update Rollup 5 for Exchange 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 5 for Exchange 2007 |
Applies to:
Exchange Server 2007 |
Bulletin ID:
MS07-060 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000, Microsoft Office XP, and Microsoft Office 2004 for Mac. |
Applies to:
Office 2002/XP |
Bulletin ID:
MS07-059 |
Title:
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation.
The security update is rated important for Microsoft SharePoint Services 3.0 in supported editions of Microsoft Windows Server 2003 and for supported editions of Microsoft Office SharePoint Server 2007.
The security update addresses the vulnerability by modifying the way that Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 validate URL-encoded requests. |
Applies to:
Office 2007
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS07-058 |
Title:
Vulnerability in RPC Could Allow Denial of Service (933729) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-057 |
Title:
Cumulative Security Update for Internet Explorer (939653) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-056 |
Title:
Security Update for Outlook Express and Windows Mail (941202) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
This is a critical security update for all supported versions of Microsoft Outlook express and Microsoft Windows Mail. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-055 |
Title:
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This vulnerability exists only on systems running Windows 2000. However, systems running supported editions of Windows XP and Windows Server 2003 may also be affected if upgraded from Windows 2000. This is a critical security update for Windows 2000 Service Pack 4, Windows XP Service Pack 2, and supported 32-bit editions of Windows Server 2003. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
940006 |
Title:
Update Rollup 4 for Exchange 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 4 for Exchange 2007. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
935999 |
Title:
Update Rollup 3 for Exchange 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 3 for Exchange 2007. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
934737 |
Title:
Excel Viewer 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Excel 2003 Viewer SP3 contains significant security improvements, stability improvements, and performance improvements. Some fixes that are included with Excel Viewer 2003 SP3 were previously released in separate updates. |
Applies to:
Office 2003 |
Bulletin ID:
934736 |
Title:
Word Viewer 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Word Viewer 2003 SP3 contains significant security enhancements, stability improvements, and performance improvements. Some fixes that are included with Word Viewer 2003 SP3 were previously released in separate updates. |
Applies to:
Office 2003 |
Bulletin ID:
933867 |
Title:
Microsoft Systems Management Server 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Systems Management Server (SMS) 2003 Service Pack 3 (SP3) |
Applies to:
Systems Management Server 2003 |
Bulletin ID:
933360 |
Title:
August 2007 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| August 2007 cumulative time zone update that is available for Microsoft Windows operating systems. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP
Windows XP x64 Edition |
Bulletin ID:
923648 |
Title:
Outlook Live 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Outlook Live 2003 Service Pack 3 |
Applies to:
Office 2003 |
Bulletin ID:
923643 |
Title:
Windows SharePoint Services Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services Service Pack 3 provides the latest updates to Windows SharePoint Services. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
923642 |
Title:
Office 2003 Service Pack 3 for Proofing Tools |
Update Type:
Service Pack |
Severity:
|
| Office 2003 SP3 fixes that were released earlier in separate updates. |
Applies to:
Office 2003 |
Bulletin ID:
923633 |
Title:
OneNote 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| OneNote 2003 Service Pack 3 provides the latest updates to Microsoft Office OneNote 2003. |
Applies to:
Office 2003 |
Bulletin ID:
923622 |
Title:
Project 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Project 2003 Service Pack 3 (SP3) contains significant security improvements in addition to stability improvements. Some fixes that are included with SP3 were previously released as separate updates. This service pack combines them into one update. |
Applies to:
Office 2003 |
Bulletin ID:
923620 |
Title:
Visio 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Visio 2003 SP3 contains significant security improvements and stability improvements. Some fixes that are included with SP3 have been previously released as separate updates. This service pack combines them into one update. |
Applies to:
Office 2003 |
Bulletin ID:
923618 |
Title:
Office 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Office 2003 SP3 contains security enhancements and stability improvements. Some of the fixes included with Office 2003 SP3 were previously released in separate updates. Office 2003 SP3 combines the previously released fixes into one update. |
Applies to:
Office 2003 |
Bulletin ID:
MS07-053 |
Title:
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one publicly disclosed vulnerability. A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege.
This is an important security update for supported releases of Windows 2000, Windows Server 2003, Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications, a component of Windows Server 2003 and Windows Vista. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-052 |
Title:
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user opens a specially crafted RPT file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an important security update for supported editions of Visual Studio that include a custom version of Crystal Reports. Only the specific editions of Visual Studio listed in the Affected Software section are affected because they contain Crystal Reports. |
Applies to:
Visual Studio 2005 |
Bulletin ID:
MS07-051 |
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for Microsoft Windows 2000 Service Pack 4. |
Applies to:
Windows 2000 |
Bulletin ID:
MS07-050 |
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated critical for supported releases of Internet Explorer 5.01, Internet Explorer 6, and Internet Explorer 7. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS07-049 |
Title:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
This is an important security update for supported releases of Microsoft Virtual PC 2004, Microsoft Virtual Server 2005, Microsoft Virtual Server 2005 R2, Microsoft Virtual PC for Mac Version 6.1, and Microsoft Virtual PC for Mac Version 7. |
Applies to:
Virtual Server
Virtual PC |
Bulletin ID:
MS07-048 |
Title:
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an important security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-047 |
Title:
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an important security update for supported versions of Windows Media Player 7.1, 9, 10, and 11. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS07-046 |
Title:
Vulnerability in GDI Could Allow Remote Code Execution (938829) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
This is a critical security update for all supported editions of Windows except Windows 2003 Server Service Pack 2 and Windows Vista. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-045 |
Title:
Cumulative Security Update for Internet Explorer (937143) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated critical for supported releases of Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1. For Internet Explorer 6 for supported versions and editions of Windows XP Home and Windows XP Professional, the security update is also rated critical, otherwise it is rated moderate for other supported operating systems. For Internet Explorer 7 for supported versions and editions of Windows XP and Windows XP Professional, and Internet Explorer 7 in Windows Vista, the security update is rated Important, otherwise it is rated low. |
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-044 |
Title:
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, this update is rated important. This update is also rated important for the Excel Viewer 2003. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS07-043 |
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Windows 2000, Windows XP, Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-042 |
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Windows 2000, Windows XP, Windows Vista, Microsoft Office 2003, and 2007 Microsoft Office System. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Office 2007
Office 2003 |
Bulletin ID:
MS07-041 |
Title:
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
This is an important security update for all supported 32-bit editions of Windows XP Service Pack 2. |
Applies to:
Windows XP |
Bulletin ID:
MS07-040 |
Title:
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update addresses two vulnerabilities by modifying the way .NET Framework addresses buffer allocation. |
Applies to:
Windows Vista
Windows Server 2008
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS07-039 |
Title:
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is a critical security update for supported editions of Windows 2000 and an important security update for supported editions of Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-038 |
Title:
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
Update Type:
Security Update |
Severity:
Moderate |
| This moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host.
This is a moderate security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-037 |
Title:
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability.
This is an important security update for supported releases of Microsoft Office Publisher 2007. |
Applies to:
Office 2007 |
Bulletin ID:
MS07-036 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
Update Type:
Security Update |
Severity:
Critical |
| This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, and 2007 Microsoft Office System this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-035 |
Title:
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
This is a critical security update for all supported versions of Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-034 |
Title:
Cumulative Security Update for Outlook Express and Windows Mail (929123) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Windows Vista. For other versions of Windows, this update is rated important or moderate or low. |
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS07-033 |
Title:
Cumulative Security Update for Internet Explorer (933566) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
This is a critical security update for supported releases of Internet Explorer 5.01 and Internet Explorer 6, and most supported releases of Internet Explorer 7. For Internet Explorer 7 for supported versions and editions of Windows Server 2003, this update is rated moderate. |
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-032 |
Title:
Vulnerability in Windows Vista Could Allow Information Disclosure (931213) |
Update Type:
Security Update |
Severity:
Moderate |
| This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system.
This is a moderate security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-031 |
Title:
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
This is a critical security update for supported editions of Windows XP, important for editions of Windows 2003, and moderate for editions of Windows 2000. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-030 |
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities.
This is an important security update for supported versions of Microsoft Visio 2002 and Microsoft Office Visio 2003. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-029 |
Title:
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-028 |
Title:
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
CAPICOM |
Bulletin ID:
MS07-027 |
Title:
Cumulative Security Update for Internet Explorer (931768) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS07-026 |
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered |
Applies to:
Exchange Server 2003
Exchange 2000 Server
Exchange Server 2007 |
Bulletin ID:
MS07-025 |
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) |
Update Type:
Security Update |
Severity:
Critical |
This update resolves a privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2007
Office 2002/XP
Office 2003 |
Bulletin ID:
MS07-024 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-023 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
933669 |
Title:
Update for PowerPoint 2003: May 8, 2007 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for Microsoft Office PowerPoint 2003. This update enables a network administrator to restrict the presentation types that can be opened or saved in PowerPoint 2003. |
Applies to:
Office 2003 |
Bulletin ID:
924406 |
Title:
Microsoft Internet Security and Acceleration Server 2004 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Internet Security and Acceleration Server (ISA) Service Pack 3 |
Applies to:
Internet Security and Acceleration Server 2004 |
Bulletin ID:
MS07-022 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity. |
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS07-021 |
Title:
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-020 |
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-019 |
Title:
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS07-018 |
Title:
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP |
Bulletin ID:
932726 |
Title:
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007. |
Update Type:
Service Pack |
Severity:
|
| Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007. |
Applies to:
Office 2007 |
Bulletin ID:
MS07-017 |
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Vista
Windows XP
Windows 2000 |
Bulletin ID:
923435 |
Title:
Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003. |
Applies to:
Compute Cluster Pack |
Bulletin ID:
914961 |
Title:
Windows Server 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Windows Server 2003 Service Pack 2. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
921896 |
Title:
SQL Server 2005 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2005 Service Pack 2. |
Applies to:
SQL Server 2005 |
Bulletin ID:
MS07-016 |
Title:
Cumulative Security Update for Internet Explorer (928090) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS07-015 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS07-014 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-013 |
Title:
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
Update Type:
Security Update |
Severity:
Important |
| This update addresses a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Office 2002/XP
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-012 |
Title:
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
MS07-011 |
Title:
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-009 |
Title:
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS07-008 |
Title:
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-007 |
Title:
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP |
Bulletin ID:
MS07-006 |
Title:
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS07-005 |
Title:
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
931836 |
Title:
February 2007 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| February 2007 cumulative time zone update rollup for Microsoft Windows operating systems. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
929060 |
Title:
Update for PowerPoint 2003: February 13, 2007 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for PowerPoint 2003. When you edit a PowerPoint 2007 presentation that is saved on a SharePoint Portal Server site or on a Windows SharePoint Services site, the changes are not saved. |
Applies to:
Office 2003 |
Bulletin ID:
929058 |
Title:
Update for Excel 2003: February 13, 2007 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for Microsoft Office Excel 2003. When you edit a Microsoft Office Excel 2007 workbook that is saved on a SharePoint Portal Server site or on a Windows SharePoint Services site, the changes are not saved. |
Applies to:
Office 2003 |
Bulletin ID:
928957 |
Title:
Visual Studio 2005 Service Pack 1 release notes |
Update Type:
Service Pack |
Severity:
|
| Contains the contents of the release notes from Visual Studio 2005 Service Pack 1 (SP1). |
Applies to:
Visual Studio 2005 |
Bulletin ID:
MS07-004 |
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows 2000 |
Bulletin ID:
MS07-003 |
Title:
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately and publicly reported vulnerabilities. The vulnerabilities are documented in the “Vulnerability Details” section of this bulletin.
When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-002 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-001 |
Title:
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers should apply the update at the earliest opportunity. |
Applies to:
Office 2003 |
Bulletin ID:
924886 |
Title:
Update for Office 2003: December 12, 2006 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update to the spelling checker for Microsoft Office 2003. This update improves how Office 2003 programs find and correct errors in German-language documents. |
Applies to:
Office 2003 |
Bulletin ID:
MS06-078 |
Title:
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS06-077 |
Title:
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-076 |
Title:
Cumulative Security Update for Outlook Express (923694) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers should apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-075 |
Title:
Vulnerability in Windows Could Allow Elevation of Privilege (926255) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately identified vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-074 |
Title:
Vulnerability in SNMP Could Allow Remote Code Execution (926247) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS06-073 |
Title:
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Visual Studio 2005 |
Bulletin ID:
MS06-072 |
Title:
Cumulative Security Update for Internet Explorer (925454) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
899738 |
Title:
Systems Management Server 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Systems Management Server 2003 Service Pack 2 |
Applies to:
Systems Management Server 2003 |
Bulletin ID:
917275 |
Title:
Windows Rights Management Services with Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Describes the new features in Microsoft Windows Rights Management Services Service Pack 2 (RMS SP2). The article also provides links to obtain the RMS client software. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-071 |
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
MS06-070 |
Title:
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS06-069 |
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves privately reported vulnerabilities in Macromedia Flash Player from Adobe, version 6.0.84.0 and earlier. Macromedia Flash Player is a third party software application that also was redistributed with Microsoft Windows XP Service Pack 2 and Microsoft Windows XP Professional x64 Edition. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. The Adobe Security Bulletin APSB06-11, issued September 12, 2006, describes the vulnerabilities and provides the download locations for customers who have installed Flash Player 7 and higher so that you can install the appropriate update based on the version of Flash Player you are using. Customers that have followed the guidance in the Adobe Security Bulletin are not at risk from these vulnerabilities.
If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-068 |
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
MS06-067 |
Title:
Cumulative Security Update for Internet Explorer (922760) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-066 |
Title:
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
The Client Service for NetWare is also called the Gateway Service for NetWare on Windows 2000 Server.
On vulnerable versions of Microsoft Windows, an attacker who successfully exploited these vulnerabilities could remotely take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
926874 |
Title:
Windows Internet Explorer 7 |
Update Type:
Unknown Type |
Severity:
N/A |
| Windows Internet Explorer 7 |
Applies to:
|
Bulletin ID:
MS06-065 |
Title:
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, significant user interaction is required to exploit this vulnerability.
Customers should consider applying the security update
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-064 |
Title:
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) |
Update Type:
Security Update |
Severity:
Low |
| This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations.
An attacker who successfully exploited the most severe of these vulnerabilities against an affected system could cause the system to stop responding or automatically reboot.
We recommend that customers evaluate whether to apply the security update to the affected systems.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-063 |
Title:
Vulnerability in Server Service Could Allow Denial of Service (923414) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves publicly and privately reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update at the earliest opportunity
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-062 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-061 |
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Office 2003
SQL Server Feature Pack |
Bulletin ID:
MS06-060 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-059 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-058 |
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of PowerPoint, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-057 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Execution (923191) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-056 |
Title:
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to acquire information that could be used to further compromise the affected system.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP |
Bulletin ID:
MS06-055 |
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-054 |
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-053 |
Title:
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to produce useful information that could be used to further compromise the affected system.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-052 |
Title:
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the vulnerability could take complete control of the affected system. The Windows service needed that would allow PGM communications is not installed by default.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP |
Bulletin ID:
MS06-051 |
Title:
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS06-050 |
Title:
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
User interaction is required for an attacker to exploit these vulnerabilities.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-049 |
Title:
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations.
An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-048 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-047 |
Title:
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
On vulnerable versions of Office or Microsoft Visual Basic for Applications, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP |
Bulletin ID:
MS06-046 |
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (922616) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-045 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS06-044 |
Title:
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-043 |
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-042 |
Title:
Cumulative Security Update for Internet Explorer (918899) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-041 |
Title:
Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported, vulnerabilities.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply this update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-040 |
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (921883) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations.
An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
920115 |
Title:
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
Update Type:
Service Pack |
Severity:
|
| Update for Microsoft Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006. |
Applies to:
Office 2003 |
Bulletin ID:
MS06-039 |
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own "Vulnerability Details" section in this bulletin.
On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-038 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-037 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-036 |
Title:
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS06-035 |
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (917159) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-034 |
Title:
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-033 |
Title:
Vulnerability in ASP.NET Could Allow Information Disclosure (917283) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-032 |
Title:
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Customers should apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-031 |
Title:
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported vulnerability. A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-030 |
Title:
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-029 |
Title:
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could perform script injection attacks.
We recommend that customers consider applying the security update.
|
Applies to:
Exchange Server 2003
Exchange 2000 Server |
Bulletin ID:
MS06-028 |
Title:
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-027 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, public vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
A remote code execution vulnerability exists in Word using a malformed object pointer. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-025 |
Title:
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS06-024 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
MS06-023 |
Title:
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered vulnerability. A remote code execution vulnerability exists in Microsoft JScript that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS06-022 |
Title:
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-021 |
Title:
Cumulative Security Update for Internet Explorer (916281) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS06-020 |
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-019 |
Title:
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately
|
Applies to:
Exchange Server 2003
Exchange 2000 Server |
Bulletin ID:
MS06-018 |
Title:
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-017 |
Title:
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers consider applying the security update.
|
Applies to:
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-016 |
Title:
Cumulative Security Update for Outlook Express (911567) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-015 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS06-014 |
Title:
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS06-013 |
Title:
Cumulative Security Update for Internet Explorer (912812) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-012 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-011 |
Title:
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-009 |
Title:
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) |
Update Type:
Security Update |
Severity:
Important |
|
Applies to:
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-008 |
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-007 |
Title:
Vulnerability in TCP/IP Could Allow Denial of Service (913446) |
Update Type:
Security Update |
Severity:
Important |
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-006 |
Title:
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP |
Bulletin ID:
MS06-005 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-004 |
Title:
Cumulative Security Update for Internet Explorer (910620) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-003 |
Title:
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
On vulnerable versions of Outlook, Office Language Interface Packs, Office MultiLanguage Packs or Office Multilingual User Interface Packs, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
On vulnerable versions of Exchange, an attacker who successfully exploited this vulnerability could take complete control of an affected system. This vulnerability could be exploited automatically without user interaction. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP
Exchange 2000 Server |
Bulletin ID:
MS06-002 |
Title:
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability.
An attacker who successfully exploited this vulnerability could take control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS06-001 |
Title:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-055 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS05-054 |
Title:
Cumulative Security Update for Internet Explorer (905915) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-053 |
Title:
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-052 |
Title:
Cumulative Security Update for Internet Explorer (896688) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered public vulnerability and other privately-reported variations of the same vulnerability. The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer, allow an attacker to take complete control of an affected system. Because these COM objects were not designed to be instantiated in Internet Explorer, this update sets the kill bit for the affected Class Identifiers (CLSID) in these COM objects. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-051 |
Title:
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that Windows 2000 and Windows XP Service Pack 1 customers apply the update immediately. We recommend that customers using other operating system versions apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS05-050 |
Title:
Vulnerability in DirectShow Could Allow Remote Code Execution (904706) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS05-049 |
Title:
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-048 |
Title:
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Exchange 2000 Server |
Bulletin ID:
MS05-047 |
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS05-046 |
Title:
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server.
An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-045 |
Title:
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, public vulnerability. A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-044 |
Title:
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the Windows FTP client because of the way it validates file names. This vulnerability could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session.
The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-043 |
Title:
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-042 |
Title:
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves two newly-discovered vulnerabilities, a privately reported vulnerability and a publicly reported vulnerability. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could cause the service responsible for authenticating users in an Active Directory domain to stop responding.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-041 |
Title:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability in the Remote Desktop Protocol (RDP) exists that could allow an attacker to cause a system to stop responding. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-040 |
Title:
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-039 |
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-038 |
Title:
Cumulative Security Update for Internet Explorer (896727) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS05-037 |
Title:
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. A COM object, the JView Profiler (Javaprxy.dll), when instantiated in Internet Explorer, contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. Since the JView Profiler COM object was not designed to be accessed through Internet Explorer, this update sets the kill bit for the JView Profiler (Javaprxy.dll) COM object. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS05-036 |
Title:
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
A remote code execution vulnerability exists in the Microsoft Color Management Module because of the way that it handles ICC profile format tag validation.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS05-035 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Office 2002/XP |
Bulletin ID:
MS05-033 |
Title:
Vulnerability in Telnet Client Could Allow Information Disclosure (896428) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. An attacker who successfully exploited this information disclosure vulnerability could remotely read the session variables for users who have open connections to a malicious telnet server. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS05-032 |
Title:
Vulnerability in Microsoft Agent Could Allow Spoofing (890046) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. This vulnerability could enable an attacker to spoof trusted Internet content. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-031 |
Title:
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP 64-Bit Edition Version 2003 |
Bulletin ID:
MS05-030 |
Title:
Vulnerability in Outlook Express Could Allow Remote Code Execution (897715) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS05-028 |
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (896426) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS05-027 |
Title:
Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. . An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS05-026 |
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (896358) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in HTML Help that could allow remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS05-025 |
Title:
Cumulative Security Update for Internet Explorer (883939) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-024 |
Title:
Vulnerability in Web View Could Allow Remote Code Execution (894320) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS05-023 |
Title:
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. The vulnerabilities are documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS05-021 |
Title:
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability in Microsoft Exchange Server that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
Applies to:
Exchange Server 2003
Exchange 2000 Server |
Bulletin ID:
MS05-020 |
Title:
Cumulative Security Update for Internet Explorer (890923) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-019 |
Title:
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately-reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS05-018 |
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS05-017 |
Title:
Vulnerability in Message Queuing Could Allow Code Execution (892944) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Message Queuing component. By default, the Message Queuing component is not installed on any affected operating system version. Only customers who manually installed the Message Queuing component could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS05-016 |
Title:
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-015 |
Title:
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS05-014 |
Title:
Cumulative Security Update for Internet Explorer (867282) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-013 |
Title:
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS05-012 |
Title:
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-011 |
Title:
Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-010 |
Title:
Vulnerability in the License Logging Service Could Allow Code Execution (885834) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS05-009 |
Title:
Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the processing of PNG image formats. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS05-008 |
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. A privilege elevation vulnerability exists in Windows because of the way that Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page. This malicious Web page could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS05-007 |
Title:
Vulnerability in Windows Could Allow Information Disclosure (888302) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could remotely read the user names for users who have an open connection to an available shared resource.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP |
Bulletin ID:
MS05-006 |
Title:
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. A cross-site scripting and spoofing vulnerability exists in the affected software that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited the vulnerability could modify Web browser caches and intermediate proxy server caches. Additionally, they could put spoofed content into those caches. An attacker may also be able to exploit the vulnerability to perform cross-site scripting attacks.
We recommend that customers consider applying the security update.
|
Applies to:
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS05-005 |
Title:
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.
|
Applies to:
Office 2002/XP |
Bulletin ID:
MS05-004 |
Title:
ASP.NET Path Validation Vulnerability (887219) |
Update Type:
Security Update |
Severity:
Important |
This update resolves a public vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could gain unauthorized access to parts of a Web site. The actions that the attacker could take would depend on the specific content being protected.
|
Applies to:
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS05-003 |
Title:
Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-002 |
Title:
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs; view, change, or delete data; or create new accounts that have full privileges.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS05-001 |
Title:
Vulnerability in HTML Help Could Allow Code Execution (890175) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. This vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.
We recommend that customers install the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS04-045 |
Title:
Vulnerability in WINS Could Allow Remote Code Execution (870763) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly-discovered, public and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that WINS administrators install the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-044 |
Title:
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that customers install the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-043 |
Title:
Vulnerability in HyperTerminal Could Allow Code Execution (873339) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
We recommend that customers install the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS04-041 |
Title:
Vulnerability in WordPad Could Allow Code Execution (885836) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
We recommend that customers install the update at the earliest opportunity
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS04-040 |
Title:
Cumulative Security Update for Internet Explorer (889293) |
Update Type:
Unknown Type |
Severity:
Critical |
| This update resolves a newly-discovered publicly reported vulnerability. A vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers install the update immediately.
|
Applies to:
|
Bulletin ID:
MS04-038 |
Title:
Cumulative Security Update for Internet Explorer (834707) |
Update Type:
Unknown Type |
Severity:
Critical |
| This update resolves several newly discovered publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers install the update immediately.
|
Applies to:
|
Bulletin ID:
MS04-037 |
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit these vulnerabilities.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS04-036 |
Title:
Vulnerability in NNTP Could Allow Remote Code Execution (883935) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems. This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-035 |
Title:
Vulnerability in SMTP Could Allow Remote Code Execution (885881) |
Update Type:
Security Update |
Severity:
Critical |
| Subsequent to the release of this bulletin, it was determined that a variation of the vulnerability addressed also affects Exchange 2000 Server. Microsoft has updated the bulletin, on February 8, 2005, with additional information about Exchange 2000 Server and also to direct users to a security update for this additional affected platform.
This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Simple Mail Transfer Protocol (SMTP) component that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003 |
Bulletin ID:
MS04-034 |
Title:
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way that Windows processes Compressed (zipped) Folders. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-032 |
Title:
Security Update for Microsoft Windows (840987) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS04-031 |
Title:
Vulnerability in NetDDE Could Allow Remote Code Execution (841533) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS04-030 |
Title:
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could cause WebDAV to consume all available memory and CPU time on an affected server. This behavior could cause a denial of service. The IIS service would have to be restarted to restore functionality.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-028 |
Title:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.
If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS04-027 |
Title:
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the WordPerfect 5.x Converter that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
Microsoft recommends that customers install the update at the earliest opportunity.
|
Applies to:
Office 2002/XP |
Bulletin ID:
MS04-025 |
Title:
Cumulative Security Update for Internet Explorer (867801) |
Update Type:
Unknown Type |
Severity:
Critical |
| This update resolves several newly discovered public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers apply the update immediately.
|
Applies to:
|
Bulletin ID:
MS04-024 |
Title:
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS04-023 |
Title:
Vulnerability in HTML Help Could Allow Code Execution (840315) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS04-022 |
Title:
Vulnerability in Task Scheduler Could Allow Code Execution (841873) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS04-020 |
Title:
Vulnerability in POSIX Could Allow Code Execution (841872) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that customers install the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS04-019 |
Title:
Vulnerability in Utility Manager Could Allow Code Execution (842526) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
We recommend that customers install the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS04-018 |
Title:
Cumulative Security Update for Outlook Express (823353) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin.
If a user is running Outlook Express and receives a specially crafted e-mail message, Outlook Express would fail. If the preview pane is enabled, the user would have to manually remove the message, and then restart Outlook Express to resume functionality.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS04-016 |
Title:
Vulnerability in DirectPlay Could Allow Denial of Service (839643) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is running a networked DirectPlay application, an attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail. The user would have to restart the application to resume functionality.
Microsoft recommends that customers should consider applying the security update.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-015 |
Title:
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers install the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS04-014 |
Title:
Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) |
Update Type:
Security Update |
Severity:
Important |
| Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action.
If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings.
The following files, on non-English systems only, were updated as part of this update: |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS04-013 |
Title:
Cumulative Security Update for Outlook Express (837009) |
Update Type:
Security Update |
Severity:
Critical |
| This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.
Microsoft recommends that customers install this update immediately.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS04-012 |
Title:
Cumulative Update for Microsoft RPC/DCOM (828741) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each vulnerability is documented in this bulletin in its own section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft recommends customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS04-011 |
Title:
Security Update for Microsoft Windows (835732) |
Update Type:
Security Update |
Severity:
Critical |
| Microsoft re-issued this bulletin on June 15, 2004 to advise on the availability of an updated Windows NT 4.0 Workstation update for the Pan Chinese language.
This revised update corrects an installation issue that some customers experienced with the original update. This issue is unrelated to the security vulnerability discussed in this bulletin. However, this issue has caused some customers difficulty installing the update. If you have previously applied this security update, this update does need to be installed to avoid potential issues when installing future security updates. This issue only affects the Pan Chinese language version of the update and only those versions of the update are being re-released. Other language versions of this update are not affected and are not being re-released.
This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft recommends that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS04-008 |
Title:
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) |
Update Type:
Security Update |
Severity:
Moderate |
A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality.
Windows Media Services is made up of Windows Media Services Administrator and four Windows Media Services components running on a single computer:
By using Windows Media Unicast Service, Windows Media content can be streamed over unicast, using either TCP or UDP as a transport, to Microsoft Windows Media Player or to another Windows Media server.
Windows Media Station Service performs three key functions:| • | It arranges one or more streams of content (also known as a "playlist" or "program") for subsequent streaming. | | • | It multicasts the playlist or program to Windows Media Player or to another Windows Media server. | | • | It distributes the playlist or program locally to Windows Media Unicast Service for subsequent unicasting to Windows Media Player or to another Windows Media server. |
Windows Media Program Service is a dependent service of Windows Media Station Service. Windows Media Program Service helps the server administrator build playlists of Windows Media content using Windows Media Services Administrator and persist those playlists for future use.
Windows Media Monitor Service is the administrative console of Windows Media Services.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS04-007 |
Title:
ASN.1 Vulnerability Could Allow Code Execution (828028) |
Update Type:
Security Update |
Severity:
Critical |
| No Description Available |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS04-006 |
Title:
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
|
Update Type:
Security Update |
Severity:
Important |
| A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.
The possibility of a denial of service on Windows Server 2003 results from the presence of a security feature that is used in the development of Windows Server 2003. This security feature detects when an attempt is made to exploit a stack-based buffer overrun and reduces the chance that it can be easily exploited. This security feature can be forced to terminate the service to prevent malicious code execution. On Windows Server 2003, when an attempt is made to exploit the buffer overrun, the security feature reacts and terminates the service. This results in a denial of service condition of WINS. Because it is possible that methods may be found in the future to bypass this security feature, which could then enable code execution, customers should apply the update. For more information about these security features, visit the following Web site.
On Windows NT and Windows 2000, the nature of the vulnerability is slightly different. WINS will reject the specially-crafted packet and the attack does not result in a denial of service. The vulnerability on these platforms also does not allow code execution. Microsoft is releasing a security update for these platforms that corrects the vulnerable code as a preventive measure to help protect these platforms in case methods are found in the future to exploit this vulnerability.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS04-004 |
Title:
Cumulative Security Update for Internet Explorer (832894) |
Update Type:
Unknown Type |
Severity:
Critical |
| No Description Available |
Applies to:
|
Bulletin ID:
MS04-003 |
Title:
Buffer Overrun in MDAC Function Could Allow Code Execution (832483) |
Update Type:
Unknown Type |
Severity:
Important |
| No Description Available |
Applies to:
|
Bulletin ID:
MS03-051 |
Title:
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) |
Update Type:
Security Update |
Severity:
Critical |
| No Description Available |
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS03-049 |
Title:
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749) |
Update Type:
Security Update |
Severity:
Critical |
| A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service.
If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS03-048 |
Title:
Cumulative Security Update for Internet Explorer (824145) |
Update Type:
Unknown Type |
Severity:
Critical |
| No Description Available |
Applies to:
|
Bulletin ID:
MS03-045 |
Title:
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141) |
Update Type:
Security Update |
Severity:
Important |
| No Description Available |
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS03-044 |
Title:
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119) |
Update Type:
Security Update |
Severity:
Critical |
| No Description Available |
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS03-043 |
Title:
Buffer Overrun in Messenger Service Could Allow Code Execution (828035) |
Update Type:
Security Update |
Severity:
Critical |
| No Description Available |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS03-042 |
Title:
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232) |
Update Type:
Security Update |
Severity:
Critical |
| No Description Available |
Applies to:
Windows 2000 |
Bulletin ID:
MS03-041 |
Title:
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) |
Update Type:
Security Update |
Severity:
Critical |
| No Description Available |
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS03-040 |
Title:
Cumulative Patch for Internet Explorer (828750) |
Update Type:
Unknown Type |
Severity:
Critical |
This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following newly discovered vulnerabilities:| • | A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML-based e-mail that would attempt to exploit this vulnerability. | | • | A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML-based e-mail that would attempt to exploit this vulnerability. |
In addition, a change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone. It could be possible for an attacker exploiting a separate vulnerability (such as one of the two vulnerabilities discussed above) to cause Internet Explorer to run script code in the security context of the Internet Zone. In addition, an attacker could use Windows Media Player's (WMP) ability to open URLs to construct an attack. An attacker could also craft an HTML-based e-mail that could attempt to exploit this behavior.
To exploit these flaws, the attacker would have to create a specially formed HTML-based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit these vulnerabilities.
As with the previous Internet Explorer cumulative patches released with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.
In addition to applying this security patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update is available from Windows Update as well as the Microsoft Download Center for all supported versions of Windows Media Player. While not a security patch, this update contains a change to the behavior of Windows Media Player's ability to launch URLs to help protect against DHTML behavior based attacks. Specifically, it restricts Windows Media Player's ability to launch URLs in the local computer zone from other zones.
|
Applies to:
|
Bulletin ID:
MS03-039 |
Title:
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) |
Update Type:
Security Update |
Severity:
Critical |
| The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.
An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service.
Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS03-034 |
Title:
Flaw in NetBIOS Could Lead to Information Disclosure (824105) |
Update Type:
Security Update |
Severity:
Low |
| Subsequent to the original release of this bulletin Microsoft extended the support of Windows NT Workstation 4.0 and Windows 2000 Service Pack 2. A security update is now available from Microsoft Product Support Services for customers running these operating systems. Contact Microsoft Product Support Services to obtain these additional security updates.
Network basic input/output system (NetBIOS) is an application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.
This vulnerability involves one of the NetBT (NetBIOS over TCP) services, namely, the NetBIOS Name Service (NBNS). NBNS is analogous to DNS in the TCP/IP world and it provides a way to find a system's IP address given its NetBIOS name, or vice versa.
Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system's memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query.
An attacker could seek to exploit this vulnerability by sending a NetBT Name Service query to the target system and then examine the response to see if it included any random data from that system's memory.
If best security practices have been followed and port 137 UDP has been blocked at the firewall, Internet based attacks would not be possible.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS03-033 |
Title:
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718) |
Update Type:
Security Update |
Severity:
Important |
Microsoft Data Access Components (MDAC) is a collection of components that are used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems: | • | By default, MDAC is included by default as part of Microsoft Windows XP, Windows 2000, Windows Millennium Edition, and Windows Server 2003. (It is worth noting, though, that the version that is installed by Windows Server 2003 does not have this vulnerability). | | • | MDAC is available for download as a stand-alone technology. | | • | MDAC is either included in or installed by a number of other products and technologies. For example, MDAC is included in the Microsoft Windows NT® 4.0 Option Pack and in Microsoft SQL Server 2000. Additionally, some MDAC components are present as part of Microsoft Internet Explorer even when MDAC itself is not installed. |
MDAC provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Due to a flaw in a specific MDAC component, an attacker could respond to this request with a specially crafted packet that could cause a buffer overflow.
An attacker who successfully exploited this flaw could gain the same level of privileges over the system as the application that initiated the broadcast request. The actions an attacker could carry out would be dependent on the permissions which the application using MDAC ran under. If the application ran with limited privileges, an attacker would be limited accordingly; however, if the application ran under the local system context, the attacker would have the same level of permissions. This could include creating, modifying, or deleting data on the system, or reconfiguring the system. This could also include reformatting the hard disk or running programs of the attacker's choice.
This bulletin supercedes the patch discussed in MS02-040. Customers should install this patch as it contains both the fix for the vulnerability discussed in bulletin MS02-040 and the patch discussed in this bulletin.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS03-031 |
Title:
Cumulative Patch for Microsoft SQL Server (815495) |
Update Type:
Security Update |
Severity:
Important |
| This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. In addition, it eliminates three newly discovered vulnerabilities. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS03-030 |
Title:
Unchecked Buffer in DirectX Could Enable System Compromise (819696) |
Update Type:
Security Update |
Severity:
Critical |
| Subsequent to the original release of this bulletin, customers requested that we support additional versions of DirectX that were not covered by the original patches. This bulletin has been updated to provide information about a new patch, which is intended for customers using Windows 98, Windows 98 SE, Windows Millennium Edition, or Windows 2000 who have upgraded to Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, or 8.1b.
DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering.
There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it could be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged-on user.
An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it by using an HTML-based e-mail. In the case where the file was hosted on a Web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page the vulnerability could be exploited when a user visited the Web page. In the HTML-based e-mail case, the vulnerability could be exploited when a user opened or previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application making use of DirectShow, to fail. A successful attack could also cause an attacker's code to run on the user's computer in the security context of the user.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS03-027 |
Title:
Unchecked Buffer in Windows Shell Could Enable System Compromise (821557) |
Update Type:
Security Update |
Severity:
Important |
| The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs.
An unchecked buffer exists in one of the functions used by the Windows shell to extract custom attribute information from certain folders. A security vulnerability results because it is possible for a malicious user to construct an attack that could exploit this flaw and execute code on the user's system.
An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupt custom attribute, and then host it on a network share. If a user were to browse the shared folder where the file was stored, the vulnerability could then be exploited. A successful attack could have the effect of either causing the Windows shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
|
Applies to:
Windows XP |
Bulletin ID:
MS03-026 |
Title:
Buffer Overrun In RPC Interface Could Allow Code Execution (823980) |
Update Type:
Security Update |
Severity:
Critical |
| Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. Subsequent to the release of this bulletin Microsoft has been made aware that additional ports involving RPC can be used to exploit this vulnerability. Information regarding these additional ports has been added to the mitigating factors and the Workaround section of the bulletin. In addition, Microsoft has released security bulletin MS03-039 and an updated scanning tool which supersedes this bulletin and the original scanning tool provided with it.
The updated tool provided with MS03-039 supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool originally provided with this bulletin is used against a system which has installed the security patch provided MS03-039, the outdated tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.
To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS03-025 |
Title:
Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679) |
Update Type:
Unknown Type |
Severity:
Important |
| Subsequent to the original release of this bulletin Microsoft extended the support of Windows NT Workstation 4.0 and Windows 2000 Service Pack 2. A security update is now available from Microsoft Product Support Services for customers running Windows 2000 Service Pack 2. Contact Microsoft Product Support Services to obtain this additional security update.
Microsoft Windows 2000 contains support for Accessibility options within the operating system. Accessibility support is a series of assistive technologies within Windows that allow users with disabilities to still be able to access the functions of the operating system. Accessibility support is enabled or disabled through shortcuts built into the operating system, or through the Accessibility Utility Manager. Utility Manager is an accessibility utility that allows users to check the status of accessibility programs (Microsoft Magnifier, Narrator, On-Screen Keyboard) and to start or stop them.
There is a flaw in the way that Utility Manager handles Windows messages. Windows messages provide a way for interactive processes to react to user events (for example, keystrokes or mouse movements) and communicate with other interactive processes. A security vulnerability results because the control that provides the list of accessibility options to the user does not properly validate Windows messages sent to it. It's possible for one process in the interactive desktop to use a specific Windows message to cause the Utility Manager process to execute a callback function at the address of its choice. Because the Utility Manager process runs at higher privileges than the first process, this would provide the first process with a way of exercising those higher privileges.
By default, the Utility Manager contains controls that run in the interactive desktop with Local System privileges. As a result, an attacker who had the ability to log on to a system interactively could potentially run a program that could send a specially crafted Windows message upon the Utility Manager process, causing it to take any action the attacker specified. This would give the attacker complete control over the system.
The attack cannot be exploited remotely, and the attacker would have to have the ability to interactively log on to the system.
|
Applies to:
|
Bulletin ID:
MS03-024 |
Title:
Buffer Overrun in Windows Could Lead to Data Corruption (817606) |
Update Type:
Unknown Type |
Severity:
Important |
| Subsequent to the original release of this bulletin Microsoft extended the support of Windows NT Workstation 4.0 and Windows 2000 Service Pack 2. The existing Windows NT 4.0 Server security update will install successfully on Windows NT 4.0 Workstation and is officially supported on that operating system version. A security update is now available from Microsoft Product Support Services for customers running Windows 2000 Service Pack 2. Contact Microsoft Product Support Services to obtain the Windows 2000 Service Pack 2 security update
Server Message Block (SMB) is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what's described as a client server request-response protocol.
A flaw exists in the way that the server validates the parameters of an SMB packet. When a client system sends an SMB packet to the server system, it includes specific parameters that provide the server with a set of "instructions." In this case, the server is not properly validating the buffer length established by the packet. If the client specifies a buffer length that is less than what is needed, it can cause the buffer to be overrun.
By sending a specially crafted SMB packet request, an attacker could cause a buffer overrun to occur. If exploited, this could lead to data corruption, system failure, or-in the worst case-it could allow an attacker to run the code of their choice. An attacker would need a valid user account and would need to be authenticated by the server to exploit this flaw.
|
Applies to:
|
Bulletin ID:
MS03-023 |
Title:
Buffer Overrun In HTML Converter Could Allow Code Execution (823559) |
Update Type:
Security Update |
Severity:
Critical |
| Subsequent to the original release of this bulletin Microsoft extended the support of Windows NT Workstation 4.0 and Windows 2000 Service Pack 2. The existing Windows NT 4.0 Server security update will install successfully on Windows NT 4.0 Workstation and is officially supported on that operating system version. The existing Windows 2000 security update will install successfully on Windows 2000 Service Pack 2 and is officially supported on that operating system version.
All versions of Microsoft Windows contain support for file conversion within the operating system. This functionality allows users of Microsoft Windows to convert file formats from one to another. In particular, Microsoft Windows contains support for HTML conversion within the operating system. This functionality allows users to view, import, or save files as HTML.
There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action.
To exploit this vulnerability, the attacker would have to create a specially-formed HTML e-mail and send it to the user. Alternatively, an attacker would have to host a malicious Web site that contains a Web page designed to exploit this vulnerability. The attacker would then have to persuade a user to visit that site.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS03-022 |
Title:
Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) |
Update Type:
Security Update |
Severity:
Important |
| Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available in a downloadable version for Windows NT 4.0 Server. Windows Media Services contains support for a method of delivering media content to clients across a network known as multicast streaming. In multicast streaming, the server has no connection to or knowledge of the clients that may be receiving the stream of media content coming from the server. To facilitate logging of client information for the server, Windows 2000 includes a capability specifically designed to enable logging for multicast transmissions.
This logging capability is implemented as an Internet Services Application Programming Interface (ISAPI) extension - nsiislog.dll. When Windows Media Services are added through add/remove programs to Windows 2000, nsiislog.dll is installed in the Internet Information Services (IIS) Scripts directory on the server. Once Windows Media Services is installed, nsiislog.dll is automatically loaded and used by IIS.
There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request (communications) to the server that could cause IIS to fail or execute code on the user's system.
Windows Media Services is not installed by default on Windows 2000. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS03-021 |
Title:
Flaw In Windows Media Player May Allow Media Library Access (819639) |
Update Type:
Security Update |
Severity:
Moderate |
| An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media and provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media.
A flaw exists in the way in which the ActiveX control provides access to information on the user's computer. A vulnerability exists because an attacker could invoke the ActiveX control from script code, which would allow the attacker to view and manipulate metadata contained in the media library on the user's computer.
To exploit this flaw, an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability, and then persuade a user to visit that site-an attacker would have no way to force a user to the site. An attacker could also embed a link to the malicious site in an HTML e-mail and send it to the user. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction.
The attacker would only have access to manipulate the media library on the user's computer. The attacker would not be able to browse the user's hard disk and would not have access to passwords or encrypted data. The attacker would not be able to modify files on the user's hard disk, but could modify the contents of any Media Library entries associated with those files. The attacker might also be able to determine the user name of the logged-on user by examining the directory paths to media files.
|
Applies to:
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS03-018 |
Title:
Cumulative Patch for Internet Information Service (811114) |
Update Type:
Security Update |
Severity:
Important |
This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch".
In addition to all previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and 5.1: | • | A Cross-Site Scripting (CSS) vulnerability affecting IIS 4.0, 5.0 and 5.1 involving the error message that's returned to advise that a requested URL has been redirected. An attacker who was able to lure a user into clicking a link on his or her web site could relay a request containing script to a third-party web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user. The script would then render using the security settings of the third-party site rather than the attacker's. | | • | A buffer overrun that results because IIS 5.0 does not correctly validate requests for certain types of web pages known as server side includes. An attacker would need the ability to upload a Server-side include page to a vulnerable IIS server. If the attacker then requested this page, a buffer overrun could result, which would allow the attacker to execute code of their choice on the server with system-level permissions. | | • | A denial of service vulnerability that results because of a flaw in the way IIS 4.0 and 5.0 allocate memory requests when constructing headers to be returned to a web client. An attacker would need the ability to upload an ASP page to a vulnerable IIS server. This ASP page, when called by the attacker, would attempt to return an extremely large header to the calling web client. Because IIS does not limit the amount of memory that can be used in this case, this could case IIS to fail as a result of running out of local memory. | | • | A denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them. As a result an attacker could cause IIS to fail - however both IIS 5.0 and 5.1 will by default restart immediately after this failure. |
There is a dependency associated with this patch - it requires the patch from Microsoft Security Bulletin MS02-050 to be installed. If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS03-017 |
Title:
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) |
Update Type:
Security Update |
Severity:
Critical |
| Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of "skins". Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.
A flaw exists in the way Windows Media Player 7.1 and Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user's machine. This could allow an attacker to place a malicious executable on the system.
In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability and then persuade a user to visit that site - an attacker would have no way to force a user to the site. An attacker could also embed the link in an HTML e-mail and send it to the user.
In the case of an e-mail borne attack, if the user was using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, then an attack could not be automated and the user would still need to click on a URL sent in the e-mail. However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack that could both place, then launch the malicious executable without the user having to click on a URL contained in an e-mail.
The attacker's code would run with the same privileges as the user: any restrictions on the user's ability to change the system would apply to the attacker's code.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS03-014 |
Title:
Cumulative Patch for Outlook Express (330994) |
Update Type:
Unknown Type |
Severity:
Critical |
| MHTML stands for MIME Encapsulation of Aggregate HTML. MHTML is an Internet standard that defines the MIME (Multipurpose Internet Mail Extensions) structure used to send HTML content in e-mail message bodies. The MHTML URL Handler in Windows is part of Outlook Express and provides a URL type that can be used on the local machine. This URL type (MHTML://) allows MHTML documents to be launched from a command line, from Start/Run, using Windows Explorer or from within Internet Explorer.
A vulnerability exists in the MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer. As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer and have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones.
Using this method, an attacker could attempt to construct a URL and either host it on a website or send it via email. In the web based scenario, where a user then clicked on a URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine. In the case of an e-mail borne attack, if the user was using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, then an attack could not be automated and the user would still need to click on a URL sent in the e-mail. However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack to trigger automatically without the user having to click on a URL contained in an e-mail. In both the web based and e-mail based cases, any limitations on the user's privileges would also restrict the capabilities of the attacker's script.
Applying the update listed in Microsoft Security Bulletin MS03-004 -- Cumulative Patch for Internet Explorer-will help block an attacker from being able to load a file onto a user's computer and prevent the passing of parameters to an executable. This means that an attacker could only launch a program that already existed on the computer-provided the attacker was aware of the location of the program-and would not be able to pass parameters to the program for it to execute.
MHTML is a standard for exchanging HTML content in e-mail and as a result the MHTML URL Handler function has been implemented in Outlook Express. Internet Explorer can also render MHTML content, however the MHTML function has not been implemented separately in Internet Explorer - it simply uses Outlook Express to render the MHTML content.
|
Applies to:
|
Bulletin ID:
MS03-013 |
Title:
Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) |
Update Type:
Security Update |
Severity:
Important |
| Microsoft re-issued this bulletin on May 28, 2003 to advise on the availability of an updated Windows XP Service Pack 1 patch. This revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch.
Microsoft originally issued this bulletin on April 16, 2003. Subsequent to that date, Microsoft received reports of performance problems with the patch from some Windows XP Service Pack 1 customers. This original Windows XP Service Pack 1 patch did address the security vulnerability discussed in this security bulletin. Microsoft investigated this performance issue and confirmed that there could be performance problems when the original patch was applied to Windows XP Service Pack 1 systems. Microsoft has published a Knowledge Base article, 819634, that describes the known circumstances that can cause the performance problems to manifest themselves with the original patch. Microsoft has subsequentially re-issued the Windows XP Service Pack 1 patch to correct the performance problems. This revised patch can be downloaded from the locations described later in this bulletin.
The Windows kernel is the core of the operating system. It provides system level services such as device and memory management, allocates processor time to processes and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.
For an attack to be successful, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS03-011 |
Title:
Flaw in Microsoft VM Could Enable System Compromise (816093) |
Update Type:
Unknown Type |
Severity:
Critical |
| The Microsoft VM is a virtual machine for the Win32® operating environment. The Microsoft VM is shipped in most versions of Windows (a complete list is available in the FAQ), as well as in most versions of Internet Explorer.
The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.
|
Applies to:
|
Bulletin ID:
MS03-010 |
Title:
Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953) |
Update Type:
Unknown Type |
Severity:
Important |
|
Applies to:
|
Bulletin ID:
MS03-008 |
Title:
Flaw in Windows Script Engine Could Allow Code Execution (814078) |
Update Type:
Security Update |
Severity:
Critical |
| The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the "Workarounds" section in the FAQ below.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS03-007 |
Title:
Unchecked Buffer In Windows Component Could Cause Server Compromise (815021) |
Update Type:
Security Update |
Severity:
Critical |
| Microsoft originally released this security bulletin on March 17, 2003. At that time, Microsoft was aware of a publicly available exploit that was being used to attack Windows 2000 Servers running IIS 5.0. The attack vector in this case was WebDAV although the underlying vulnerability was in a core operating system component, ntdll.dll. Microsoft issued a patch to protect Windows 2000 customers shortly afterwards, but also continued to investigate the underlying vulnerability. During the course of that investigation, Microsoft found that Windows NT 4.0 also contains the underlying vulnerability in ntdll.dll, however it does not support WebDAV and therefore the known exploit was not effective against Windows NT 4.0. In addition, Microsoft has recently been made aware of this vulnerability as well in Windows XP. However, like Windows NT 4.0, Windows XP does not install Internet Information Services (IIS) by default. Microsoft has now released patches for Windows NT 4.0 and Windows XP.
Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV and results because a core operating system component, ntdll.dll, contains an unchecked buffer.
An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS). The request could cause the server to fail or to execute code of the attacker's choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context).
Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional tools and preventive measures have been provided that customers can use to block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds and tools are discussed in the "Workarounds" section in the FAQ below.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS03-005 |
Title:
No Title Available |
Update Type:
Security Update |
Severity:
Important |
| The Windows Redirector is used by a Windows client to access files, whether local or remote, regardless of the underlying network protocols in use. For example, the "Add a Network Place" Wizard or the NET USE command can be used to map a network share as a local drive, and the Windows Redirector will handle the routing of information to and from the network share.
A security vulnerability exists in the implementation of the Windows Redirector on Windows XP because an unchecked buffer is used to receive parameter information. By providing malformed data to the Windows Redirector, an attacker could cause the system to fail, or if the data was crafted in a particular way, could run code of the attacker's choice.
|
Applies to:
Windows XP |
Bulletin ID:
MS03-001 |
Title:
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833) |
Update Type:
Security Update |
Severity:
Critical |
| The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP.
A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS02-072 |
Title:
Unchecked Buffer in Windows Shell Could Enable System Compromise (329390) |
Update Type:
Security Update |
Severity:
Critical |
| The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw.
An attacker could seek to exploit this vulnerability by creating an .MP3 or .WMA file that contained a corrupt custom attribute and then host it on a website, on a network share, or send it via an HTML email. If a user were to hover his or her mouse pointer over the icon for the file (either on a web page or on the local disk), or open the shared folder where the file was stored, the vulnerable code would be invoked. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email. A successful attack could have the effect of either causing the Windows Shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-071 |
Title:
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) |
Update Type:
Security Update |
Severity:
Important |
| Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that could, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and has released an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. The error did not affect NT 4.0 TSE, except for the Japanese Language. Customers running the Japanese version of NT 4.0 TSE should apply the updated fix.
It was also subsequently established that a second problem affected Windows NT 4.0 TSE multi processor systems which was causing them to fail. The patch should have been installable on both single and multi processor system and the installer should have copied the correct binaries onto the system depending on whether the system was single or multi processor. However an installer error meant that the correct binaries were not being copied onto multi processor systems, causing them to fail under certain scenarios. Microsoft has updated the patch for Windows NT 4.0 TSE to correct this error. It should be noted that this patch only corrects an installer problem with multi processor Windows NT 4.0 TSE systems - there is no requirement to re-install the patch on single processor systems as the installer functions correctly on those systems.
Customers who have installed the patch on Microsoft Windows 2000 and Windows XP are unaffected by this error.
Windows messages provide a way for interactive processes to react to user events (e.g., keystrokes or mouse movements) and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer. If that second process had higher privileges than the first, this would provide the first process with a way of exercising them.
By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system.
In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges. Although none of these would, in the absence of the TM_TIMER vulnerability, enable an attacker to gain privileges on the system, we have included them in the patch to make the services more robust.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS02-070 |
Title:
Flaw in SMB Signing Could Enable Group Policy to be Modified (329170) |
Update Type:
Security Update |
Severity:
Moderate |
| Subsequent to releasing this bulletin it was determined that the fix that eliminates the vulnerability was not included in Microsoft Windows XP Service Pack 1. The bulletin has been updated to reflect this fact, and the patch has been updated so that it installs on Windows XP Service Pack 1 systems. Customers who are currently running XP Service Pack 1 with SMB signing enabled should apply the patch.
Server Message Block (SMB) is a protocol natively supported by all versions of Windows. Although nominally a file-sharing protocol, it is used for other purposes as well, the most important of which is disseminating group policy information from domain controllers to newly logged on systems. Beginning with Windows 2000, it is possible to improve the integrity of SMB sessions by digitally signing all packets in a session. Windows 2000 and Windows XP can be configured to always sign, never sign, or sign only if the other party requires it.
A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system. To do this, the attacker would need access to the session negotiation data as it was exchanged between a client and server, and would need to modify the data in a way that exploits the flaw. This would cause either or both systems to send unsigned data regardless of the signing policy the administrator had set. After having downgraded the signing setting, the attacker could continue to monitor the session and change data within it; the lack of signing would prevent the communicants from detecting the changes.
Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. By doing this, the attacker could take actions such as adding users to the local Administrators group or installing and running code of his or her choice on the system.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-065 |
Title:
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414) |
Update Type:
Security Update |
Severity:
Critical |
Microsoft Data Access Components (MDAC) is a collection of components used to provide database connectivity on Windows platforms. MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems: | • | It is included by default as part of Windows XP, Windows 2000, and Windows Millennium. | | • | It is available for download as a stand-alone technology in its own right | | • | It is either included in or installed by a number of other products and technologies. For instance, MDAC is included in the Windows NT® 4.0 Option Pack, and some MDAC components are present as part of Internet Explorer even if MDAC itself is not installed. |
MDAC provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. One of the MDAC components, known as Remote Data Services (RDS), provides functionality that support three-tiered architectures - that is, architectures in which a client's requests for service from a back-end database are intermediated through a web site that applies business logic to them. A security vulnerability is present in the RDS implementation, specifically, in a function called the RDS Data Stub, whose purpose it is to parse incoming HTTP requests and generate RDS commands.
A security vulnerability resulting from an unchecked buffer in the Data Stub affects versions of MDAC prior to version 2.7 (the version that shipped with Windows XP). By sending a specially malformed HTTP request to the Data Stub, an attacker could cause data of his or her choice to overrun onto the heap. Although heap overruns are typically more difficult to exploit than the more-common stack overrun, Microsoft has confirmed that in this case it would be possible to exploit the vulnerability to run code of the attacker's choice on the user's system.
Both web servers and web clients are at risk from the vulnerability: | • | Web servers are at risk if a vulnerable version of MDAC is installed and running on the server. To exploit the vulnerability against such a web server, an attacker would need to establish a connection with the server and then send a specially malformed HTTP request to it, that would have the effect of overrunning the buffer with the attacker's chosen data. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context) | | • | Web clients are at risk in almost every case, as the RDS Data Stub is included with all current versions of Internet Explorer and there is no option to disable it. To exploit the vulnerability against a client, an attacker would need to host a web page that, when opened, would send an HTTP reply to the user's system and overrun the buffer with the attacker's chosen data. The web page could be hosted on a web site or sent directly to users as an HTML Mail. The code would run in the security context of the user. |
Clearly, this vulnerability is very serious, and Microsoft recommends that all customers whose systems could be affected by them take appropriate action immediately. | • | Customers using Windows XP, or who have installed MDAC 2.7 on their systems are at no risk and do not need to take any action. | | • | Web server administrators who are running an affected version of MDAC should either install the patch, disable MDAC and/or RDS, or upgrade to MDAC 2.7, which is not affected by the vulnerability. | | • | Web client users who are running an affected version of MDAC should install the patch immediately on any system that is used for web browsing. It is important to stress that the latter guidance applies to any system used for web browsing, regardless of any other protective measures that have already been taken. For instance, a web server on which RDS had been disabled would still need the patch if it was occasionally used as a web client. |
Before deploying the patch, customers should familiarize themselves with the caveats discussed in the FAQ and in the Caveats section below.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS02-063 |
Title:
Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834) |
Update Type:
Security Update |
Severity:
Critical |
| Windows 2000 and Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, and Windows ME.
A security vulnerability results in the Windows 2000 and Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain and tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory and cause the system to fail, disrupting any work in progress on the system.
The vulnerability could be exploited against any server that offers PPTP. If a workstation had been configured to operate as a RAS server offering PPTP services, it could likewise be attacked. Workstations acting as PPTP clients could only be attacked during active PPTP sessions. Normal operation on any attacked system could be restored by restarting the system.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS02-062 |
Title:
Cumulative Patch for Internet Information Service (Q327696) |
Update Type:
Security Update |
Severity:
Moderate |
This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 and 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch". Before applying the patch, system administrators should take note of the caveats discussed in the same section.
In addition to including previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and/or 5.1: | • | A privilege elevation vulnerability affecting the way ISAPIs are launched when an IIS 4.0, 5.0 or 5.1 server is configured to run them out of process. By design, the hosting process (dllhost.exe) should run only in the security context of the IWAM_computername account; however, it can actually be made to acquire LocalSystem privileges under certain circumstances, thereby enabling an ISAPI to do likewise. | | • | A denial of service vulnerability that results because of a flaw in the way IIS 5.0 and 5.1 allocate memory for WebDAV requests. If a WebDAV request were malformed in a particular way, IIS would allocate an extremely large amount of memory on the server. By sending several such requests, an attacker could cause the server to fail. | | • | A vulnerability involving the operation of the script source access permission in IIS 5.0. This permission operates in addition to the normal read/write permissions for a virtual directory, and regulates whether scripts, .ASP files and executable file types can be uploaded to a write-enabled virtual directory. A typographical error in the table that defines the file types subject to this permission has the effect of omitting .COM files from the list of files subject to the permission. As a result, a user would need only write access to upload such a file. | | • | A pair of Cross-Site Scripting (CSS) vulnerabilities affecting IIS 4.0, 5.0 and 5.1, and involving administrative web page. Each of these vulnerabilities have the same scope and effect: an attacker who was able to lure a user into clicking a link on his web site could relay a request containing script to a third-party web site running IIS, thereby causing the third-party site's response (still including the script) to be sent to the user. The script would then render using the security settings of the third-party site rather than the attacker's. |
In addition, the patch causes 5.0 and 5.1 to change how frequently the socket backlog list - which, when all connections on a server are allocated, holds the list of pending connection requests - is purged. The patch changes IIS to purge the list more frequently in order to make it more resilient to flooding attacks. The backlog monitoring feature is not present in IIS 4.0.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS02-060 |
Title:
Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940) |
Update Type:
Security Update |
Severity:
Moderate |
| Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance.
A security vulnerability is present in the Windows XP version of Help and Support Center, and results because a file intended only for use by the system is instead available for use by any web page. The purpose of the file is to enable anonymous upload of hardware information, with the user's permission, so that Microsoft can evaluate which devices users are not currently finding device drivers for. This information is then used to work with hardware vendors and device teams to improve the quality and quantity of drivers available in Windows. By design, after attempting to upload an XML file containing the hardware information, the system deletes it.
An attacker could exploit the vulnerability by constructing a web page that, when opened, would call the errant function and supply the name of an existing file or folder as the argument. The attempt to upload the file or folder would fail, but the file nevertheless would be deleted. The page could be hosted on a web site in order to attack users visiting the site, or could be sent as an HTML mail in order to attack the recipient when it was opened.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-058 |
Title:
Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676) |
Update Type:
Unknown Type |
Severity:
Critical |
| To allow for verification of the authenticity of mail messages, Microsoft Outlook Express supports digital signing of messages through S/MIME. A buffer overrun vulnerability lies in the code that generates the warning message when a particular error condition associated with digital signatures occurs.
By creating a digitally signed email and editing it to introduce specific data, then sending it to another user, an attacker could cause either of two effects to occur if the recipient opened or previewed it. In the less serious case, the attacker could cause the mail client to fail. If this happened, the recipient could resume normal operation by restarting the mail client and deleting the offending mail. In the more serious case, the attacker could cause the mail client to run code of their choice on the user's machine. Such code could take any desired action, limited only by the permissions of the recipient on the machine.
This vulnerability could only affect messages that are signed using S/MIME and sent to an Outlook Express user. Users of Microsoft Outlook products are not affected by this vulnerability.
|
Applies to:
|
Bulletin ID:
MS02-055 |
Title:
Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255) |
Update Type:
Unknown Type |
Severity:
Critical |
| The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker's site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.
A second vulnerability exists because of flaws associated with the handling of compiled HTML Help (.chm) files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a web page or HTML mail delivers a .chm file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the .chm file in the correct zone - the one associated with the web page or HTML mail that delivered it - the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn't consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.
The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a .chm file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.
Before deploying the patch, customers should familiarize themselves with the caveats discussed in the FAQ and in the Caveats section below.
|
Applies to:
|
Bulletin ID:
MS02-054 |
Title:
Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048) |
Update Type:
Security Update |
Severity:
Moderate |
Zipped files (files having a .zip extension) provide a means to store information in a way that uses less space on a hard disk. This is accomplished by compressing the files that are put into in the zipped file. On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature allows zipped files to be treated as folders. The Compressed Folders feature can be used to create, add files to, and extract files from zipped files.
Two vulnerabilities exist in the Compressed Folders function: | • | An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file. A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file could possibly result in Windows Explorer failing, or in code of the attacker's choice being run. | | • | The decompression function could place a file in a directory that was not the same as, or a child of, the target directory specified by the user as where the decompressed zip files should be placed. This could allow an attacker to put a file in a known location on the users system, such as placing a program in a startup directory |
|
Applies to:
Windows XP |
Bulletin ID:
MS02-053 |
Title:
Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096) |
Update Type:
Security Update |
Severity:
Critical |
| The SmartHTML Interpreter (shtml.dll) is part of the FrontPage Server Extensions (FPSE) and Microsoft SharePoint Team Services, and provides support for web forms and other FrontPage-based dynamic content. The interpreter contains a flaw that could be exposed when processing a request for a particular type of web file, if the request had certain specific characteristics. This flaw affects the two versions of FrontPage Server Extensions differently. On FrontPage Server Extensions 2000, such a request would cause the interpreter to consume most or all CPU availability until the web service was restarted. An attacker could use this vulnerability to conduct a denial of service attack against an affected web server. On FrontPage Server Extensions 2002 and SharePoint Team Services 2002, the same type of request could cause a buffer overrun, potentially allowing an attacker to run code of his choice.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-051 |
Title:
Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380) |
Update Type:
Security Update |
Severity:
Moderate |
| The Remote Data Protocol (RDP) provides the means by which Windows systems can provide remote terminal sessions to clients. The protocol transmits information regarding a terminal sessions' keyboard, mouse and video to the remote client, and is used by Terminal Services in Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP. Two security vulnerabilities, both of which are eliminated by this patch, have been discovered in various RDP implementations.
The first involves how session encryption is implemented in certain versions of RDP. All RDP implementations allow the data in an RDP session to be encrypted. However, in the versions in Windows 2000 and Windows XP, the checksums of the plaintext session data are sent without being encrypted themselves. An attacker who was able to eavesdrop on and record an RDP session could conduct a straightforward cryptanalytic attack against the checksums and recover the session traffic.
The second involves how the RDP implementation in Windows XP handles data packets that are malformed in a particular way. Upon receiving such packets, the Remote Desktop service would fail, and with it would fail the operating system. It would not be necessary for an attacker to authenticate to an affected system in order to deliver packets of this type to an affected system.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS02-050 |
Title:
Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) |
Update Type:
Security Update |
Severity:
Important |
The original version of this bulletin was released on 05 September 2002.
Microsoft re-issued this security bulletin on November 11, 2003 to advise on the availability of an updated Microsoft Windows 2000 Service Pack 4 (SP4) security patch. This revised security patch corrects a regression that may occur during the installation of Microsoft Internet Explorer 6.0 Service Pack 1 on Windows 2000 SP4. This regression removes the update that is discussed in this bulletin and that is provided as part of Windows 2000 SP4. Customers who are using Windows 2000 SP4 and then installed Internet Explorer 6.0 Service Pack 1 should apply the updated Windows 2000 SP4 security patch to help protect from this vulnerability.
On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability.
The IETF Profile of the X.509 certificate standard defines several optional fields that can be included in a digital certificate. One of these is the Basic Constraints field, which indicates the maximum allowable length of the certificate's chain and whether the certificate is a Certificate Authority or an end-entity certificate. However, the APIs within CryptoAPI that construct and validate certificate chains (CertGetCertificateChain(), CertVerifyCertificateChainPolicy(), and WinVerifyTrust()) do not check the Basic Constraints field. The same flaw, unrelated to CryptoAPI, is also present in several Microsoft products for Macintosh.
The vulnerability identified in the original version of the bulletin could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks. These are discussed in detail in the FAQ, but could include: | • | Setting up a web site that poses as a different web site, and "proving" its identity by establishing an SSL session as the legitimate web site. | | • | Sending emails signed using a digital certificate that purportedly belongs to a different user. | | • | Spoofing certificate-based authentication systems to gain entry as a highly privileged user. | | • | Digitally signing malware using an Authenticode certificate that claims to have been issued to a company users might trust. |
The newly discovered vulnerability announced on 20 November 2002 is closely related to the one discussed in the original version of the bulletin and, like that vulnerability, involves a flaw in the way certificate validation is performed. However, this vulnerability could enable an attacker to gain control over a user's system. Because a fix for this vulnerability was not included in the original version of the patch, Microsoft strongly recommends that customers install the new patch, even if they installed the original version of the patch. Only Microsoft Windows 98, Windows 98 Second Edition, Windows NT 4.0, and Windows NT 4.0, Terminal Server Edition are affected by this variant.
|
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS02-048 |
Title:
Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172) |
Update Type:
Security Update |
Severity:
Critical |
| All versions of Windows ship with an ActiveX control known as the Certificate Enrollment Control, the purpose of which is to allow web-based certificate enrollments. The control is used to submit PKCS #10 compliant certificate requests, and upon receiving the requested certificate, stores it in the user's local certificate store.
The control contains a flaw that could enable a web page, through an extremely complex process, to invoke the control in a way that would delete certificates on a user's system. An attacker who successfully exploited the vulnerability could corrupt trusted root certificates, EFS encryption certificates, email signing certificates, and any other certificates on the system, thereby preventing the user from using these features.
An attack could be carried out through either of two scenarios. The attacker could create a web page that exploits the vulnerability, and host it on a web site in order to attack users who visited the site. The attacker also could send the page as an HTML mail in order to attack the recipient.
A new version of the control is available that corrects the vulnerability, and can be installed via the patch. A patch is available for all other Windows systems, as discussed in the Patch Availability section below. Internet Explorer 5 or later is a prerequisite to installing the patch. As discussed in the Caveats section, customers who operate web sites that use the Certificate Enrollment Control will need to make minor revisions to their web applications in order to use the new control. Microsoft Knowledge Base article Q323172 details how to do this.
In addition, the patch addresses a similar, but less serious vulnerability discovered in the SmartCard Enrollment control. This control ships with Windows 2000 and Windows XP. A new version of this control is also provided.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-045 |
Title:
Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830) |
Update Type:
Security Update |
Severity:
Moderate |
| SMB (Server Message Block) is the protocol Microsoft uses to share files, printers, serial ports, and also to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources and servers make SMB responses in what described as a client server, request-response protocol.
By sending a specially crafted packet request, an attacker can mount a denial of service attack on the target server machine and crash the system. The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible to execute arbitrary code.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS02-042 |
Title:
Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886) |
Update Type:
Security Update |
Severity:
Critical |
| The Network Connection Manager (NCM) provides a controlling mechanism for all network connections managed by a host system. Among the functions of the NCM is to call a handler routine whenever a network connection has been established.
By design, this handler routine should run in the security context of the user. However, a flaw could make it possible for an unprivileged user to cause the handler routine to run in the security context of LocalSystem, though a very complex process. An attacker who exploited this flaw could specify code of his or her choice as the handler, then establish a network connection in order to cause that code to be invoked by the NCM. The code would then run with full system privileges.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS02-032 |
Title:
26 June 2002 Cumulative Patch for Windows Media Player (Q320920) |
Update Type:
Security Update |
Severity:
Critical |
On June 26, 2002, Microsoft released the original version of this bulletin, which described the patch it provided as being cumulative. We subsequently discovered that a file had been inadvertently omitted from the patch. While the omission had no effect on the effectiveness of the patch against the new vulnerabilities discussed below, it did mean that the patch was not cumulative. Specifically, the original patch did not include all of the fixes discussed in Microsoft Security Bulletin MS01-056. We have repackaged the patch to include the file and are re-releasing it to ensure that it truly is cumulative.
If you applied the patch delivered in Microsoft Security Bulletin MS01-056 and the one that was distributed with the original version of this bulletin, you're fully protected against all known vulnerabilities in Windows Media Player and don't need to take any action. Otherwise, we recommend that you apply the new version of the patch provided below.
The patch includes the functionality of all previously released patches for Windows Media Player 6.4, 7.1 and Windows Media Player for Windows XP. In addition, it eliminates the following three newly discovered vulnerabilities one of which is rated as critical severity, one of which is rated moderate severity, and the last of which is rated low severity: | • | An information disclosure vulnerability that could provide the means to enable an attacker to run code on the user's system and is rated as critical severity. | | • | A privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system. | | • | A script execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page. This particular vulnerability has specific timing requirements that makes attempts to exploit vulnerability difficult and is rated as low severity. |
It also introduces a configuration change relating to file extensions associated with Windows Media Player. Finally, it introduces a new, optional, security configuration feature for users or organizations that want to take extra precautions beyond applying IE patch MS02-023 and want to disable scripting functionality in the Windows Media Player for versions 7.x or higher.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-029 |
Title:
Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138) |
Update Type:
Security Update |
Severity:
Critical |
| On June 12, 2002, Microsoft released the original version of this bulletin. On July 2, 2002, the bulletin was updated to reflect the availability of a revised patch. Although the original patch completely eliminated the vulnerability, it had the side effect of preventing non-administrative users from making VPN connections in some cases. The revised patch correctly handles VPN connections. The revised patch is immediately available from the Download Center and will be soon made available via WindowsUpdate.
The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000 and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems.
A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-024 |
Title:
Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206) |
Update Type:
Security Update |
Severity:
Critical |
| The Windows debugging facility provides a means for programs to perform diagnostic and analytic functions on applications as they are running on the operating system. One of these capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs. These commands would then execute in the same security context as the controlled program.
There is a flaw in the authentication mechanism for the debugging facility such that an unauthorized program can gain access to the debugger. A vulnerability results because an attacker can use this to cause a running program to run a program of her choice. Because many programs run as the operating system, this means that an attacker can exploit this vulnerability to run code as the operating system itself. She could take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.
A successful attack requires the ability to logon interactively to the system, either at the console or through a terminal session. Also, an a successful attack requires the introduction of code to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS02-017 |
Title:
Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967) |
Update Type:
Security Update |
Severity:
Moderate |
| The Multiple UNC Provider (MUP) is a Windows service that assists in locating network resources that are identified via UNC (uniform naming convention). The MUP receives commands containing UNC names from applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.
When MUP receives a file request, it allocates a buffer in which to store it. There is proper input checking in this first buffer. However, MUP stores another copy of the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-012 |
Title:
Malformed Data Transfer Request can Cause Windows SMTP Service to Fail |
Update Type:
Unknown Type |
Severity:
Low |
| An SMTP service installs by default as part of Windows 2000 server products. Exchange 2000, which can only be installed on Windows 2000, uses the native Windows 2000 SMTP service rather than providing its own. In addition, Windows 2000 and Windows XP workstation products provide an SMTP service that is not installed by default. All of these implementations contain a flaw that could enable denial of service attacks to be mounted against the service.
The flaw involves how the service handles a particular type of SMTP command used to transfer the data that constitutes an incoming mail. By sending a malformed version of this command, an attacker could cause the SMTP service to fail. This would have the effect of disrupting mail services on the affected system, but would not cause the operating system itself to fail.
|
Applies to:
|
Bulletin ID:
MS02-009 |
Title:
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files |
Update Type:
Security Update |
Severity:
Critical |
| Frames are used in Internet Explorer to provide for a fuller browsing experience. By design, scripts in the frame of one site or domain should be prohibited from accessing the content of frames in another site or domain. However, a flaw exists in how VBScript is handled in IE relating to validating cross-domain access. This flaw can allow scripts of one domain to access the contents of another domain in a frame.
A malicious user could exploit this vulnerability by using scripting to extract the contents of frames in other domains, then sending that content back to their web site. This would enable the attacker to view files on the user's local machine or capture the contents of third-party web sites the user visited after leaving the attacker's site. The latter scenario could, in the worst case, enable the attacker to learn personal information like user names, passwords, or credit card information.
In both cases, the user would either have to go to a site under the attacker's control or view an HTML email sent by the attacker. In addition, the attacker would have to know the exact name and location of any files on the user's system. Further, the attacker could only gain access to files that can be displayed in a browser window, such as text files, HTML files, or image files.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS02-008 |
Title:
XMLHTTP Control Can Allow Access to Local Files |
Update Type:
Security Update |
Severity:
Critical |
| Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web pages so they can only use the control to request data from remote data sources.
A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and specify a data source that is on the user's local system. The attacker could then use this to return information from the local system to the attacker's web site.
An attacker would have to entice the user to a site under his control to exploit this vulnerability. It cannot be exploited by HTML email. In addition, the attacker would have to know the full path and file name of any file he would attempt to read. Finally, this vulnerability does not give an attacker any ability to add, change or delete data.
|
Applies to:
Windows XP |
Bulletin ID:
MS02-006 |
Title:
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run |
Update Type:
Security Update |
Severity:
Moderate |
| On February 12 2002, Microsoft released the original version of this bulletin. In it, we detailed a work-around procedure that customers could implement to protect themselves against a publicly disclosed vulnerability. An updated version of this bulletin was released on February 15, 2002, to announce the availability of the patch for Windows 2000 and Windows XP and to advise customers that the work-around procedure is no longer needed on those platforms. Patches for additional platforms are forthcoming and this bulletin will be re-released to annouce their availability.
On March 5, 2002, Microsoft released an updated version of the bulletin annoucing the availability of a patch for Windows NT 4.0 and to advise customers that the work-around procedure is no longer needed for that platform. Patches for additional platforms are forthcoming and this bulletin will be re-released to annouce their availability.
On March 11, 2002, Microsoft released an updated version of the bulletin annoucing the availability of a patch for Windows NT 4.0 Terminal Server Edition and to advise customers that the work-around procedure is no longer needed for that platform. Patches for additional platforms are forthcoming and this bulletin will be re-released to annouce their availability.
On March 14, 2002, Microsoft discovered that the English and German patches for Windows NT 4.0 Terminal Server Edition contained incorrect files. We have corrected this error and posted updates versions of this patch for these languages. We recommend that customers who have downloaded the Windows NT 4.0 Terminal Server Edition patch in English or German prior to March 14, 2002 install the updated version. Customers who have installed the Windows NT 4.0 Terminal Server Edition patches in any language other than English or German do not need to take any action: these patches do not contain the error.
On April 26, 2002, Microsoft released an updated version of the bulletin annoucing the availability of a patch for Windows 98 and Windows 98SE and to advise customers that the work-around procedure is no longer needed for that platform.
Simple Network Management Protocol (SNMP) is an Internet standard protocol for managing disparate network devices such as firewalls, computers, and routers. All versions of Windows except Windows ME provide an SNMP implementation, which is neither installed nor running by default in any version.
A buffer overrun is present in all implementations. By sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause a denial of service. In addition, it is possible that he could cause code to run on the system in LocalSystem context. This could potentially give the attacker the ability to take any desired action on the system.
|
Applies to:
Windows XP |
Bulletin ID:
MS01-059 |
Title:
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise |
Update Type:
Security Update |
Severity:
Critical |
Universal Plug and Play (UPnP) allows computers to discover and use network-based devices. Windows ME and XP include native UPnP support; Windows 98 and 98SE do not include native UPnP support, but it can be installed via the Internet Connection Sharing client that ships with Windows XP. This bulletin discusses two vulnerabilities affecting these UPnP implementations. Although the vulnerabilities are unrelated, both involve how UPnP-capable computers handle the discovery of new devices on the network.
The first vulnerability is a buffer overrun vulnerability. There is an unchecked buffer in one of the components that handle NOTIFY directives - messages that advertise the availability of UPnP-capable devices on the network. By sending a specially malformed NOTIFY directive, it would be possible for an attacker to cause code to run in the context of the UPnP subsystem, which runs with System privileges on Windows XP. (On Windows 98 and Windows ME, all code executes as part of the operating system). This would enable the attacker to gain complete control over the system.
The second vulnerability results because the UPnP implementations don't sufficiently limit the steps to which they will go to obtain information on using a newly discovered device. Within the NOTIFY directive that a new UPnP device sends is information telling interested computers where to obtain its device description, which lists the services the device offers and instructions for using them. By design, the device description may reside on a third-party server rather than on the device itself. However, the UPnP implementations don't adequately regulate how it performs this operation, and this gives rise to two different denial of service scenarios: | • | An attacker could send a NOTIFY directive to a UPnP-capable computer, specifying that the device description should be downloaded from a particular port on a particular server. If the server was configured to simply echo the download requests back to the UPnP service (e.g., by having the echo service running on the port that the computer was directed to), the computer could be made to enter an endless download cycle that could consume some or all of the system's availability. An attacker could craft and send this directive to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines within earshot, consuming some or all of those systems' availability. | | • | An attacker could specify a third-party server as the host for the device description in the NOTIFY directive. If enough machines responded to the directive, it could have the effect of flooding the third-party server with bogus requests, in a distributed denial of service attack. As with the first scenario, an attacker could either send the directives to the victim directly, or to a broadcast or multicast domain. |
System administrators should be aware that the patch introduces new functionality that enables them to tailor how patched systems undertake device discovery. As discussed in Microsoft Knowledge Base article Q315056, the patch introduces the ability to configure the UPnP service to download device descriptions only from the local subnet, the subnet or private network, the private network only, or from any IP address. By default, patched systems will only check the subnet or private network for device descriptions.
Customers who cannot install the patch can protect their systems by disabling UPnP support, as discussed in the FAQ.
|
Applies to:
Windows XP |
Bulletin ID:
919004 |
Title:
Windows Server Update Services Service Pack 1 |
Update Type:
Unknown Type |
Severity:
N/A |
| Windows Server Update Services Service Pack 1. Also contains information that you may want to consider in an upgrade scenario. |
Applies to:
|
Bulletin ID:
917347 |
Title:
Update for Word 2002: July 11, 2006 |
Update Type:
Critical Update |
Severity:
|
| This update for Microsoft Word 2002 provides the framework for a compatibility pack to open and save files using the Open XML file format that is new to the 2007 Microsoft Office system. |
Applies to:
Office 2002/XP |
Bulletin ID:
917153 |
Title:
Update for PowerPoint 2002: July 11, 2006 |
Update Type:
Critical Update |
Severity:
|
| This update for Microsoft PowerPoint 2002 provides the framework for a compatibility pack to open and save files using the Open XML file format that is new to the 2007 Microsoft Office system. |
Applies to:
Office 2002/XP |
Bulletin ID:
913807 |
Title:
Update for Outlook 2003: March 14, 2006 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for Microsoft Office Outlook 2003. This update corrects a problem that may occur when you programmatically use the CreateItemFromTemplate method to create a form. This update also includes other fixes for Outlook... |
Applies to:
Office 2003 |
Bulletin ID:
913571 |
Title:
Updates for Office 2003: March 14, 2006 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released updates to the spelling checker for Microsoft Office 2003. These updates improve how Office 2003 programs find and correct errors in Dutch language documents. |
Applies to:
Office 2003 |
Bulletin ID:
913090 |
Title:
SQL Server 2005 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2005 Service Pack 1 |
Applies to:
SQL Server 2005 |
Bulletin ID:
912440 |
Title:
Description of the update for Office 2003 Alternative User Input: May 9, 2006 |
Update Type:
Service Pack |
Severity:
|
| The update for Office 2003 Alternative User Input (KB912440) updates the framework which is used to support advanced text services in Office 2003. |
Applies to:
Office 2003 |
Bulletin ID:
907747 |
Title:
Update for Intelligent Message Filter for Exchange Server 2003 |
Update Type:
Update Rollup |
Severity:
|
| Update for Intelligent Message Filter for Exchange Server 2003 |
Applies to:
Exchange Server 2003 |
Bulletin ID:
903676 |
Title:
Microsoft Internet Security and Acceleration Server 2004 Service Pack (SP2). |
Update Type:
Unknown Type |
Severity:
N/A |
| Microsoft Internet Security and Acceleration Server 2004 Service Pack (SP2). |
Applies to:
|
Bulletin ID:
902963 |
Title:
Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
Update Type:
Service Pack |
Severity:
|
| Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 provides the latest updates to Microsoft Office Outlook 2003 with Business Contact Manager Update and to Microsoft Office Small Business... |
Applies to:
Office 2003 |
Bulletin ID:
902848 |
Title:
Outlook Live 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Outlook Live 2003 Service Pack 2 provides the latest updates to Microsoft Outlook Live 2003. |
Applies to:
Office 2003 |
Bulletin ID:
891861 |
Title:
Update Rollup 1 for Windows 2000 SP4 and known issues |
Update Type:
Update Rollup |
Severity:
|
| Provides detailed information about Update Rollup 1 for Windows 2000 SP4, answers frequently asked questions about this update rollup, and lists the fixes that are included in this update rollup. |
Applies to:
Windows 2000 |
Bulletin ID:
890830 |
Title:
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000 |
Update Type:
Update Rollup |
Severity:
|
| Discusses the release of the Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows Internet Explorer 8 Dynamic Installer
Windows Internet Explorer 7.0 Dynamic Installer
Windows 2000
Windows XP |
Bulletin ID:
889101 |
Title:
Release notes for Windows Server 2003 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Includes the release notes for Windows Server 2003 Service Pack 1. |
Applies to:
Windows Server 2003 |
Bulletin ID:
887624 |
Title:
Description of Windows SharePoint Services Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services Service Pack 2 provides the latest updates to Windows SharePoint Services. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
887622 |
Title:
Description of Visio 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Describes the issues that are fixed in Microsoft Office Visio 2003 by Microsoft Office Visio 2003 Service Pack 2. |
Applies to:
Office 2003 |
Bulletin ID:
887620 |
Title:
Description of Project 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Project 2003 Service Pack 2 (SP2) provides the latest updates to Project 2003. |
Applies to:
Office 2003 |
Bulletin ID:
887619 |
Title:
Description of OneNote 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| OneNote 2003 Service Pack 2 provides the latest updates to Microsoft Office OneNote 2003. |
Applies to:
Office 2003 |
Bulletin ID:
887618 |
Title:
Description of Office 2003 Service Pack 2 for Proofing Tools |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office 2003 Service Pack 2 for Proofing Tools makes sure that Microsoft Office 2003 performs with complete functionality when you use an Office 2003 Proofing Tools. |
Applies to:
Office 2003 |
Bulletin ID:
887616 |
Title:
Description of Office 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Office 2003 Service Pack 2 provides the latest updates to Microsoft Office 2003. |
Applies to:
Office 2003 |
Bulletin ID:
870540 |
Title:
Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup |
Update Type:
Update |
Severity:
|
| Describes the August 2004 Exchange 2000 Server Post-SP3 Update Rollup. This update rollup is a prerequisite for all Exchange 2000 hotfixes that are created after June 29, 2004. |
Applies to:
Exchange 2000 Server |
Bulletin ID:
867461 |
Title:
List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Includes information about the bugs that are fixed in the .NET Framework 1.0 SP3. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008 |
Bulletin ID:
867460 |
Title:
List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1 (SP1) |
Update Type:
Service Pack |
Severity:
|
| Lists the bugs that are fixed in the .NET Framework 1.1 Service Pack 1 (SP1). |
Applies to:
Windows 2000
Windows XP
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
843188 |
Title:
Description of Office 2003 Service Pack 1 for Proofing Tools |
Update Type:
Service Pack |
Severity:
|
| Explains that the Office 2003 Service Pack 1 for Proofing Tools ensures that Office 2003 performs with complete functionality when you use the Office 2003 Proofing Tools. |
Applies to:
Office 2003 |
Bulletin ID:
842774 |
Title:
Description of OneNote 2003 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| OneNote 2003 Service Pack 1 (SP1) provides the latest updates to Microsoft Office OneNote 2003. OneNote 2003 SP1 contains new features and significant security enhancements, in addition to stability and performance improvements. |
Applies to:
Office 2003 |
Bulletin ID:
842532 |
Title:
Description of Office 2003 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office 2003 Service Pack 1 (SP1) provides the latest updates to Microsoft Office 2003. Office 2003 SP1 contains significant security enhancements and stability and performance improvements. |
Applies to:
Office 2003 |
Bulletin ID:
841876 |
Title:
Description of Windows SharePoint Services Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Describes the issues that are fixed in Windows SharePoint Services Service Pack 1. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
840663 |
Title:
Description of Visio 2003 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Describes the issues that are fixed in Visio 2003 SP1. |
Applies to:
Office 2003 |
Bulletin ID:
837240 |
Title:
Description of Project 2003 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Lists the issues that are fixed in Project 2003 Service Pack 1. |
Applies to:
Office 2003 |
Bulletin ID:
834693 |
Title:
Description of Office XP Service Pack 3 for Access 2002 Runtime |
Update Type:
Service Pack |
Severity:
|
| Provides an overview of the latest updates to Access 2002 Runtime and explains how to download and install it. Before you install this update, install Windows Installer 2.0 or a later version and you must have Microsoft Access 2002 Run-time... |
Applies to:
Office 2002/XP |
Bulletin ID:
832671 |
Title:
Description of Microsoft Office XP Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Describes how to obtain and install Office XP Service Pack 3 (SP3) in addition to the issues that are fixed in this service pack. |
Applies to:
Office 2002/XP |
Bulletin ID:
830242 |
Title:
Description of Visio 2002 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Describes the issues that are fixed in Visio 2002 Service Pack 2 (SP2). |
Applies to:
Office 2002/XP |
Bulletin ID:
830241 |
Title:
Description of Microsoft Project 2002 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Lists the issues that are fixed in Microsoft Project 2002 Service Pack 1. Explains how to download and install the client and administrative update and how to determine whether the update is installed. |
Applies to:
Office 2002/XP |
Bulletin ID:
826939 |
Title:
Help and Support |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released Update Rollup 1 for Microsoft Windows XP. An update rollup is a cumulative set of hotfixes, security patches, critical updates, and updates that are packaged together for easy deployment. Update Rollup 1 for Windows XP is a... |
Applies to:
Windows XP |
Bulletin ID:
811113 |
Title:
List of fixes included in Windows XP Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Primarily intended for IT Professionals, this article lists the fixes that are included in Windows XP Service Pack 2. |
Applies to:
Windows XP |
Bulletin ID:
321884 |
Title:
INFO: List of Bugs Fixed in Microsoft .NET Framework Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| This article provides information about the bugs that are fixed in Microsoft .NET Framework Service Pack 2 (SP2). Service packs are cumulative. Therefore, bugs that are fixed in one service pack are also fixed in service packs thereafter. For... |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
899456 |
Title:
Release manifest for MDAC 2.8 Service Pack 1 (2.81.1117.6) |
Update Type:
Service Pack |
Severity:
|
| Contains release information for MDAC 2.8 Service Pack 1. |
Applies to:
MDAC 2.8 |
Bulletin ID:
884525 |
Title:
Additions to the SQL Server 2000 Service Pack 4 readme files |
Update Type:
Service Pack |
Severity:
|
| Describes late-breaking changes in SQL Server 2000 Service Pack 4 (SP4) that are not documented in the readme files. |
Applies to:
SQL Server 2000 |
Bulletin ID:
842262 |
Title:
Release manifest for the MDAC 2.7 Service Pack 1 Refresh (2.71.9040.2) |
Update Type:
Service Pack |
Severity:
|
| Provides release information about the MDAC 2.7 Service Pack 1 Refresh (2.71.9040.2). Lists the frequently asked questions about this refresh and the known issues with this refresh. Lists all the files that are included with this refresh. |
Applies to:
MDAC 2.7 |
| | |
