|
| Bulletin ID |
Title |
| MS09-027 |
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) |
| MS09-026 |
Vulnerability in RPC Could Allow Elevation of Privilege (970238) |
| MS09-025 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) |
| MS09-024 |
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) |
| MS09-023 |
Vulnerability in Windows Search Could Allow Information Disclosure (963093) |
| MS09-022 |
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
| MS09-021 |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) |
| MS09-020 |
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) |
| MS09-019 |
Cumulative Security Update for Internet Explorer (969897) |
| MS09-018 |
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
| 948465 |
Windows Vista SP2 and Windows Server 2008 SP2 |
| MS09-017 |
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) |
| 968369 |
SQL Server 2008 Service Pack 1 |
| 960911 |
Windows Small Business Server 2008 Update Rollup 2 |
| 957324 |
Office 2007 Service Pack 2 - Business Contact Manager |
| 957262 |
Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components |
| 953338 |
Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2) |
| 953336 |
Excel Viewer 2007 Service Pack 2 |
| 953335 |
Visio Viewer 2007 Service Pack 2 |
| 953334 |
Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2 |
| 953332 |
PowerPoint Viewer 2007 Service Pack 2 |
| 953331 |
Office Compatibility Pack Service Pack 2 |
| 953329 |
Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
| 953195 |
Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2 |
| MS09-016 |
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) |
| MS09-015 |
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
| MS09-014 |
Cumulative Security Update for Internet Explorer (963027) |
| MS09-013 |
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
| MS09-012 |
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
| MS09-011 |
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) |
| MS09-010 |
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
| MS09-009 |
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) |
| 960384 |
Update Rollup for Exchange Server 2007 Service Pack 1 |
| MS09-008 |
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) |
| MS09-007 |
Vulnerability in SChannel Could Allow Spoofing (960225) |
| MS09-006 |
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
| 960353 |
Update for Microsoft Silverlight, February 18, 2009 |
| 959057 |
Microsoft Office Accounting 2009 Service Pack 1 |
| MS09-005 |
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) |
| MS09-004 |
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) |
| MS09-003 |
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) |
| MS09-002 |
Cumulative Security Update for Internet Explorer (961260) |
| 960715 |
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
| 958715 |
Windows Small Business Server 2008 Update Rollup 1 |
| 955706 |
SQL Server 2005 Service Pack 3 |
| 951847 |
.NET Framework 3.5 Service Pack 1 |
| MS09-001 |
Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
| MS08-078 |
Security Update for Internet Explorer (960714) |
| MS08-077 |
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
| MS08-076 |
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
| MS08-075 |
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
| MS08-074 |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
| MS08-073 |
Cumulative Security Update for Internet Explorer (958215) |
| MS08-072 |
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
| MS08-071 |
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
| MS08-070 |
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
| 957388 |
December 2008 Windows Vista and Windows Server 2008 Application Compatibility Update |
| 953467 |
Update Rollup 5 for Exchange Server 2007 Service Pack 1
|
| MS08-069 |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
| MS08-068 |
Vulnerability in SMB Could Allow Remote Code Execution (957097) |
| MS08-067 |
Vulnerability in Server Service Could Allow Remote Code Execution (958644) |
| 957938 |
Update for Silverlight: October 20, 2008 |
| MS08-066 |
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) |
| MS08-065 |
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) |
| MS08-064 |
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) |
| MS08-063 |
Vulnerability in SMB Could Allow Remote Code Execution (957095) |
| MS08-062 |
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) |
| MS08-061 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) |
| MS08-060 |
Vulnerability in Active Directory Could Allow Remote Code Execution (957280) |
| MS08-059 |
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
| MS08-058 |
Cumulative Security Update for Internet Explorer (956390) |
| MS08-057 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) |
| MS08-056 |
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) |
| 956391 |
Cumulative Security Update of ActiveX Kill Bits |
| MS08-055 |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
| MS08-054 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) |
| MS08-053 |
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) |
| MS08-052 |
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) |
| 955305 |
Update for Silverlight 1.0: July 23, 2008 |
| 951951 |
Forefront Client Security Service Pack 1 |
| MS08-051 |
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
| MS08-050 |
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
| MS08-049 |
Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
| MS08-048 |
Security Update for Outlook Express and Windows Mail (951066) |
| MS08-047 |
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
| MS08-046 |
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) |
| MS08-045 |
Cumulative Security Update for Internet Explorer (953838) |
| MS08-044 |
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
| MS08-043 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) |
| MS08-042 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) |
| MS08-041 |
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) |
| 951072 |
August 2008 cumulative time zone update for Microsoft Windows operating systems |
| 943462 |
Internet Security and Acceleration Server 2006 Service Pack 1 |
| MS08-040 |
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) |
| MS08-039 |
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) |
| MS08-038 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) |
| MS08-037 |
Vulnerabilities in DNS Could Allow Spoofing (953230) |
| 953649 |
System Center Configuration Manager Service Pack 1 |
| MS08-036 |
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
| MS08-035 |
Vulnerability in Active Directory Could Allow Denial of Service (953235) |
| MS08-034 |
Vulnerability in WINS Could Allow Elevation of Privilege (948745) |
| MS08-033 |
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) |
| MS08-032 |
Cumulative Security Update of ActiveX Kill Bits (950760) |
| MS08-031 |
Cumulative Security Update for Internet Explorer (950759) |
| MS08-030 |
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) |
| 951532 |
Description of the Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008 |
| 951213 |
Description of the update for Silverlight 1.0: April 4, 2008 |
| MS08-028 |
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) |
| MS08-027 |
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) |
| MS08-026 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) |
| 948016 |
Description of Update Rollup 2 for Exchange Server 2007 Service Pack 1 |
| 936929 |
Windows XP Service Pack 3 |
| 949426 |
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008 |
| 936330 |
Windows Vista Service Pack 1 (SP1) |
| MS08-025 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
| MS08-024 |
Cumulative Security Update for Internet Explorer (947864) |
| MS08-023 |
Security Update of ActiveX Kill Bits (948881) |
| MS08-022 |
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) |
| MS08-021 |
Vulnerabilities in GDI Could Allow Remote Code Execution (948590) |
| MS08-020 |
Vulnerability in DNS Client Could Allow Spoofing (945553) |
| MS08-019 |
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) |
| MS08-018 |
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) |
| 948014 |
Windows Server Update Services 3.0 Service Pack 1 |
| MS08-017 |
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) |
| MS08-016 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) |
| MS08-015 |
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) |
| MS08-014 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) |
| 946140 |
Update for Business Contact Manager for Outlook 2007: February 12, 2008 |
| 945684 |
Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1 |
| 942846 |
Update Rollup 6 for Exchange Server 2007 |
| 941834 |
Microsoft Expression Media Service Pack 1 |
| MS08-013 |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) |
| MS08-012 |
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) |
| MS08-011 |
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) |
| MS08-010 |
Cumulative Security Update for Internet Explorer (944533) |
| MS08-009 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) |
| MS08-008 |
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) |
| MS08-007 |
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) |
| MS08-006 |
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) |
| MS08-005 |
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) |
| MS08-004 |
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) |
| MS08-003 |
Vulnerability in Active Directory Could Allow Denial of Service (946538) |
| 940767 |
Windows Internet Explorer 7 Installation and Availability Update |
| 110806 |
Microsoft .NET Framework 2.0 Service Pack 1 |
| MS08-002 |
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
| MS08-001 |
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) |
| 941652 |
Business Contact Manager for Outlook 2007 Service Pack 1 |
| 940289 |
Office Compatibility Pack Service Pack 1 |
| 937961 |
Office 2003 Web Components Service Pack 1 for the 2007 Office system |
| 937160 |
Visio Viewer 2007 Service Pack 1 |
| 937158 |
PowerPoint Viewer 2007 Service Pack 1 |
| 937157 |
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1 |
| 936988 |
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1 |
| 936984 |
Microsoft Office 2007 servers Service Pack 1 and Microsoft Office 2007 servers Language Pack Service Pack 1 |
| 936982 |
Microsoft Office 2007 suite Service Pack 1 |
| MS07-069 |
Cumulative Security Update for Internet Explorer (942615) |
| MS07-068 |
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) |
| MS07-067 |
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
| MS07-066 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) |
| MS07-065 |
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
| MS07-064 |
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
| MS07-063 |
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) |
| 942840 |
You may experience slow Web browser performance when you view a Web page that uses JScript in Internet Explorer on a Windows Server 2003-based computer or on a Windows XP-based computer |
| 942763 |
December 2007 cumulative time zone update for Microsoft Windows operating systems |
| 929300 |
Microsoft .NET Framework Service Pack 1 for versions 3.0, 2.0, and 1.1 |
| MS07-062 |
Vulnerability in DNS Could Allow Spoofing (941672) |
| MS07-061 |
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
| 941421 |
Update Rollup 5 for Exchange 2007 |
| MS07-060 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) |
| MS07-059 |
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) |
| MS07-058 |
Vulnerability in RPC Could Allow Denial of Service (933729) |
| MS07-057 |
Cumulative Security Update for Internet Explorer (939653) |
| MS07-056 |
Security Update for Outlook Express and Windows Mail (941202) |
| MS07-055 |
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) |
| 940006 |
Update Rollup 4 for Exchange 2007 |
| 935999 |
Update Rollup 3 for Exchange 2007 |
| 934737 |
Excel Viewer 2003 Service Pack 3 |
| 934736 |
Word Viewer 2003 Service Pack 3 |
| 933867 |
Microsoft Systems Management Server 2003 Service Pack 3 |
| 933360 |
August 2007 cumulative time zone update for Microsoft Windows operating systems |
| 923648 |
Outlook Live 2003 Service Pack 3 |
| 923643 |
Windows SharePoint Services Service Pack 3 |
| 923642 |
Office 2003 Service Pack 3 for Proofing Tools |
| 923633 |
OneNote 2003 Service Pack 3 |
| 923622 |
Project 2003 Service Pack 3 |
| 923620 |
Visio 2003 Service Pack 3 |
| 923618 |
Office 2003 Service Pack 3 |
| MS07-053 |
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) |
| MS07-052 |
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) |
| MS07-051 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) |
| MS07-050 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
| MS07-049 |
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
| MS07-048 |
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
| MS07-047 |
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) |
| MS07-046 |
Vulnerability in GDI Could Allow Remote Code Execution (938829) |
| MS07-045 |
Cumulative Security Update for Internet Explorer (937143) |
| MS07-044 |
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) |
| MS07-043 |
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) |
| MS07-042 |
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
| MS07-041 |
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
| MS07-040 |
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) |
| MS07-039 |
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
| MS07-038 |
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
| MS07-037 |
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) |
| MS07-036 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
| MS07-035 |
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) |
| MS07-034 |
Cumulative Security Update for Outlook Express and Windows Mail (929123) |
| MS07-033 |
Cumulative Security Update for Internet Explorer (933566) |
| MS07-032 |
Vulnerability in Windows Vista Could Allow Information Disclosure (931213) |
| MS07-031 |
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
| MS07-030 |
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
| MS07-029 |
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
| MS07-028 |
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
| MS07-027 |
Cumulative Security Update for Internet Explorer (931768) |
| MS07-026 |
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) |
| MS07-025 |
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) |
| MS07-024 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
| MS07-023 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) |
| 933669 |
Update for PowerPoint 2003: May 8, 2007 |
| 924406 |
Microsoft Internet Security and Acceleration Server 2004 Service Pack 3 |
| MS07-022 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
| MS07-021 |
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
| MS07-020 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
| MS07-019 |
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
| MS07-018 |
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) |
| 932726 |
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007. |
| MS07-017 |
Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
| 923435 |
Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003 |
| 914961 |
Windows Server 2003 Service Pack 2 |
| 921896 |
SQL Server 2005 Service Pack 2 |
| MS07-016 |
Cumulative Security Update for Internet Explorer (928090) |
| MS07-015 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
| MS07-014 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
| MS07-013 |
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
| MS07-012 |
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
| MS07-011 |
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
| MS07-009 |
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) |
| MS07-008 |
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
| MS07-007 |
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
| MS07-006 |
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
| MS07-005 |
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) |
| 931836 |
February 2007 cumulative time zone update for Microsoft Windows operating systems |
| 929060 |
Update for PowerPoint 2003: February 13, 2007 |
| 929058 |
Update for Excel 2003: February 13, 2007 |
| 928957 |
Visual Studio 2005 Service Pack 1 release notes |
| MS07-004 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
| MS07-003 |
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
| MS07-002 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) |
| MS07-001 |
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) |
| 924886 |
Update for Office 2003: December 12, 2006 |
| MS06-078 |
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) |
| MS06-077 |
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
| MS06-076 |
Cumulative Security Update for Outlook Express (923694) |
| MS06-075 |
Vulnerability in Windows Could Allow Elevation of Privilege (926255) |
| MS06-074 |
Vulnerability in SNMP Could Allow Remote Code Execution (926247) |
| MS06-073 |
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) |
| MS06-072 |
Cumulative Security Update for Internet Explorer (925454) |
| 899738 |
Systems Management Server 2003 Service Pack 2 |
| 917275 |
Windows Rights Management Services with Service Pack 2 |
| MS06-071 |
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) |
| MS06-070 |
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) |
| MS06-069 |
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) |
| MS06-068 |
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) |
| MS06-067 |
Cumulative Security Update for Internet Explorer (922760) |
| MS06-066 |
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) |
| 926874 |
Windows Internet Explorer 7 |
| MS06-065 |
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496) |
| MS06-064 |
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) |
| MS06-063 |
Vulnerability in Server Service Could Allow Denial of Service (923414) |
| MS06-062 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) |
| MS06-061 |
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
| MS06-060 |
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) |
| MS06-059 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) |
| MS06-058 |
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) |
| MS06-057 |
Vulnerability in Windows Explorer Could Allow Remote Execution (923191) |
| MS06-056 |
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) |
| MS06-055 |
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) |
| MS06-054 |
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) |
| MS06-053 |
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) |
| MS06-052 |
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) |
| MS06-051 |
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) |
| MS06-050 |
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) |
| MS06-049 |
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) |
| MS06-048 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) |
| MS06-047 |
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) |
| MS06-046 |
Vulnerability in HTML Help Could Allow Remote Code Execution (922616) |
| MS06-045 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) |
| MS06-044 |
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) |
| MS06-043 |
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) |
| MS06-042 |
Cumulative Security Update for Internet Explorer (918899) |
| MS06-041 |
Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) |
| MS06-040 |
Vulnerability in Server Service Could Allow Remote Code Execution (921883) |
| 920115 |
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
| MS06-039 |
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) |
| MS06-038 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) |
| MS06-037 |
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285) |
| MS06-036 |
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) |
| MS06-035 |
Vulnerability in Server Service Could Allow Remote Code Execution (917159) |
| MS06-034 |
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) |
| MS06-033 |
Vulnerability in ASP.NET Could Allow Information Disclosure (917283) |
| MS06-032 |
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) |
| MS06-031 |
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736) |
| MS06-030 |
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) |
| MS06-029 |
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) |
| MS06-028 |
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) |
| MS06-027 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) |
| MS06-025 |
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) |
| MS06-024 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) |
| MS06-023 |
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) |
| MS06-022 |
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) |
| MS06-021 |
Cumulative Security Update for Internet Explorer (916281) |
| MS06-020 |
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) |
| MS06-019 |
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) |
| MS06-018 |
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) |
| MS06-017 |
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627) |
| MS06-016 |
Cumulative Security Update for Outlook Express (911567) |
| MS06-015 |
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
| MS06-014 |
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
| MS06-013 |
Cumulative Security Update for Internet Explorer (912812) |
| MS06-012 |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
| MS06-011 |
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) |
| MS06-009 |
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) |
| MS06-008 |
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) |
| MS06-007 |
Vulnerability in TCP/IP Could Allow Denial of Service (913446) |
| MS06-006 |
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) |
| MS06-005 |
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) |
| MS06-004 |
Cumulative Security Update for Internet Explorer (910620) |
| MS06-003 |
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) |
| MS06-002 |
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) |
| MS06-001 |
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) |
| MS05-055 |
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) |
| MS05-054 |
Cumulative Security Update for Internet Explorer (905915) |
| MS05-053 |
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) |
| MS05-052 |
Cumulative Security Update for Internet Explorer (896688) |
| MS05-051 |
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
| MS05-050 |
Vulnerability in DirectShow Could Allow Remote Code Execution (904706) |
| MS05-049 |
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) |
| MS05-048 |
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) |
| MS05-047 |
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) |
| MS05-046 |
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) |
| MS05-045 |
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) |
| MS05-044 |
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) |
| MS05-043 |
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) |
| MS05-042 |
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) |
| MS05-041 |
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) |
| MS05-040 |
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) |
| MS05-039 |
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) |
| MS05-038 |
Cumulative Security Update for Internet Explorer (896727) |
| MS05-037 |
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) |
| MS05-036 |
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
| MS05-035 |
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) |
| MS05-033 |
Vulnerability in Telnet Client Could Allow Information Disclosure (896428) |
| MS05-032 |
Vulnerability in Microsoft Agent Could Allow Spoofing (890046) |
| MS05-031 |
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) |
| MS05-030 |
Vulnerability in Outlook Express Could Allow Remote Code Execution (897715) |
| MS05-028 |
Vulnerability in Web Client Service Could Allow Remote Code Execution (896426) |
| MS05-027 |
Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) |
| MS05-026 |
Vulnerability in HTML Help Could Allow Remote Code Execution (896358) |
| MS05-025 |
Cumulative Security Update for Internet Explorer (883939) |
| MS05-024 |
Vulnerability in Web View Could Allow Remote Code Execution (894320) |
| MS05-023 |
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) |
| MS05-021 |
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) |
| MS05-020 |
Cumulative Security Update for Internet Explorer (890923) |
| MS05-019 |
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) |
| MS05-018 |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) |
| MS05-017 |
Vulnerability in Message Queuing Could Allow Code Execution (892944) |
| MS05-016 |
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) |
| MS05-015 |
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) |
| MS05-014 |
Cumulative Security Update for Internet Explorer (867282) |
| MS05-013 |
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
| MS05-012 |
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
| MS05-011 |
Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) |
| MS05-010 |
Vulnerability in the License Logging Service Could Allow Code Execution (885834) |
| MS05-009 |
Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
| MS05-008 |
Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) |
| MS05-007 |
Vulnerability in Windows Could Allow Information Disclosure (888302) |
| MS05-006 |
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) |
| MS05-005 |
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) |
| MS05-004 |
ASP.NET Path Validation Vulnerability (887219) |
| MS05-003 |
Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250) |
| MS05-002 |
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) |
| MS05-001 |
Vulnerability in HTML Help Could Allow Code Execution (890175) |
| MS04-045 |
Vulnerability in WINS Could Allow Remote Code Execution (870763) |
| MS04-044 |
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) |
| MS04-043 |
Vulnerability in HyperTerminal Could Allow Code Execution (873339) |
| MS04-041 |
Vulnerability in WordPad Could Allow Code Execution (885836) |
| MS04-040 |
Cumulative Security Update for Internet Explorer (889293) |
| MS04-038 |
Cumulative Security Update for Internet Explorer (834707) |
| MS04-037 |
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356) |
| MS04-036 |
Vulnerability in NNTP Could Allow Remote Code Execution (883935) |
| MS04-035 |
Vulnerability in SMTP Could Allow Remote Code Execution (885881) |
| MS04-034 |
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) |
| MS04-032 |
Security Update for Microsoft Windows (840987) |
| MS04-031 |
Vulnerability in NetDDE Could Allow Remote Code Execution (841533) |
| MS04-030 |
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) |
| MS04-028 |
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) |
| MS04-027 |
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) |
| MS04-025 |
Cumulative Security Update for Internet Explorer (867801) |
| MS04-024 |
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) |
| MS04-023 |
Vulnerability in HTML Help Could Allow Code Execution (840315) |
| MS04-022 |
Vulnerability in Task Scheduler Could Allow Code Execution (841873) |
| MS04-020 |
Vulnerability in POSIX Could Allow Code Execution (841872) |
| MS04-019 |
Vulnerability in Utility Manager Could Allow Code Execution (842526) |
| MS04-018 |
Cumulative Security Update for Outlook Express (823353) |
| MS04-016 |
Vulnerability in DirectPlay Could Allow Denial of Service (839643) |
| MS04-015 |
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) |
| MS04-014 |
Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) |
| MS04-013 |
Cumulative Security Update for Outlook Express (837009) |
| MS04-012 |
Cumulative Update for Microsoft RPC/DCOM (828741) |
| MS04-011 |
Security Update for Microsoft Windows (835732) |
| MS04-008 |
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) |
| MS04-007 |
ASN.1 Vulnerability Could Allow Code Execution (828028) |
| MS04-006 |
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
|
| MS04-004 |
Cumulative Security Update for Internet Explorer (832894) |
| MS04-003 |
Buffer Overrun in MDAC Function Could Allow Code Execution (832483) |
| MS03-051 |
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) |
| MS03-049 |
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749) |
| MS03-048 |
Cumulative Security Update for Internet Explorer (824145) |
| MS03-045 |
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141) |
| MS03-044 |
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119) |
| MS03-043 |
Buffer Overrun in Messenger Service Could Allow Code Execution (828035) |
| MS03-042 |
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232) |
| MS03-041 |
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) |
| MS03-040 |
Cumulative Patch for Internet Explorer (828750) |
| MS03-039 |
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) |
| MS03-034 |
Flaw in NetBIOS Could Lead to Information Disclosure (824105) |
| MS03-033 |
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718) |
| MS03-031 |
Cumulative Patch for Microsoft SQL Server (815495) |
| MS03-030 |
Unchecked Buffer in DirectX Could Enable System Compromise (819696) |
| MS03-027 |
Unchecked Buffer in Windows Shell Could Enable System Compromise (821557) |
| MS03-026 |
Buffer Overrun In RPC Interface Could Allow Code Execution (823980) |
| MS03-025 |
Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679) |
| MS03-024 |
Buffer Overrun in Windows Could Lead to Data Corruption (817606) |
| MS03-023 |
Buffer Overrun In HTML Converter Could Allow Code Execution (823559) |
| MS03-022 |
Vulnerability in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343) |
| MS03-021 |
Flaw In Windows Media Player May Allow Media Library Access (819639) |
| MS03-018 |
Cumulative Patch for Internet Information Service (811114) |
| MS03-017 |
Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) |
| MS03-014 |
Cumulative Patch for Outlook Express (330994) |
| MS03-013 |
Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493) |
| MS03-011 |
Flaw in Microsoft VM Could Enable System Compromise (816093) |
| MS03-010 |
Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953) |
| MS03-008 |
Flaw in Windows Script Engine Could Allow Code Execution (814078) |
| MS03-007 |
Unchecked Buffer In Windows Component Could Cause Server Compromise (815021) |
| MS03-005 |
No Title Available |
| MS03-001 |
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833) |
| MS02-072 |
Unchecked Buffer in Windows Shell Could Enable System Compromise (329390) |
| MS02-071 |
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310) |
| MS02-070 |
Flaw in SMB Signing Could Enable Group Policy to be Modified (329170) |
| MS02-065 |
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414) |
| MS02-063 |
Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834) |
| MS02-062 |
Cumulative Patch for Internet Information Service (Q327696) |
| MS02-060 |
Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940) |
| MS02-058 |
Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676) |
| MS02-055 |
Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255) |
| MS02-054 |
Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048) |
| MS02-053 |
Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096) |
| MS02-051 |
Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380) |
| MS02-050 |
Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) |
| MS02-048 |
Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172) |
| MS02-045 |
Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830) |
| MS02-042 |
Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886) |
| MS02-032 |
26 June 2002 Cumulative Patch for Windows Media Player (Q320920) |
| MS02-029 |
Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138) |
| MS02-024 |
Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206) |
| MS02-017 |
Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967) |
| MS02-012 |
Malformed Data Transfer Request can Cause Windows SMTP Service to Fail |
| MS02-009 |
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files |
| MS02-008 |
XMLHTTP Control Can Allow Access to Local Files |
| MS02-006 |
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run |
| MS01-059 |
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise |
| 919004 |
Windows Server Update Services Service Pack 1 |
| 917347 |
Update for Word 2002: July 11, 2006 |
| 917153 |
Update for PowerPoint 2002: July 11, 2006 |
| 913807 |
Update for Outlook 2003: March 14, 2006 |
| 913571 |
Updates for Office 2003: March 14, 2006 |
| 913090 |
SQL Server 2005 Service Pack 1 |
| 912440 |
Description of the update for Office 2003 Alternative User Input: May 9, 2006 |
| 907747 |
Update for Intelligent Message Filter for Exchange Server 2003 |
| 903676 |
Microsoft Internet Security and Acceleration Server 2004 Service Pack (SP2). |
| 902963 |
Service Pack 1 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
| 902848 |
Outlook Live 2003 Service Pack 2 |
| 891861 |
Update Rollup 1 for Windows 2000 SP4 and known issues |
| 890830 |
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000 |
| 889101 |
Release notes for Windows Server 2003 Service Pack 1 |
| 887624 |
Description of Windows SharePoint Services Service Pack 2 |
| 887622 |
Description of Visio 2003 Service Pack 2 |
| 887620 |
Description of Project 2003 Service Pack 2 |
| 887619 |
Description of OneNote 2003 Service Pack 2 |
| 887618 |
Description of Office 2003 Service Pack 2 for Proofing Tools |
| 887616 |
Description of Office 2003 Service Pack 2 |
| 870540 |
Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup |
| 867461 |
List of bugs that are fixed in Microsoft .NET Framework 1.0 Service Pack 3 |
| 867460 |
List of bugs that are fixed in the .NET Framework 1.1 Service Pack 1 (SP1) |
| 843188 |
Description of Office 2003 Service Pack 1 for Proofing Tools |
| 842774 |
Description of OneNote 2003 Service Pack 1 |
| 842532 |
Description of Office 2003 Service Pack 1 |
| 841876 |
Description of Windows SharePoint Services Service Pack 1 |
| 840663 |
Description of Visio 2003 Service Pack 1 |
| 837240 |
Description of Project 2003 Service Pack 1 |
| 834693 |
Description of Office XP Service Pack 3 for Access 2002 Runtime |
| 832671 |
Description of Microsoft Office XP Service Pack 3 |
| 830242 |
Description of Visio 2002 Service Pack 2 |
| 830241 |
Description of Microsoft Project 2002 Service Pack 1 |
| 826939 |
Help and Support |
| 811113 |
List of fixes included in Windows XP Service Pack 2 |
| 321884 |
INFO: List of Bugs Fixed in Microsoft .NET Framework Service Pack 2 |
| 899456 |
Release manifest for MDAC 2.8 Service Pack 1 (2.81.1117.6) |
| 884525 |
Additions to the SQL Server 2000 Service Pack 4 readme files |
| 842262 |
Release manifest for the MDAC 2.7 Service Pack 1 Refresh (2.71.9040.2) |
|
 More information on each product update |
Bulletin ID:
MS09-027 |
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported editions of Microsoft Office Word 2000. For all supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac, and all supported versions of Open XML File Format Converter for Mac, Microsoft Office Compatibility Pack, and Microsoft Office Word Viewers, this security update is rated Important. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
MS09-026 |
Title:
Vulnerability in RPC Could Allow Elevation of Privilege (970238) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system. Supported editions of Microsoft Windows are not delivered with any RPC servers or clients that are subject to exploitation of this vulnerability. In a default configuration, users could not be attacked by exploitation of this vulnerability. However, the vulnerability is present in the Microsoft Windows RPC runtime and could affect third-party RPC applications.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-025 |
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-024 |
Title:
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office Word 2000. This security update is also rated important for supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003 with the Microsoft Works 6–9 File Converter, and Microsoft Office Word 2007 Service Pack 1; and Microsoft Works 8.5 and Microsoft Works 9. |
Applies to:
Office 2007
Office 2002/XP |
Bulletin ID:
MS09-023 |
Title:
Vulnerability in Windows Search Could Allow Information Disclosure (963093) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results. By default, the Windows Search component is not preinstalled on Microsoft Windows XP and Windows Server 2003. It is an optional component available for download. Windows Search installed on supported editions of Windows Vista and Windows Server 2008 is not affected by this vulnerability.
This security update is rated Moderate for Windows Search installed on all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS09-022 |
Title:
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Microsoft Windows 2000; Moderate for all supported editions of Windows XP and Windows Server 2003; and Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-021 |
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack, this security update is rated Important.
The update addresses the vulnerabilities by modifying the way that Excel parses Excel files. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS09-020 |
Title:
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs.
This security update is rated Important for Microsoft Internet Information Services on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-019 |
Title:
Cumulative Security Update for Internet Explorer (969897) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Important for Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP and Windows Vista; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003 and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows Vista
Windows Internet Explorer 8 Dynamic Installer
Windows Internet Explorer 7.0 Dynamic Installer
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008 |
Bulletin ID:
MS09-018 |
Title:
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server, and rated Important for supported versions of Windows XP Professional and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
948465 |
Title:
Windows Vista SP2 and Windows Server 2008 SP2 |
Update Type:
Service Pack |
Severity:
|
| Service Pack 2 for Windows Vista and for Windows Server 2008. |
Applies to:
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-017 |
Title:
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000. For supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; all supported versions of PowerPoint Viewer, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; Microsoft Works 8.5; and Microsoft Works 9.0, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
968369 |
Title:
SQL Server 2008 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2008 Service Pack 1 |
Applies to:
SQL Server 2008 |
Bulletin ID:
960911 |
Title:
Windows Small Business Server 2008 Update Rollup 2 |
Update Type:
Update Rollup |
Severity:
|
| Windows Small Business Server 2008 Update Rollup 2 |
Applies to:
Windows Small Business Server 2008 |
Bulletin ID:
957324 |
Title:
Office 2007 Service Pack 2 - Business Contact Manager |
Update Type:
Service Pack |
Severity:
|
| Office 2007 Service Pack 2 - Business Contact Manager |
Applies to:
Office 2007 |
Bulletin ID:
957262 |
Title:
Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components |
Update Type:
Service Pack |
Severity:
|
| Office 2007 Service Pack 2 - Microsoft Office Access Runtime and Data Connectivity Components |
Applies to:
Office 2007 |
Bulletin ID:
953338 |
Title:
Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2) |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services 3.0 Service Pack 2 (SP2) and Windows SharePoint Services 3.0 Language Pack Service Pack 2 (SP2) |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
953336 |
Title:
Excel Viewer 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Excel Viewer 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953335 |
Title:
Visio Viewer 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Visio Viewer 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953334 |
Title:
Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office 2007 servers Service Pack 2 and Microsoft Office 2007 servers Language Pack Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953332 |
Title:
PowerPoint Viewer 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| PowerPoint Viewer 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953331 |
Title:
Office Compatibility Pack Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Office Compatibility Pack Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953329 |
Title:
Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Calendar Printing Assistant for Outlook 2007 Service Pack 2 |
Applies to:
Office 2007 |
Bulletin ID:
953195 |
Title:
Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Suite Service Pack 2 (SP2) and Microsoft Office Language Pack 2007 SP2 |
Applies to:
Office 2007 |
Bulletin ID:
MS09-016 |
Title:
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
This security update is rated Important for Forefront TMG MBE, ISA Server 2004, and ISA Server 2006. |
Applies to:
Forefront TMG MBE
Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2004 |
Bulletin ID:
MS09-015 |
Title:
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.
This security update is rated Moderate for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. On Microsoft Windows 2000, this update is only classified as a defense-in-depth change. Details are available in the section, Frequently Asked Questions (FAQ) Related to This Security Update. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-014 |
Title:
Cumulative Security Update for Internet Explorer (963027) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows XP; and Internet Explorer 7 running on supported editions of Windows Vista. For Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Important. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-013 |
Title:
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-012 |
Title:
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
MS09-011 |
Title:
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS09-010 |
Title:
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.
This security update is rated Critical for supported editions of Microsoft Office Word 2000. This security update is also rated Important for supported editions of Microsoft Office Word 2002; Microsoft Office Converter Pack; and WordPad on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows XP
Office 2002/XP
Office 2003 |
Bulletin ID:
MS09-009 |
Title:
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; all supported versions of Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack Service Pack 1, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
960384 |
Title:
Update Rollup for Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup for Exchange Server 2007 Service Pack 1 |
Applies to:
Exchange Server 2007 |
Bulletin ID:
MS09-008 |
Title:
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows 2000 |
Bulletin ID:
MS09-007 |
Title:
Vulnerability in SChannel Could Allow Spoofing (960225) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS09-006 |
Title:
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows 7 Client
Windows 7 Server |
Bulletin ID:
960353 |
Title:
Update for Microsoft Silverlight, February 18, 2009 |
Update Type:
Update Rollup |
Severity:
|
| This update includes stability improvements in media and in accessibility. This update is backward-compatible with applications that were created against earlier versions of Silverlight. |
Applies to:
Silverlight |
Bulletin ID:
959057 |
Title:
Microsoft Office Accounting 2009 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Accounting 2009 Service Pack 1 for Accounting Professional 2009 and for Accounting Express 2009. |
Applies to:
Office 2007 |
Bulletin ID:
MS09-005 |
Title:
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, and Microsoft Office Visio 2007 Service Pack 1. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS09-004 |
Title:
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
This security update is rated Important for supported releases of SQL Server 2000, SQL Server 2005 Service Pack 2, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
SQL Server
SQL Server 2005 |
Bulletin ID:
MS09-003 |
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) |
Update Type:
Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007. |
Applies to:
Exchange Server 2007
Exchange Server 2003
Exchange 2000 Server |
Bulletin ID:
MS09-002 |
Title:
Cumulative Security Update for Internet Explorer (961260) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Vista |
Bulletin ID:
960715 |
Title:
Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
Update Type:
Update Rollup |
Severity:
|
| Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
958715 |
Title:
Windows Small Business Server 2008 Update Rollup 1 |
Update Type:
Update Rollup |
Severity:
|
| Windows Small Business Server 2008 Update Rollup 1 |
Applies to:
Windows Small Business Server 2008 |
Bulletin ID:
955706 |
Title:
SQL Server 2005 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2005 Service Pack 3 |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
SQL Server 2005 |
Bulletin ID:
951847 |
Title:
.NET Framework 3.5 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| .NET Framework 3.5 Service Pack 1 |
Applies to:
Windows Vista
Windows Server 2008
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS09-001 |
Title:
Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-078 |
Title:
Security Update for Internet Explorer (960714) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. |
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS08-077 |
Title:
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
This security update is rated Important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008. |
Applies to:
Office 2007 |
Bulletin ID:
MS08-076 |
Title:
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008. |
Applies to:
Windows Server 2008
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
MS08-075 |
Title:
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-074 |
Title:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-073 |
Title:
Cumulative Security Update for Internet Explorer (958215) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-072 |
Title:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-071 |
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (956802) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-070 |
Title:
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported components of the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, Microsoft Office Project 2007; and the Chinese Simplified (China), Chinese Pan (Hong Kong), Chinese Traditional (Taiwan), and Korean versions of Microsoft Office FrontPage 2002. |
Applies to:
Office 2007
Office 2003 |
Bulletin ID:
957388 |
Title:
December 2008 Windows Vista and Windows Server 2008 Application Compatibility Update |
Update Type:
Update Rollup |
Severity:
|
| December2008 Windows Vista and Windows Server 2008 Application Compatibility Update. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
953467 |
Title:
Update Rollup 5 for Exchange Server 2007 Service Pack 1
|
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 5 for Exchange Server 2007 Service Pack 1. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
MS08-069 |
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft XML Core Services 3.0 and Important for Microsoft XML Core Services 4.0, Microsoft XML Core Services 5.0, and Microsoft XML Core Services 6.0. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Office 2007
Office 2003 |
Bulletin ID:
MS08-068 |
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957097) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Moderate for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-067 |
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (958644) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
957938 |
Title:
Update for Silverlight: October 20, 2008 |
Update Type:
Update Rollup |
Severity:
|
| This major update includes improvements in performance, in security, and in functionality. This update is backward compatible with Silverlight 1.0 Web applications. |
Applies to:
Silverlight |
Bulletin ID:
MS08-066 |
Title:
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS08-065 |
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
This security update is rated Important for all supported editions of Microsoft Windows 2000. |
Applies to:
Windows 2000 |
Bulletin ID:
MS08-064 |
Title:
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-063 |
Title:
Vulnerability in SMB Could Allow Remote Code Execution (957095) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS08-062 |
Title:
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-061 |
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-060 |
Title:
Vulnerability in Active Directory Could Allow Remote Code Execution (957280) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
This security update is rated Critical for implementations of Active Directory on Microsoft Windows 2000 Server. |
Applies to:
Windows 2000 |
Bulletin ID:
MS08-059 |
Title:
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Host Integration Server 2000, Microsoft Host Integration Server 2004, and Microsoft Host Integration Server 2006. |
Applies to:
Host Integration Server 2006
Host Integration Server 2004
Host Integration Server 2000 |
Bulletin ID:
MS08-058 |
Title:
Cumulative Security Update for Internet Explorer (956390) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on all supported editions of Microsoft Windows 2000, and for Internet Explorer 6 running on all supported editions of Windows XP. For Internet Explorer 7 running on all supported editions of Windows XP and Windows Vista, this security update is rated Important. Otherwise, this security update is rated Moderate or Low. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-057 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Office Excel 2000 and rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack , Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-056 |
Title:
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
This security update is rated Moderate for supported editions of Microsoft Office XP.
The security update addresses the vulnerability by unregistering the CDO protocol. |
Applies to:
Office 2002/XP |
Bulletin ID:
956391 |
Title:
Cumulative Security Update of ActiveX Kill Bits |
Update Type:
Update Rollup |
Severity:
|
| Cumulative Security Update of ActiveX Kill Bits |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-055 |
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Applies to:
Office 2007
Office 2003 |
Bulletin ID:
MS08-054 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported and affected editions of Windows Media Player 11. |
Applies to:
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS08-053 |
Title:
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported and affected editions of Microsoft Windows 2000, Windows XP, and Windows Vista, and Moderate for supported and affected versions of Windows Server 2003 and Windows Server 2008. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS08-052 |
Title:
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.
This security update is rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, Microsoft Visio 2002, Microsoft Office PowerPoint Viewer 2003, Microsoft Works 8, and Microsoft Forefront Client Security 1.0. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
SQL Server 2005
Windows 2000
Visual Studio 2008
Visual Studio 2005
Forefront Client Security
Office 2002/XP
Office 2003
Office 2007
Windows Server 2008
Windows Vista
SQL Server |
Bulletin ID:
955305 |
Title:
Update for Silverlight 1.0: July 23, 2008 |
Update Type:
Update Rollup |
Severity:
|
| Update for Silverlight 1.0: July 23, 2008 |
Applies to:
Silverlight |
Bulletin ID:
951951 |
Title:
Forefront Client Security Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Forefront Client Security Service Pack 1 |
Applies to:
Forefront Client Security |
Bulletin ID:
MS08-051 |
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office PowerPoint 2000 and rated Important for supported editions of Microsoft Office PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft Office PowerPoint 2007, Microsoft Office PowerPoint Viewer 2003, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
MS08-050 |
Title:
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user.
This security update is rated Important for all supported editions of Microsoft Windows 2000 and Windows XP, and Moderate for all supported versions of Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS08-049 |
Title:
Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
This security update is rated Important for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-048 |
Title:
Security Update for Outlook Express and Windows Mail (951066) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for supported editions of Windows XP and Windows Vista and rated Low for supported editions of Windows Server 2003 and Windows Server 2008. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-047 |
Title:
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
This update is rated Important for all supported versions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-046 |
Title:
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This update is rated Critical for all supported versions of Microsoft Windows 2000, Windows XP and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-045 |
Title:
Cumulative Security Update for Internet Explorer (953838) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-044 |
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office 2000, and Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Project 2002 Service Pack 1, Microsoft Office Converter Pack, and Microsoft Works 8. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-043 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel 2003 Service Pack 3, Excel Viewer 2003, Excel Viewer 2003 Service Pack 3, Excel 2007, Excel 2007 Service Pack 1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Office Excel Viewer, and Microsoft Office SharePoint Server 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-042 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for supported editions of Microsoft Word 2002 and Microsoft Word 2003. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-041 |
Title:
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
This security update is rated Critical for the Snapshot Viewer for Microsoft Access and for supported versions of Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.
The security update addresses the vulnerability by correcting an error in the Microsoft Access Snapshot Viewer control. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
951072 |
Title:
August 2008 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| August 2008 cumulative time zone update for Microsoft Windows operating systems. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008
Windows Vista
Windows XP x64 Edition |
Bulletin ID:
943462 |
Title:
Internet Security and Acceleration Server 2006 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Internet Security and Acceleration Server 2006 Service Pack 1. |
Applies to:
Internet Security and Acceleration Server 2006 |
Bulletin ID:
MS08-040 |
Title:
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. This security update is rated Important for supported releases of SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). The security update addresses the vulnerabilities by modifying the way that SQL Server manages page reuse, allocating more memory for the convert function, validating on-disk files before loading them, and validating insert statements. |
Applies to:
SQL Server
SQL Server 2005
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
MS08-039 |
Title:
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.
This security update is rated Important for all supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007. |
Applies to:
Exchange Server 2007
Exchange Server 2003 |
Bulletin ID:
MS08-038 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-037 |
Title:
Vulnerabilities in DNS Could Allow Spoofing (953230) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition
Windows Server 2008 |
Bulletin ID:
953649 |
Title:
System Center Configuration Manager Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| System Center Configuration Manager Service Pack 1. |
Applies to:
System Center Configuration Management 2007 |
Bulletin ID:
MS08-036 |
Title:
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003 and rated Moderate for all supported editions of Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-035 |
Title:
Vulnerability in Active Directory Could Allow Denial of Service (953235) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, and rated Moderate for select editions of Windows XP Professional, Windows Server 2003, and Windows Server 2008. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS08-034 |
Title:
Vulnerability in WINS Could Allow Elevation of Privilege (948745) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privilege. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-033 |
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows 2000
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Server 2008 |
Bulletin ID:
MS08-032 |
Title:
Cumulative Security Update of ActiveX Kill Bits (950760) |
Update Type:
Security Update |
Severity:
Moderate |
| This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb.
The security update is rated Moderate for Microsoft Windows 2000 Service Pack 4; all supported editions of Windows XP; and all editions of the original release version of Windows Vista. However, the kill bit deployment also includes Windows Vista Service Pack 1.
For all other supported versions of Windows, this security update is rated Low. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-031 |
Title:
Cumulative Security Update for Internet Explorer (950759) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.
This security update is rated Critical for Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 on supported versions of Windows XP; and Internet Explorer 7 on supported versions of Windows XP and Windows Vista. The security update is also rated Important for Internet Explorer 5.01 on Microsoft Windows 2000 Service Pack 4, and Moderate for all other supported releases of Internet Explorer. |
Applies to:
Windows 2000
Windows Vista
Windows Server 2008
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-030 |
Title:
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported editions of Windows XP and Windows Vista. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
951532 |
Title:
Description of the Post-Service Pack 1 Rollup for Microsoft Expression Media: April 15, 2008 |
Update Type:
Update Rollup |
Severity:
|
| Describes the Microsoft Expression Media issues that are fixed in the Post-SP1 Rollup that is dated April 15, 2008. |
Applies to:
Expression Media V1 |
Bulletin ID:
951213 |
Title:
Description of the update for Silverlight 1.0: April 4, 2008 |
Update Type:
Update Rollup |
Severity:
|
| Describes the update for Silverlight 1.0 that was released on April 4, 2008. Provides links to the update and to product release notes. |
Applies to:
Silverlight |
Bulletin ID:
MS08-028 |
Title:
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for the Microsoft Jet 4.0 Database Engine. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-027 |
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Publisher 2000 Service Pack 3 and Important for supported versions of Microsoft Publisher 2002, Microsoft Publisher 2003, and Microsoft Publisher 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-026 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Word 2000 and Microsoft Outlook 2007 and rated Important for supported editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
948016 |
Title:
Description of Update Rollup 2 for Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Describes Update Rollup 2 for Exchange Server 2007 Service Pack 1. Contains information about the issues that the update rollup fixes, the prerequisites for installing it, how to obtain it, and the files that it contains. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
936929 |
Title:
Windows XP Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Windows XP Service Pack 3. |
Applies to:
Windows XP |
Bulletin ID:
949426 |
Title:
Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Accounting 2008 Service Pack 1 for Accounting Professional 2008 and for Accounting Express 2008. |
Applies to:
Office 2007 |
Bulletin ID:
936330 |
Title:
Windows Vista Service Pack 1 (SP1) |
Update Type:
Service Pack |
Severity:
|
| Windows Vista Service Pack 1 (SP1). |
Applies to:
Windows Vista |
Bulletin ID:
MS08-025 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-024 |
Title:
Cumulative Security Update for Internet Explorer (947864) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated Critical for all supported releases of Internet Explorer. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista
Windows Server 2008 |
Bulletin ID:
MS08-023 |
Title:
Security Update of ActiveX Kill Bits (948881) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated Critical for Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4; Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4; Windows XP Service Pack 2; and Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2.
The security update is rated Important for Windows Vista and Windows Vista Service Pack 1; and Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1.
The security update is rated Moderate for all supported editions of Windows Server 2003.
For all other supported versions of Windows, this security update is rated Low. |
Applies to:
Windows Server 2008
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-022 |
Title:
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS08-021 |
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (948590) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for Microsoft Windows 2000 Service Pack 4, and all supported releases of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Server 2008
Windows Vista |
Bulletin ID:
MS08-020 |
Title:
Vulnerability in DNS Client Could Allow Spoofing (945553) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS clients and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.
This is an important security update for Windows Vista and all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS08-019 |
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007, and Microsoft Office Visio 2007 Service Pack 1. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-018 |
Title:
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Office Project that could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Project 2000 Service Release 1 and rated Important for Microsoft Project 2002 Service Pack 1, and Microsoft Office Project 2003 Service Pack 2. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
948014 |
Title:
Windows Server Update Services 3.0 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Windows Server Update Services 3.0 Service Pack 1. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition |
Bulletin ID:
MS08-017 |
Title:
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) |
Update Type:
Security Update |
Severity:
Critical |
| This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for implementations of Microsoft Office Web Components 2000 on supported editions of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, Visual Studio .NET 2002 Service Pack 1, Visual Studio .NET 2003 Service Pack 1, Microsoft BizTalk Server 2000 and Microsoft BizTalk Server 2002, Microsoft Commerce Server 2000, and Internet Security and Acceleration Server 2000 Service Pack 2. |
Applies to:
Office 2002/XP |
Bulletin ID:
MS08-016 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for supported editions of Microsoft Office 2000 and rated Important for supported editions of Microsoft Office XP, Microsoft Office 2003 Service Pack 2, Microsoft Excel Viewer 2003 and Microsoft Excel Viewer 2003 Service Pack 3, and Microsoft Office 2004 for Mac. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-015 |
Title:
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.
This security update is rated Critical for supported editions of Microsoft Office Outlook 2000 Service Pack 3, Outlook 2002 Service Pack 3, Outlook 2003 Service Pack 2 and Service Pack 3, and Outlook 2007. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-014 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office 2004 for Mac, and Office 2008 for Mac. |
Applies to:
Office 2003
Office 2007
Office 2002/XP |
Bulletin ID:
946140 |
Title:
Update for Business Contact Manager for Outlook 2007: February 12, 2008 |
Update Type:
Critical Update |
Severity:
|
| This update changes the startup behavior of the SQL Server service so that the service is started only when Business Contact Manager for Outlook 2007 requires it. |
Applies to:
Office 2007 |
Bulletin ID:
945684 |
Title:
Update Rollup 1 for Microsoft Exchange Server 2007 Service Pack 1 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 1 for Microsoft Exchange Server 2007 SP1. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
942846 |
Title:
Update Rollup 6 for Exchange Server 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 6 for Exchange Server 2007. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
941834 |
Title:
Microsoft Expression Media Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Expression Media Service Pack 1. |
Applies to:
Expression Media V1 |
Bulletin ID:
MS08-013 |
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Microsoft Office 2000 and an important security update for Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2004 for Mac. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS08-012 |
Title:
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported vulnerabilities in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported releases of Microsoft Office Publisher 2000; supported releases of Microsoft Office Publisher 2002; and supported editions of Microsoft Office Publisher 2003 Service Pack 2. Microsoft Publisher 2003 Service Pack 3, Microsoft Office Publisher 2007, and Microsoft Office Publisher 2007 Service Pack 1 are not impacted by this vulnerability. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS08-011 |
Title:
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves three privately reported vulnerabilities in the Microsoft Works File Converter. These vulnerabilities could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Microsoft Works Converter. |
Applies to:
Office 2003 |
Bulletin ID:
MS08-010 |
Title:
Cumulative Security Update for Internet Explorer (944533) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated critical for all supported releases of Internet Explorer. |
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-009 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000 and an important security update for Microsoft Office XP, Microsoft Office 2003, and Microsoft Office Word Viewer 2003. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS08-008 |
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS08-007 |
Title:
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves one privately reported vulnerability in the WebDAV Mini-Redirector. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Windows XP and Windows Vista and an important security update for all supported editions of Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-006 |
Title:
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.
The security update is rated important for Microsoft Internet Information Services on all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS08-005 |
Title:
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated Important for Microsoft Internet Information Services 5.0 on Microsoft Windows 2000, Microsoft Internet Information Services 5.1 on Windows XP, Microsoft Internet Information Server 6.0 on Windows Server 2003, and Microsoft Internet Information Services 7.0 on Windows Vista. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-004 |
Title:
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart.
This is an important security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS08-003 |
Title:
Vulnerability in Active Directory Could Allow Denial of Service (946538) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability could allow a denial of service condition. On Windows Server 2003 and Windows XP an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
This is an important security update for all supported editions of Microsoft Windows 2000, and a moderate security update for Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
940767 |
Title:
Windows Internet Explorer 7 Installation and Availability Update |
Update Type:
Update Rollup |
Severity:
|
| Windows Internet Explorer 7 Installation and Availability Update. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
110806 |
Title:
Microsoft .NET Framework 2.0 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft .NET Framework 2.0 Service Pack 1 provides cumulative roll-up updates for customer reported issues found after the release of Microsoft .NET Framework 2.0. In addition, this release provides security improvements, and prerequisite feature support for .NET Framework 3.0 Service Pack 1, and .NET Framework 3.5. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS08-002 |
Title:
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS08-001 |
Title:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Windows XP and Windows Vista, an important security update for all supported editions of Windows Server 2003, and a moderate security update for all supported editions of Microsoft Windows 2000. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows 2000 |
Bulletin ID:
941652 |
Title:
Business Contact Manager for Outlook 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Business Contact Manager for Outlook 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
940289 |
Title:
Office Compatibility Pack Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| This service pack delivers important customer-requested stability and performance improvements. It also includes improvements in user security. |
Applies to:
Office 2007 |
Bulletin ID:
937961 |
Title:
Office 2003 Web Components Service Pack 1 for the 2007 Office system |
Update Type:
Service Pack |
Severity:
|
| Office 2003 Web Components SP1 for the 2007 Office system. This service pack provides the latest updates to the Office 2003 Web Components for the 2007 Office system. |
Applies to:
Office 2007 |
Bulletin ID:
937160 |
Title:
Visio Viewer 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Office Visio Viewer 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
937158 |
Title:
PowerPoint Viewer 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office PowerPoint Viewer 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
937157 |
Title:
Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Calendar Printing Assistant for Microsoft Office Outlook 2007 Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
936988 |
Title:
Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services 3.0 SP1 and Windows SharePoint Services Language Pack 3.0 SP1. These service packs contain the latest updates to Windows SharePoint Services 3.0. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
936984 |
Title:
Microsoft Office 2007 servers Service Pack 1 and Microsoft Office 2007 servers Language Pack Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office servers 2007 SP1 and Microsoft Office 2007 servers Language Pack SP1. This service pack provides the latest updates to all of the 2007 Microsoft Office servers. |
Applies to:
Office 2007 |
Bulletin ID:
936982 |
Title:
Microsoft Office 2007 suite Service Pack 1 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office 2007 suite Service Pack 1. |
Applies to:
Office 2007 |
Bulletin ID:
MS07-069 |
Title:
Cumulative Security Update for Internet Explorer (942615) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS07-068 |
Title:
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Windows Media Format Runtime 7.1, 9, 9.5, 11 and for Windows Media Services 9.1. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows Vista |
Bulletin ID:
MS07-067 |
Title:
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters. An attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS07-066 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
This is an important security update for supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-065 |
Title:
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in Message Queuing Service (MSMQ) that could allow remote code execution in implementations on Microsoft Windows 2000 Server, or elevation of privilege in implementations on Microsoft Windows 2000 Professional and Windows XP. An attacker must have valid logon credentials to exploit this vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is an important security update for supported editions of Microsoft Windows 2000 Server and a moderate security update for supported editions of Windows XP and Windows 2000 Professional. |
Applies to:
Windows 2000
Windows XP |
Bulletin ID:
MS07-064 |
Title:
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Vista. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-063 |
Title:
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability in Server Message Block Version 2 (SMBv2). The vulnerability could allow an attacker to tamper with data transferred via SMBv2, which could allow remote code execution in domain configurations communicating with SMBv2.
This is an Important security update for all supported versions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
942840 |
Title:
You may experience slow Web browser performance when you view a Web page that uses JScript in Internet Explorer on a Windows Server 2003-based computer or on a Windows XP-based computer |
Update Type:
Unknown Type |
Severity:
N/A |
| Fixes a problem in which you experience slow performance when you view a Web page in Internet Explorer. Specifically, this problem occurs in Windows Server 2003 and Windows CP environments. This hotfix provides improvements over hotfix 919237. |
Applies to:
|
Bulletin ID:
942763 |
Title:
December 2007 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| December 2007 cumulative time zone update for Windows XP, for Windows Vista, and for Windows Server 2003. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
929300 |
Title:
Microsoft .NET Framework Service Pack 1 for versions 3.0, 2.0, and 1.1 |
Update Type:
Service Pack |
Severity:
|
| Service Pack 1 for Microsoft .NET Framework versions 3.0, 2.0, and 1.1. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS07-062 |
Title:
Vulnerability in DNS Could Allow Spoofing (941672) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability. This spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. This is an important security update for all supported editions of Microsoft Windows 2000 Server and Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-061 |
Title:
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.
This is a critical security update for all supported editions of Windows XP and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
941421 |
Title:
Update Rollup 5 for Exchange 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 5 for Exchange 2007 |
Applies to:
Exchange Server 2007 |
Bulletin ID:
MS07-060 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000, Microsoft Office XP, and Microsoft Office 2004 for Mac. |
Applies to:
Office 2002/XP |
Bulletin ID:
MS07-059 |
Title:
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017) |
Update Type:
Security Update |
Severity:
Important |
| This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation.
The security update is rated important for Microsoft SharePoint Services 3.0 in supported editions of Microsoft Windows Server 2003 and for supported editions of Microsoft Office SharePoint Server 2007.
The security update addresses the vulnerability by modifying the way that Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 validate URL-encoded requests. |
Applies to:
Office 2007
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS07-058 |
Title:
Vulnerability in RPC Could Allow Denial of Service (933729) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-057 |
Title:
Cumulative Security Update for Internet Explorer (939653) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-056 |
Title:
Security Update for Outlook Express and Windows Mail (941202) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
This is a critical security update for all supported versions of Microsoft Outlook express and Microsoft Windows Mail. |
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-055 |
Title:
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This vulnerability exists only on systems running Windows 2000. However, systems running supported editions of Windows XP and Windows Server 2003 may also be affected if upgraded from Windows 2000. This is a critical security update for Windows 2000 Service Pack 4, Windows XP Service Pack 2, and supported 32-bit editions of Windows Server 2003. |
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
940006 |
Title:
Update Rollup 4 for Exchange 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 4 for Exchange 2007. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
935999 |
Title:
Update Rollup 3 for Exchange 2007 |
Update Type:
Update Rollup |
Severity:
|
| Update Rollup 3 for Exchange 2007. |
Applies to:
Exchange Server 2007 |
Bulletin ID:
934737 |
Title:
Excel Viewer 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Excel 2003 Viewer SP3 contains significant security improvements, stability improvements, and performance improvements. Some fixes that are included with Excel Viewer 2003 SP3 were previously released in separate updates. |
Applies to:
Office 2003 |
Bulletin ID:
934736 |
Title:
Word Viewer 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Word Viewer 2003 SP3 contains significant security enhancements, stability improvements, and performance improvements. Some fixes that are included with Word Viewer 2003 SP3 were previously released in separate updates. |
Applies to:
Office 2003 |
Bulletin ID:
933867 |
Title:
Microsoft Systems Management Server 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Systems Management Server (SMS) 2003 Service Pack 3 (SP3) |
Applies to:
Systems Management Server 2003 |
Bulletin ID:
933360 |
Title:
August 2007 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| August 2007 cumulative time zone update that is available for Microsoft Windows operating systems. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista
Windows XP
Windows XP x64 Edition |
Bulletin ID:
923648 |
Title:
Outlook Live 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Outlook Live 2003 Service Pack 3 |
Applies to:
Office 2003 |
Bulletin ID:
923643 |
Title:
Windows SharePoint Services Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Windows SharePoint Services Service Pack 3 provides the latest updates to Windows SharePoint Services. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
923642 |
Title:
Office 2003 Service Pack 3 for Proofing Tools |
Update Type:
Service Pack |
Severity:
|
| Office 2003 SP3 fixes that were released earlier in separate updates. |
Applies to:
Office 2003 |
Bulletin ID:
923633 |
Title:
OneNote 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| OneNote 2003 Service Pack 3 provides the latest updates to Microsoft Office OneNote 2003. |
Applies to:
Office 2003 |
Bulletin ID:
923622 |
Title:
Project 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Project 2003 Service Pack 3 (SP3) contains significant security improvements in addition to stability improvements. Some fixes that are included with SP3 were previously released as separate updates. This service pack combines them into one update. |
Applies to:
Office 2003 |
Bulletin ID:
923620 |
Title:
Visio 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Office Visio 2003 SP3 contains significant security improvements and stability improvements. Some fixes that are included with SP3 have been previously released as separate updates. This service pack combines them into one update. |
Applies to:
Office 2003 |
Bulletin ID:
923618 |
Title:
Office 2003 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Office 2003 SP3 contains security enhancements and stability improvements. Some of the fixes included with Office 2003 SP3 were previously released in separate updates. Office 2003 SP3 combines the previously released fixes into one update. |
Applies to:
Office 2003 |
Bulletin ID:
MS07-053 |
Title:
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one publicly disclosed vulnerability. A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege.
This is an important security update for supported releases of Windows 2000, Windows Server 2003, Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications, a component of Windows Server 2003 and Windows Vista. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows Vista |
Bulletin ID:
MS07-052 |
Title:
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user opens a specially crafted RPT file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an important security update for supported editions of Visual Studio that include a custom version of Crystal Reports. Only the specific editions of Visual Studio listed in the Affected Software section are affected because they contain Crystal Reports. |
Applies to:
Visual Studio 2005 |
Bulletin ID:
MS07-051 |
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for Microsoft Windows 2000 Service Pack 4. |
Applies to:
Windows 2000 |
Bulletin ID:
MS07-050 |
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated critical for supported releases of Internet Explorer 5.01, Internet Explorer 6, and Internet Explorer 7. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS07-049 |
Title:
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
This is an important security update for supported releases of Microsoft Virtual PC 2004, Microsoft Virtual Server 2005, Microsoft Virtual Server 2005 R2, Microsoft Virtual PC for Mac Version 6.1, and Microsoft Virtual PC for Mac Version 7. |
Applies to:
Virtual Server
Virtual PC |
Bulletin ID:
MS07-048 |
Title:
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an important security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-047 |
Title:
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves two privately reported vulnerabilities. These vulnerabilities could allow code execution if a user viewed a specially crafted file in Windows Media Player. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is an important security update for supported versions of Windows Media Player 7.1, 9, 10, and 11. |
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows Vista |
Bulletin ID:
MS07-046 |
Title:
Vulnerability in GDI Could Allow Remote Code Execution (938829) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine in the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
This is a critical security update for all supported editions of Windows except Windows 2003 Server Service Pack 2 and Windows Vista. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-045 |
Title:
Cumulative Security Update for Internet Explorer (937143) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated critical for supported releases of Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1. For Internet Explorer 6 for supported versions and editions of Windows XP Home and Windows XP Professional, the security update is also rated critical, otherwise it is rated moderate for other supported operating systems. For Internet Explorer 7 for supported versions and editions of Windows XP and Windows XP Professional, and Internet Explorer 7 in Windows Vista, the security update is rated Important, otherwise it is rated low. |
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-044 |
Title:
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965) |
Update Type:
Security Update |
Severity:
Critical |
| This security update resolves a privately reported vulnerability in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, this update is rated important. This update is also rated important for the Excel Viewer 2003. |
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS07-043 |
Title:
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Windows 2000, Windows XP, Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-042 |
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for all supported editions of Windows 2000, Windows XP, Windows Vista, Microsoft Office 2003, and 2007 Microsoft Office System. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Windows Server 2008
Office 2007
Office 2003 |
Bulletin ID:
MS07-041 |
Title:
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if an attacker sent specially crafted URL requests to a Web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. IIS 5.1 is not part of a default install of Windows XP Professional Service Pack 2. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
This is an important security update for all supported 32-bit editions of Windows XP Service Pack 2. |
Applies to:
Windows XP |
Bulletin ID:
MS07-040 |
Title:
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update addresses two vulnerabilities by modifying the way .NET Framework addresses buffer allocation. |
Applies to:
Windows Vista
Windows Server 2008
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS07-039 |
Title:
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in implementations of Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition. However remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
This is a critical security update for supported editions of Windows 2000 and an important security update for supported editions of Windows Server 2003. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-038 |
Title:
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) |
Update Type:
Security Update |
Severity:
Moderate |
| This moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host.
This is a moderate security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-037 |
Title:
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) |
Update Type:
Security Update |
Severity:
Important |
| This important security update resolves one publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability.
This is an important security update for supported releases of Microsoft Office Publisher 2007. |
Applies to:
Office 2007 |
Bulletin ID:
MS07-036 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) |
Update Type:
Security Update |
Severity:
Critical |
| This critical update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in addition to other security issues identified during the course of the investigation. These vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, and 2007 Microsoft Office System this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. |
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-035 |
Title:
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if the affected API is used locally by a specially crafted application. Therefore applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
This is a critical security update for all supported versions of Windows 2000, Windows XP, and Windows Server 2003. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-034 |
Title:
Cumulative Security Update for Outlook Express and Windows Mail (929123) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves two privately reported and two publicly disclosed vulnerabilities. One of these vulnerabilities could allow remote code execution if a user viewed a specially crafted e-mail using Windows Mail in Windows Vista. The other vulnerabilities could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer and cannot be exploited directly in Outlook Express. For the information disclosure vulnerabilities, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a critical security update for supported editions of Windows Vista. For other versions of Windows, this update is rated important or moderate or low. |
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS07-033 |
Title:
Cumulative Security Update for Internet Explorer (933566) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction.
This is a critical security update for supported releases of Internet Explorer 5.01 and Internet Explorer 6, and most supported releases of Internet Explorer 7. For Internet Explorer 7 for supported versions and editions of Windows Server 2003, this update is rated moderate. |
Applies to:
Windows Vista
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-032 |
Title:
Vulnerability in Windows Vista Could Allow Information Disclosure (931213) |
Update Type:
Security Update |
Severity:
Moderate |
| This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system.
This is a moderate security update for all supported editions of Windows Vista. |
Applies to:
Windows Vista |
Bulletin ID:
MS07-031 |
Title:
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
Update Type:
Security Update |
Severity:
Critical |
| This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
This is a critical security update for supported editions of Windows XP, important for editions of Windows 2003, and moderate for editions of Windows 2000. |
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-030 |
Title:
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051) |
Update Type:
Security Update |
Severity:
Important |
| This important update resolves two privately discovered and responsibly reported vulnerabilities in addition to other security issues identified during the course of the investigation. The privately reported vulnerabilities could allow remote code execution if a user opened a specially crafted Visio file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit these vulnerabilities.
This is an important security update for supported versions of Microsoft Visio 2002 and Microsoft Office Visio 2003. |
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-029 |
Title:
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-028 |
Title:
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
CAPICOM |
Bulletin ID:
MS07-027 |
Title:
Cumulative Security Update for Internet Explorer (931768) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS07-026 |
Title:
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered |
Applies to:
Exchange Server 2003
Exchange Server 2007
Exchange 2000 Server |
Bulletin ID:
MS07-025 |
Title:
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) |
Update Type:
Security Update |
Severity:
Critical |
This update resolves a privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2007
Office 2002/XP
Office 2003 |
Bulletin ID:
MS07-024 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-023 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2007
Office 2003
Office 2002/XP |
Bulletin ID:
933669 |
Title:
Update for PowerPoint 2003: May 8, 2007 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for Microsoft Office PowerPoint 2003. This update enables a network administrator to restrict the presentation types that can be opened or saved in PowerPoint 2003. |
Applies to:
Office 2003 |
Bulletin ID:
924406 |
Title:
Microsoft Internet Security and Acceleration Server 2004 Service Pack 3 |
Update Type:
Service Pack |
Severity:
|
| Internet Security and Acceleration Server (ISA) Service Pack 3 |
Applies to:
Internet Security and Acceleration Server 2004 |
Bulletin ID:
MS07-022 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity. |
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS07-021 |
Title:
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition
Windows Vista
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-020 |
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-019 |
Title:
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP |
Bulletin ID:
MS07-018 |
Title:
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP |
Bulletin ID:
932726 |
Title:
Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007. |
Update Type:
Service Pack |
Severity:
|
| Service Pack 1 for Accounting Professional 2007 and for Accounting Express 2007. |
Applies to:
Office 2007 |
Bulletin ID:
MS07-017 |
Title:
Vulnerabilities in GDI Could Allow Remote Code Execution (925902) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows Vista
Windows XP
Windows 2000 |
Bulletin ID:
923435 |
Title:
Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003 |
Update Type:
Service Pack |
Severity:
|
| Microsoft Compute Cluster Pack Service Pack 1 (SP1) for Microsoft Windows Compute Cluster Server 2003. |
Applies to:
Compute Cluster Pack |
Bulletin ID:
914961 |
Title:
Windows Server 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Windows Server 2003 Service Pack 2. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
921896 |
Title:
SQL Server 2005 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| SQL Server 2005 Service Pack 2. |
Applies to:
SQL Server 2005 |
Bulletin ID:
MS07-016 |
Title:
Cumulative Security Update for Internet Explorer (928090) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS07-015 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS07-014 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-013 |
Title:
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) |
Update Type:
Security Update |
Severity:
Important |
| This update addresses a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Office 2002/XP
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-012 |
Title:
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
MS07-011 |
Title:
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS07-009 |
Title:
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP |
Bulletin ID:
MS07-008 |
Title:
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS07-007 |
Title:
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP |
Bulletin ID:
MS07-006 |
Title:
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS07-005 |
Title:
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
931836 |
Title:
February 2007 cumulative time zone update for Microsoft Windows operating systems |
Update Type:
Update Rollup |
Severity:
|
| February 2007 cumulative time zone update rollup for Microsoft Windows operating systems. |
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
929060 |
Title:
Update for PowerPoint 2003: February 13, 2007 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for PowerPoint 2003. When you edit a PowerPoint 2007 presentation that is saved on a SharePoint Portal Server site or on a Windows SharePoint Services site, the changes are not saved. |
Applies to:
Office 2003 |
Bulletin ID:
929058 |
Title:
Update for Excel 2003: February 13, 2007 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update for Microsoft Office Excel 2003. When you edit a Microsoft Office Excel 2007 workbook that is saved on a SharePoint Portal Server site or on a Windows SharePoint Services site, the changes are not saved. |
Applies to:
Office 2003 |
Bulletin ID:
928957 |
Title:
Visual Studio 2005 Service Pack 1 release notes |
Update Type:
Service Pack |
Severity:
|
| Contains the contents of the release notes from Visual Studio 2005 Service Pack 1 (SP1). |
Applies to:
Visual Studio 2005 |
Bulletin ID:
MS07-004 |
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows 2000 |
Bulletin ID:
MS07-003 |
Title:
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately and publicly reported vulnerabilities. The vulnerabilities are documented in the “Vulnerability Details” section of this bulletin.
When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-002 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS07-001 |
Title:
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers should apply the update at the earliest opportunity. |
Applies to:
Office 2003 |
Bulletin ID:
924886 |
Title:
Update for Office 2003: December 12, 2006 |
Update Type:
Critical Update |
Severity:
|
| Microsoft has released an update to the spelling checker for Microsoft Office 2003. This update improves how Office 2003 programs find and correct errors in German-language documents. |
Applies to:
Office 2003 |
Bulletin ID:
MS06-078 |
Title:
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered vulnerabilities. These vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS06-077 |
Title:
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-076 |
Title:
Cumulative Security Update for Outlook Express (923694) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers should apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-075 |
Title:
Vulnerability in Windows Could Allow Elevation of Privilege (926255) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately identified vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-074 |
Title:
Vulnerability in SNMP Could Allow Remote Code Execution (926247) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS06-073 |
Title:
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Visual Studio 2005 |
Bulletin ID:
MS06-072 |
Title:
Cumulative Security Update for Internet Explorer (925454) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
899738 |
Title:
Systems Management Server 2003 Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Systems Management Server 2003 Service Pack 2 |
Applies to:
Systems Management Server 2003 |
Bulletin ID:
917275 |
Title:
Windows Rights Management Services with Service Pack 2 |
Update Type:
Service Pack |
Severity:
|
| Describes the new features in Microsoft Windows Rights Management Services Service Pack 2 (RMS SP2). The article also provides links to obtain the RMS client software. |
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-071 |
Title:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, publicly disclosed vulnerability. The vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows Vista |
Bulletin ID:
MS06-070 |
Title:
Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS06-069 |
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves privately reported vulnerabilities in Macromedia Flash Player from Adobe, version 6.0.84.0 and earlier. Macromedia Flash Player is a third party software application that also was redistributed with Microsoft Windows XP Service Pack 2 and Microsoft Windows XP Professional x64 Edition. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. The Adobe Security Bulletin APSB06-11, issued September 12, 2006, describes the vulnerabilities and provides the download locations for customers who have installed Flash Player 7 and higher so that you can install the appropriate update based on the version of Flash Player you are using. Customers that have followed the guidance in the Adobe Security Bulletin are not at risk from these vulnerabilities.
If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-068 |
Title:
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
MS06-067 |
Title:
Cumulative Security Update for Internet Explorer (922760) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-066 |
Title:
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
The Client Service for NetWare is also called the Gateway Service for NetWare on Windows 2000 Server.
On vulnerable versions of Microsoft Windows, an attacker who successfully exploited these vulnerabilities could remotely take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
926874 |
Title:
Windows Internet Explorer 7 |
Update Type:
Unknown Type |
Severity:
N/A |
| Windows Internet Explorer 7 |
Applies to:
|
Bulletin ID:
MS06-065 |
Title:
Vulnerability in Windows Object Packager Could Allow Remote Execution (924496) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, significant user interaction is required to exploit this vulnerability.
Customers should consider applying the security update
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-064 |
Title:
Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) |
Update Type:
Security Update |
Severity:
Low |
| This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations.
An attacker who successfully exploited the most severe of these vulnerabilities against an affected system could cause the system to stop responding or automatically reboot.
We recommend that customers evaluate whether to apply the security update to the affected systems.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-063 |
Title:
Vulnerability in Server Service Could Allow Denial of Service (923414) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves publicly and privately reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update at the earliest opportunity
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-062 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-061 |
Title:
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows Vista
Windows XP x64 Edition
Office 2003
SQL Server Feature Pack |
Bulletin ID:
MS06-060 |
Title:
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-059 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-058 |
Title:
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) |
Update Type:
Security Update |
Severity:
Critical |
| This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of PowerPoint, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-057 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Execution (923191) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-056 |
Title:
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to acquire information that could be used to further compromise the affected system.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP |
Bulletin ID:
MS06-055 |
Title:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a public vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-054 |
Title:
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-053 |
Title:
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to produce useful information that could be used to further compromise the affected system.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-052 |
Title:
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the vulnerability could take complete control of the affected system. The Windows service needed that would allow PGM communications is not installed by default.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP |
Bulletin ID:
MS06-051 |
Title:
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS06-050 |
Title:
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
User interaction is required for an attacker to exploit these vulnerabilities.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-049 |
Title:
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, publicly reported vulnerability and additional issues discovered through internal investigations.
An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-048 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-047 |
Title:
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
On vulnerable versions of Office or Microsoft Visual Basic for Applications, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP |
Bulletin ID:
MS06-046 |
Title:
Vulnerability in HTML Help Could Allow Remote Code Execution (922616) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-045 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS06-044 |
Title:
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-043 |
Title:
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, publicly-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-042 |
Title:
Cumulative Security Update for Internet Explorer (918899) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-041 |
Title:
Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported, vulnerabilities.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply this update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-040 |
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (921883) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a privately disclosed vulnerability as well as additional issues discovered through internal investigations.
An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
920115 |
Title:
Service Pack 3 for Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006 |
Update Type:
Service Pack |
Severity:
|
| Update for Microsoft Outlook 2003 with Business Contact Manager Update and for Small Business Accounting 2006. |
Applies to:
Office 2003 |
Bulletin ID:
MS06-039 |
Title:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves two newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own "Vulnerability Details" section in this bulletin.
On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-038 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2002/XP
Office 2003 |
Bulletin ID:
MS06-037 |
Title:
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-036 |
Title:
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS06-035 |
Title:
Vulnerability in Server Service Could Allow Remote Code Execution (917159) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-034 |
Title:
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-033 |
Title:
Vulnerability in ASP.NET Could Allow Information Disclosure (917283) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-032 |
Title:
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Customers should apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-031 |
Title:
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly discovered, privately reported vulnerability. A spoofing vulnerability exists in the RPC service that could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-030 |
Title:
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-029 |
Title:
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could perform script injection attacks.
We recommend that customers consider applying the security update.
|
Applies to:
Exchange Server 2003
Exchange 2000 Server |
Bulletin ID:
MS06-028 |
Title:
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-027 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, public vulnerability. The vulnerability is documented in this bulletin in the "Vulnerability Details" section of this bulletin.
A remote code execution vulnerability exists in Word using a malformed object pointer. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-025 |
Title:
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update immediately
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition
Windows 2000 |
Bulletin ID:
MS06-024 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000 |
Bulletin ID:
MS06-023 |
Title:
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered vulnerability. A remote code execution vulnerability exists in Microsoft JScript that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS06-022 |
Title:
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way AOL ART images are handled. This vulnerability could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-021 |
Title:
Cumulative Security Update for Internet Explorer (916281) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS06-020 |
Title:
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-019 |
Title:
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately
|
Applies to:
Exchange Server 2003
Exchange 2000 Server |
Bulletin ID:
MS06-018 |
Title:
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-017 |
Title:
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers consider applying the security update.
|
Applies to:
Office 2002/XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-016 |
Title:
Cumulative Security Update for Outlook Express (911567) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS06-015 |
Title:
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS06-014 |
Title:
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS06-013 |
Title:
Cumulative Security Update for Internet Explorer (912812) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-012 |
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP |
Bulletin ID:
MS06-011 |
Title:
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-009 |
Title:
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190) |
Update Type:
Security Update |
Severity:
Important |
|
Applies to:
Office 2003
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-008 |
Title:
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-007 |
Title:
Vulnerability in TCP/IP Could Allow Denial of Service (913446) |
Update Type:
Security Update |
Severity:
Important |
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS06-006 |
Title:
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows 2000
Windows XP |
Bulletin ID:
MS06-005 |
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003 |
Bulletin ID:
MS06-004 |
Title:
Cumulative Security Update for Internet Explorer (910620) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS06-003 |
Title:
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
On vulnerable versions of Outlook, Office Language Interface Packs, Office MultiLanguage Packs or Office Multilingual User Interface Packs, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
On vulnerable versions of Exchange, an attacker who successfully exploited this vulnerability could take complete control of an affected system. This vulnerability could be exploited automatically without user interaction. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Office 2003
Office 2002/XP
Exchange 2000 Server |
Bulletin ID:
MS06-002 |
Title:
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability.
An attacker who successfully exploited this vulnerability could take control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP |
Bulletin ID:
MS06-001 |
Title:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-055 |
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows 2000 |
Bulletin ID:
MS05-054 |
Title:
Cumulative Security Update for Internet Explorer (905915) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-053 |
Title:
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-052 |
Title:
Cumulative Security Update for Internet Explorer (896688) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered public vulnerability and other privately-reported variations of the same vulnerability. The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer, allow an attacker to take complete control of an affected system. Because these COM objects were not designed to be instantiated in Internet Explorer, this update sets the kill bit for the affected Class Identifiers (CLSID) in these COM objects. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows XP x64 Edition
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-051 |
Title:
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that Windows 2000 and Windows XP Service Pack 1 customers apply the update immediately. We recommend that customers using other operating system versions apply the update at the earliest opportunity.
|
Applies to:
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP
Windows XP x64 Edition |
Bulletin ID:
MS05-050 |
Title:
Vulnerability in DirectShow Could Allow Remote Code Execution (904706) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows 2000
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS05-049 |
Title:
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-048 |
Title:
Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Exchange 2000 Server |
Bulletin ID:
MS05-047 |
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows XP
Windows 2000 |
Bulletin ID:
MS05-046 |
Title:
Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server.
An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-045 |
Title:
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, public vulnerability. A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
An attacker who successfully exploited this vulnerability could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-044 |
Title:
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the Windows FTP client because of the way it validates file names. This vulnerability could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session.
The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-043 |
Title:
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-042 |
Title:
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves two newly-discovered vulnerabilities, a privately reported vulnerability and a publicly reported vulnerability. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited the most severe of these vulnerabilities could cause the service responsible for authenticating users in an Active Directory domain to stop responding.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-041 |
Title:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) |
Update Type:
Security Update |
Severity:
Moderate |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability in the Remote Desktop Protocol (RDP) exists that could allow an attacker to cause a system to stop responding. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers consider applying the security update.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-040 |
Title:
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) |
Update Type:
Security Update |
Severity:
Important |
| This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition
Windows XP
Windows 2000 |
Bulletin ID:
MS05-039 |
Title:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP x64 Edition
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000 |
Bulletin ID:
MS05-038 |
Title:
Cumulative Security Update for Internet Explorer (896727) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows 2000
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows XP x64 Edition |
Bulletin ID:
MS05-037 |
Title:
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, public vulnerability. A COM object, the JView Profiler (Javaprxy.dll), when instantiated in Internet Explorer, contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. Since the JView Profiler COM object was not designed to be accessed through Internet Explorer, this update sets the kill bit for the JView Profiler (Javaprxy.dll) COM object. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS05-036 |
Title:
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
A remote code execution vulnerability exists in the Microsoft Color Management Module because of the way that it handles ICC profile format tag validation.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
|
Applies to:
Windows XP
Windows Server 2003, Datacenter Edition
Windows Server 2003
Windows 2000
Windows XP x64 Edition |
Bulletin ID:
MS05-035 |
Title:
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672) |
Update Type:
Security Update |
Severity:
Critical |
| This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update at the earliest opportunity.
|
Applies to:
Office 2002/XP |
| | |
