Mssecure - 2005-02-15 (Shavlik)
Source: mssecure.cab
Data Updated: 2/15/2005
Data Version: 1.1.2.364
MSBA/Tool Version: 1.1.1 4.0
MS98-001 - Disabling Creation of Local Groups on a Domain by Non-Administrative Users
Posted: 1998/06/01
Q169556
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: CREATALS_x86.exe
MS98-002 - Error Message Vulnerability Against Secured Internet Servers
Posted: 1998/06/26
Q148427
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Exchange Server 5.5
- Exchange Server 5.5 Gold
- Exchange Server 5.5 SP1
Patch: ssl-fixi.exe
MS98-003 - File Access Issue with Windows NT Internet Information Server
Posted: 1998/07/02
Q188806
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: iis3fixi.exe
Q188806
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Personal Web Server 4.0
- Windows NT4 Service Pack 3
Patch: iis4fixi.exe
MS98-004 - Unauthorized ODBC Data Access with RDS and IIS
Posted: 1998/07/14
Q184375
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS98-005 - Unwanted Data Issue with Office 98 for the Macintosh
Posted: 1998/07/17
Affected Products:
- Office 98 for Macintosh
- Office 98 for Macintosh Gold
Patch: 98-005
MS98-006 - Potential Denial-of-Service in IIS FTP Server due to Passive Connections
Posted: 1998/07/23
Q189262
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
Patch: ftpfix4i.exe
Q189262
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: ftpfix3i.exe
MS98-007 - Potential SMTP and NNTP Denial-of-Service Vulnerabilities
Posted: 1998/07/24
Q188369
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2stri.exe
Q188341
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2imsi.exe
Q188341
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 Gold
Patch: MS98-007
MS98-008 - Long file name Security Issue affecting Microsoft Outlook 98 and Microsoft Outlook Express 4.x
Posted: 1998/07/27
Affected Products:
- Outlook 98
- Outlook 98 Gold
Patch: outptch2.exe
Affected Products:
- Outlook Express 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 Gold
Patch: oelong
MS98-009 - Windows NT Privilege Elevation Attack
Posted: 1998/07/27
Q190288
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: privfixi.exe
MS98-010 - Information on the Back Orifice Program
Posted: 1998/08/04
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: MS98-010
MS98-011 - Window.External JScript Vulnerability in Microsoft Internet Explorer 4.0
Posted: 1998/08/17
Q191200
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
Patch: jscript.asp
Posted: 1998/09/04
Q168485
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
Patch: xframe.asp
MS98-015 - Untrusted Scripted Paste Issue in Microsoft Internet Explorer 4.01
Posted: 1998/10/16
Q169245
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: paste.asp
MS98-016 - Dotless IP Address Issue in Microsoft Internet Explorer 4
Posted: 1998/10/23
Q168617
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: dotless.asp
MS98-019 - IIS GET Vulnerability
Posted: 1998/12/21
Q192296
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: infget4i.exe
Q192296
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
Patch: infget3i.exe
MS98-018 - Excel CALL Vulnerability
Posted: 1998/12/10
Q196791
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg
MS98-020 - Frame Spoof Vulnerability
Posted: 1998/12/23
Q167614
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: spoof.asp
MS98-017 - Named Pipes Over RPC Vulnerability
Posted: 1998/11/19
Q195733
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: nprpcfxi.exe
- ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4/archive/nprpc-fix/
MS98-012 - Updates available for Security Vulnerabilities in Microsoft PPTP
Posted: 1998/08/18
Q189771
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: dun40.exe
Q189595
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
Patch: pptpfixi.exe
Q189594
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
Patch: rrasfixi.exe
Q154091
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: msdun13.exe
MS98-014 - RPC Spoofing Denial of Service on Windows NT
Posted: 1998/09/29
Q193233
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: snk-fixi.exe
Q193233
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT 4 Terminal Server Gold
Patch: Snk-fixi.exe
MS99-001 - Exposure in Forms 2.0 TextBox Control that allows data to be read from user's Clipboard
Posted: 1999/01/21
Q214757
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Outlook 98
- Office 97 SR-2/SR-2b
- Project 98
- Office 97 SR-2/SR-2b
- Visual Basic 5.0
- Visual Basic 5.0 Gold
- Word 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
- PowerPoint 97
- Office 97 SR-2/SR-2b
Patch: fm2paste.exe
MS99-002 - Word 97 Template Vulnerability
Posted: 1999/01/21
Q214652
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: Wd97SP.EXE
MS99-003 - IIS Malformed FTP List Request Vulnerability
Posted: 1999/02/03
Q188348
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls3i.exe
Q188348
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls4i.exe
MS99-007 - Taskpads Scripting Vulnerability
Posted: 1999/02/22
Q218619
Affected Products:
- Windows 98 Resource Kit
- Windows 98 Resource Kit Gold
- Windows 98 Resource Kit Sampler
- Windows 98 Resource Kit Sampler Gold
Patch: tmcpatch.exe
Q218619
Affected Products:
- BackOffice Resource Kit SE
- BackOffice Resource Kit SE Gold
Patch: itmcpatch.exe
MS99-010 - File Access Vulnerability in Personal Web Server
Posted: 1999/03/26
Q216453 (FP98)
Affected Products:
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Pwssecup.exe
Q216453 (FP98)
Affected Products:
- FrontPage 98 Personal Web Server 1.0
- FrontPage 98 Personal Web Server 1.0 Gold
Patch: fppws98.exe
Q216453 (FP98)
Affected Products:
- FrontPage 97 Personal Web Server 1.0
- FrontPage 97 Personal Web Server 1.0 Gold
Patch: Q217765
MS99-005 - BackOffice Server 4.0 Does Not Delete Installation Setup File
Posted: 1999/02/12
Q217004
Affected Products:
- BackOffice Server 4.0
- BackOffice Server 4.0 Gold
Patch: Q217004
MS99-004 - Authentication Processing Error in Windows NT 4.0 Service Pack 4
Posted: 1999/02/08
Q214840
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: msv-fixi.exe
MS99-006 - Windows NT Known DLLs List Vulnerability
Posted: 1999/02/19
Q218473
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: Smss-fixi
MS99-008 - Windows NT Screen Saver Vulnerability
Posted: 1999/03/12
Q221991
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: Scrnsavi.exe
Q221991
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT 4 Terminal Server Gold
Patch: Scrnsavi.Exe
MS99-009 - Malformed Bind Request Vulnerability
Posted: 1999/03/16
Q221989
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: PSP2DIRI.EXE
MS99-013 - File Viewers Vulnerability
Posted: 1999/05/07
Q232449
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
Patch: fix2450i.exe
Q231368
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
Patch: viewfixi.exe
MS99-015 - Malformed Help File Vulnerability
Posted: 1999/05/17
Q231605
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: winhlp-i.exe
MS99-016 - Malformed Phonebook Entry Vulnerability
Posted: 1999/05/20
Q230677
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
Patch: rasffixi.exe
MS99-017 - RAS and RRAS Password Vulnerability
Posted: 1999/05/27
Q230681
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: raspassword-fix
MS99-020 - Malformed LSA Request Vulnerability
Posted: 1999/06/23
Q231457
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
Patch: lsareqi.exe
MS99-021 - CSRSS Worker Thread Exhaustion Vulnerability
Posted: 1999/06/23
Q233323
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: csrssfxi.exe
MS99-023 - Malformed Image Header Vulnerability
Posted: 1999/06/30
Q234557
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: krnlifxi.exe
Q234557
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Krnlifxi.exe
MS99-024 - Unprotected IOCTLs Vulnerability
Posted: 1999/07/06
On a terminal server, such a program could disable the keyboard and mouse on the console.
Q236359
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: ioctlfxi.exe
Q236359
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Ioctlfxi.exe
MS99-025 - Unauthorized Access to IIS Servers through ODBC Data Access with RDS
Posted: 1999/07/17
Q184375
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS99-026 - Malformed Dialer Entry Vulnerability
Posted: 1999/07/29
Q237185
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: dialrfxi.exe
Q237185
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Dialrfxi.exe
MS99-027 - Encapsulated SMTP Address Vulnerability
Posted: 1999/08/06
Q237927
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: psp2imci.zip
MS99-028 - Terminal Server Connection Request Flooding Vulnerability
Posted: 1999/08/09
Q228724
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: tsmemfxi.exe
MS99-029 - Malformed HTTP Request Header Vulnerability
Posted: 1999/08/11
Q238606
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: vdext4i.exe
MS99-031 - Virtual Machine Sandbox Vulnerability
Posted: 1999/08/25
Q240346
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: msjavx86.exe
Q240346
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86_jvm.exe
MS99-034 - Fragmented IGMP Packet Vulnerability
Posted: 1999/09/03
Q238329
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: igmpfixi.exe
Q238329
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Igmpfixi.exe
Q238453
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 238453US5.exe
Q238453
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 238453US8.EXE
MS99-036 - Windows NT 4.0 Does Not Delete Unattended Installation File
Posted: 1999/09/10
Q155197
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: MS99-036
MS99-038 - Spoofed Route Pointer Vulnerability
Posted: 1999/09/20
Q238453
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
Patch: ipsrfixi.exe
MS99-039 - Domain Resolution and FTP Download Vulnerabilities
Posted: 1999/09/23
Q241805
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: iprftp4i.exe
Q241805
Affected Products:
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q242559.exe
MS99-041 - RASMAN Security Descriptor Vulnerability
Posted: 1999/09/30
Q242294
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
Patch: fixrasi.exe
MS99-045 - Virtual Machine Verifier Vulnerability
Posted: 1999/10/21
Q244283
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: msjavx86.exe
Q244283
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86_jvm.exe
MS99-046 - Improve TCP Initial Sequence Number Randomness
Posted: 1999/10/22
Q243835
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: q243835sp5i.exe
Q243835
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q243835i.exe
Q243835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Q243835i.EXE
MS99-047 - Malformed Spooler Request Vulnerability
Posted: 1999/11/04
Q243649
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q243649.exe
MS99-050 - Server-side Page Reference Redirect Vulnerability
Posted: 1999/12/08
Q246094
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q246094.exe
Q256094
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q246094.exe
MS99-055 - Malformed Resource Enumeration Argument Vulnerability
Posted: 1999/12/09
The primary effect of the failure is to cause named pipes to fail, which prevents many other system services from operating.
Q246045
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q246045.EXE
MS99-056 - Syskey Keystream Reuse Vulnerability
Posted: 1999/12/16
Q248183
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q248183.EXE
Q248183
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: Q248183ts.exe
MS99-057 - Malformed Security Identifier Request Vulnerability
Posted: 1999/12/16
Q248183
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q248183.EXE
MS00-001 - Malformed IMAP Request Vulnerability
Posted: 2000/01/04
Q246731
Affected Products:
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q246731engi.EXE
MS00-002 - Malformed Conversion Data Vulnerability
Posted: 2000/01/20
Q249881
Affected Products:
- Word 98
- Word 98 Gold
- PowerPoint 98
- PowerPoint 98 Gold
- Word 97
- Word 97 Gold
Patch: WW5Pkg.exe
Q249881
Affected Products:
- Word 2000
- Word 2000 Gold
- PowerPoint 2000
- PowerPoint 2000 Gold
Patch: WW5pkg.exe
MS00-003 - Spoofed LPC Port Request Vulnerability
Posted: 2000/01/12
Q247869
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q247869i.EXE
MS00-004 - RDISK Registry Enumeration File Vulnerability
Posted: 2000/01/21
Q249108
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: Q249108i.exe
Q249108
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: q249108i.EXE
MS00-005 - Malformed RTF Control Word Vulnerability
Posted: 2000/01/17
Q249973
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q249973i.EXE
Q249973
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.5
- Windows 95 SR 2.1
Patch: 249973USA5.exe
Q249973
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 249973USA8.exe
Q249973
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
Patch: q249973ts.exe
MS00-006 - Malformed Hit-Highlighting Argument Vulnerability
Posted: 2000/01/26
The first vulnerability is the "Malformed Hit-Highlighting Argument" vulnerability. The ISAPI filter that implements the hit-highlighting (also known as "WebHits") functionality does not adequately constrain what files can be requested. By providing a deliberately-malformed argument in a request to hit-highlight a document, it is possible to escape the virtual directory. This would allow any file residing on the server itself, and on the same logical drive as the web root directory, to be retrieved regardless of permissions. This variant could allow the source of server-side files such as .ASP files to be read. The new variant affects only Index Server 2.0, and Windows 2000 customers who applied the original patch were never at risk from it. The second vulnerability involves the error message that is returned when a user requests a non-existent Internet Data Query file. The error message provides the physical path to the web directory that was contained in the request. Although this vulnerability would not allow a malicious user to alter or view any data, it could be a valuable reconnaissance tool for mapping the file structure of a web server. This variant could allow a malicious user to read files. The variant was eliminated by the original patch, and customers who applied the original version of the patch were never at risk from it. Indexing Services in Windows 2000 is affected only by the "Malformed Hit-Highlighting" vulnerability - it is not affected by the second vulnerability.
Q251170
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q251170_W2K_SP1_X86_en.EXE
Q252463
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q252463i.EXE
Q252463
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q252463ts.exe
MS00-007 - Recycle Bin Creation Vulnerability
Posted: 2000/02/01
The Windows NT Recycle Bin for a given user maps to a folder, whose name is based on the owner's SID. The folder is created the first time the user deletes a file, and the owner is given sole permissions to it. However, if a malicious user could create the folder before the bona fide one were created, he or she could assign any desired permissions to it. This would allow him or her to create, modify or delete files in the Recycle Bin
Q248399
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: q248399i.exe
Q248399
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q248399ts.exe
MS00-008 - Registry Permissions Vulnerability
Posted: 2000/03/09
Q259496
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.exe
MS00-011 - VM File Reading Vulnerability
Posted: 2000/02/18
Q253562
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
Q253562
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86_jvm.exe
Q287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
MS00-021 - Malformed TCP/IP Print Request Vulnerability
Posted: 2000/03/30
A specially-malformed print request could cause TCPSVC.EXE to crash, which would not only prevent the server from providing printing services, but also would stop several other services, most importantly DHCP.
Q257870
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q257870i.EXE
Q257870
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q257870_W2K_SP1_x86_en.EXE
Q257870
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q257870ts.exe
MS00-020 - Desktop Separation Vulnerability
Posted: 2000/06/15
By design, processes are constrained to run within a windows station, and the threads in the process run in one or more desktops. A process in one windows station should not be able to access desktops belonging to another windows station. However, due to an implementation error, this could happen under very specific circumstances. This could allow a process belonging to a low-privilege user to view inputs or output that belong to another desktop within the same session, and potentially obtain information such as passwords
Q260197
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q260197_w2k_sp1_x86_en.exe
MS00-026 - Mixed Object Access Vulnerability
Posted: 2000/04/20
Active Directory allows for access control of directory objects on a per-attribute basis. However, the vulnerability at issue here could allow a malicious user to modify object attributes that he does not have permission to modify, as long as he combined the operation in a particular way with ones involving attributes that he does have permission to modify.The vulnerability does not afford the malicious user an opportunity to modify all objects in a class ? only the specific class objects for which he has permission to modify at least one attribute. Further, the vulnerability provides no capability to bypass normal authentication or Windows 2000 auditing, so administrators could determine if this vulnerability were being exploited, and by wh
Q259401
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q259401_w2k_sp1_x86_en.exe
MS00-027 - Malformed Environment Variable Vulnerability
Posted: 2000/04/20
CMD.EXE, the command processor for Windows NT 4.0 and Windows 2000, has an unchecked buffer in part of the code that handles environment strings. It could be used to mount denial of service attacks in certain cases. If a server provides batch or other script files, a malicious user could potentially provide arguments that would create an extremely large environment string and overflow the buffer. This would cause the process to fail, and the memory allocated to the process would not be made available again until a dialogue had been cleared on the operator's console. By repeatedly running the batch file, the malicious user could potentially make some or all of the memory on the server temporarily unavailabl
Q259622
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q259622i.exe
Q259622
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q259622_w2k_sp1_x86_en.exe
MS00-029 - IP Fragment Reassembly Vulnerability
Posted: 2000/05/19
The affected systems contain a flaw in the code that performs IP fragment reassembly. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected machine, it could be made to devote most or all of its CPU availability to processing them. The data rate needed to completely deny service varies depending on the machine and network conditions, but in most cases even relatively moderate rates would suffice.The vulnerability would not allow a malicious user to compromise data on the machine or usurp administrative control over it. Although it has been reported that the attack in some cases will cause an affected machine to crash, affected machines in all Microsoft testing returned to normal service shortly after the fragments stopped arriving. Machines protected by a proxy server or a firewall that drops fragmented packets would not be affected by this vulnerability. The machines most likely to be affected by this vulnerability would be machines located on the edge of a network such as web servers or proxy servers
Q259728
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q259728i.EXE
Q259728
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
Patch: Q259728_W2K_SP1_x86_en.EXE
Q259728
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q259728i.EXE
Q259728
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 259728USA5.EXE
Q259728
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 259728USA8.EXE
MS00-032 - Protected Store Key Length Vulnerability
Posted: 2000/06/01
By design, the Protected Store should always encrypt the information using the strongest cryptography available on the machine. An attacker would need to gain complete administrative control over the machine that houses the Protected Store in order to gain access to it, and even then would still need to mount a brute-force cryptographic attack against it.
Q260219
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q260219_w2k_sp1_x86_en.exe
MS00-036 - ResetBrowser Frame and Host Announcement Frame Vulnerabilities
Posted: 2000/05/25
The two vulnerabilities are:The "ResetBrowser Frame" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser.The "HostAnnouncement Flooding" vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume The "ResetBrowser Frame" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser. The "HostAnnouncement Flooding" vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume most or all of the network bandwidth and cause other problems in processing the table as well.
Q262694
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q262694i.EXE
Q262694
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q262694_W2K_SP2_x86_en.EXE
Q262694
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q262694ts.exe
MS00-040 - Remote Registry Access Authentication Vulnerability
Posted: 2000/06/08
Q264684
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q264684i.EXE
Q264684
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q264684ts.exe
MS00-047 - NetBIOS Name Server Protocol Spoofing Vulnerability
Posted: 2000/07/27
By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same - the machine would not respond requests sent to the conflicted name anymore. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139
Q269239
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: q269239i.exe
Q269239
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q269239_W2K_SP2_x86_en.EXE
Q269239
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q269239i.exe
MS00-052 - Relative Shell Path Vulnerability
Posted: 2000/07/28
Because of the circumstances in place at system startup time, the normal search order would cause any file named Explorer.exe in the %Systemdrive%\ directory to be loaded in place of the bona fide version. This could provide an opportunity for a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.
Q269049
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q269049i.EXE
Q269049
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q269049i.exe
Q269049
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q269049_w2k_sp2_x86_en.exe
MS00-053 - Service Control Manager Named Pipe Impersonation Vulnerability
Posted: 2000/08/02
The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges. The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk.
Q269523
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269523_W2K_SP2_x86_en.EXE
MS00-057 - File Permission Canonicalization Vulnerability
Posted: 2000/08/10
A canonicalization error can, under certain conditions, cause IIS 4.0 or 5.0 to apply incorrect permissions to certain types of files. If an affected file residing in a folder with restrictive permissions were requested via a particular type of malformed URL, the permissions actually used would be those of a folder in the file's parentage chain, but not those of the folder the file actually resides in. If the ancestor folder's permissions were more permissive than those of the correct folder, the malicious user would gain additional privileges to the affected file.
Q269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
Q269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_en.EXE
MS00-059 - Java VM Applet Vulnerability
Posted: 2000/08/21
Q271752
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
Q271752
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86_jvm.exe
Q287030
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
MS00-060 - IIS Cross-Site Scripting Vulnerabilities
Posted: 2000/08/25
If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to "inject" script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user's script to run on the user's machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and blindly uses it to generate web pages.
Q260347
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: crsscri.exe
Q275657
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q275657_W2K_SP2_x86_en.EXE
MS00-062 - Local Security Policy Corruption Vulnerability
Posted: 2000/08/28
This vulnerability could allow a malicious user to corrupt parts of a Windows 2000 system's local security policy, with the effect of disrupting domain membership and trust relationship information. If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests.
Q269609
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
Patch: Q269609_W2K_SP1_x86_en.EXE
MS00-063 - Invalid URL Vulnerability
Posted: 2000/09/05
Q271652
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q271652i.EXE
Q271652
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q271652I.EXE
MS00-065 - Still Image Service Privilege Escalation Vulnerability
Posted: 2000/09/06
An unchecked buffer exists in the 'Still Image Service' on Windows 2000 hosts. A locally logged-on user can execute malicious code that will use the still image service to escalate their permissions equal to that of the Still Image Service, namely, LocalSystem.
Q272736
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272736_w2k_sp2_x86_en.exe
MS00-066 - Malformed RPC Packet Vulnerability
Posted: 2000/09/11
A denial of service can occur when a malicious client sends a particular malformed RPC (Remote Procedure Call) packet to the server, causing the RPC service to fail. A server behind a firewall that blocks ports 135-139 and 445 will not be affected by this vulnerability from the Internet.
Q272303
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272303_w2k_sp2_x86_en.exe
MS00-067 - Windows 2000 Telnet Client NTLM Authentication Vulnerability
Posted: 2000/09/14
A vulnerability exists because the client will, by default, perform NTLM authentication when connecting to the remote telnet server. This could allow a malicious user to obtain another user's NTLM authentication credentials without the user's knowledge. A malicious user could exploit this behavior by creating a carefully-crafted HTML document that, when opened, could attempt to initiate a Telnet session to a rogue telnet server - automatically passing NTLM authentication credentials to the malicious server's owner. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
Q272743
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272743_w2k_sp2_x86_en.exe
MS00-068 - OCX Attachment Vulnerability
Posted: 2000/09/26
Q274303
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: WMSU28412.EXE
MS00-069 - Simplified Chinese IME State Recognition Vulnerability
Posted: 2000/09/29
Input Method Editors (IMEs) enable character-based languages such as Chinese to be entered via a standard 101-key keyboard. When an IME is installed as part of the system setup, it is available by default as part of the logon screen. In such a case, the IME should recognize that it is running in the context of the LocalSystem and not in the context of a user, and restrict certain functions. This vulnerability only affects the Simplified Chinese version of Windows 2000 by default - customers using any other version of Windows 2000 are not affected. Even if the Simplified Chinese IMEs were installed after setup as part of a language pack, it would not be present as part of the logon screen and therefore would not pose a security threat. The vulnerability allows only the local machine to be compromised, but does not grant any domain privileges (unless, of course, the local machine happens to be a domain controller). Because the vulnerability is exposed as part of the logon screen, it could only be exploited by a user who had physical access to a keyboard, or who could start a terminal server session on an affected machine.
Q270676
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q270676_w2k_sp2_x86_en.exe
MS00-070 - Multiple LPC and LPC Ports Vulnerabilities
Posted: 2000/10/03
The "Invalid LPC Request" vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail. The "LPC Memory Exhaustion" vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted. The "Predictable LPC Message Identifier" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process' LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible under certain conditions to send bogus requests to a privileged process in order to gain additional local privileges. A new variant of the previously-reported "Spoofed LPC Port Request" vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes. Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local - not domain - privileges on the malicious user
Q266433
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q266433i.exe
Q266433
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q266433_w2k_sp2_x86_en.exe
Posted: 2000/10/10
Q273991
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273991usam.exe
Q273991
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98se Gold
Patch: 273991USA8.EXE
Q273991
Affected Products:
- Windows 95
- Windows 95 Gold
Patch: 273991USA5.EXE
MS00-073 - Malformed IPX NMPI Packet Vulnerability
Posted: 2000/10/11
Q273727
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273727USAM.EXE
Q273727
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 273727USA8.EXE
Q273727
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 273727USA5.EXE
MS00-074 - WebTV for Windows Denial of Service Vulnerability
Posted: 2000/10/11
Q274113
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274113usam.exe
Q274113
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 274113USA8.EXE
MS00-076 - Cached Web Credentials Vulnerability
Posted: 2000/10/12
When a user authenticates to a secured web page via Basic Authentication, IE caches the userid and password that were used, in order to minimize the number of times the user must authenticate to the same site. By design, IE should only send the cached credentials to secured pages on the site. However, it will actually send them to non-secure pages on the site as well. If a malicious user had complete control of another user?s network communications, he could wait until another user logged onto a secured site, then spoof a request for a non-secured page in order to collect the credentials.
Q273868
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q273868.exe
MS00-077 - NetMeeting Desktop Sharing Vulnerability
Posted: 2000/10/13
The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled.
Q273854
Affected Products:
- NetMeeting
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: NM30.EXE
Q299796
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299796_W2k_SP3_x86_en.exe
MS00-078 - Web Server Folder Traversal Vulnerability
Posted: 2000/10/17
Due to a canonicalization error in IIS 4.0 and 5.0, a particular type of malformed URL could be used to access files and folders that lie anywhere on the logical drive that contains the web folders. This would potentially enable a malicious user who visited the web site to gain additional privileges on the machine ? specifically, it could be used to gain privileges commensurate with those of a locally logged-on user. Gaining these permissions would enable the malicious user to add, change or delete data, run code already on the server, or upload new code to the server and run it.
Q269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
Q269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_en.EXE
MS00-079 - HyperTerminal Buffer Overflow Vulnerability
Posted: 2000/10/18
Q274548
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274548usam.exe
Q274548
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 274548USA8.EXE
Q276471
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q276471_W2K_SP3_x86_en.EXE
Q304158
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q304158i.exe
MS00-080 - Session ID Cookie Marking Vulnerability
Posted: 2000/10/23
If a user initiated a session with a secure web page, a Session ID cookie would be generated and sent to the user, protected by SSL. But if the user subsequently visited a non-secure page on the same site, the same Session ID cookie would be exchanged, this time in plaintext. If a malicious user had complete control over the communications channel, he could read the plaintext Session ID cookie and use it to connect to the user?s session with the secure page. At that point, he could take any action on the secure page that the user could take.
Q274149
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: secsesi.exe
Q274149
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q274149_W2K_SP2_x86_en.EXE
MS00-081 - New Variant of VM File Reading Vulnerability
Posted: 2000/10/25
Q287030
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
Q277014
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
Q277014
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86_jvm.exe
MS00-082 - Malformed MIME Header Vulnerability
Posted: 2000/10/31
Q248838
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP3
Patch: Q248838engI.EXE
MS00-083 - Netmon Protocol Parsing Vulnerability
Posted: 2000/11/01
Q274835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q274835i.EXE
Q274835
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q274835_W2K_SP2_x86_en.EXE
Q273476
Affected Products:
- Systems Management Server 1.2
- Systems Management Server 1.2 SP4
Patch: Q273476c.EXE
Q273476
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
- Systems Management Server 2.0 SP2
Patch: Q273476c.exe
Q274835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q274835ts.exe
MS00-084 - Indexing Services Cross Site Scripting Vulnerability
Posted: 2000/11/02
The Cross-Site Scripting (CSS) vulnerability results when web applications don?t properly validate inputs before using them in dynamic web pages. If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to ?inject? script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user?s script to run on the user?s machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and uses it to generate web pages without sufficient validation. Microsoft has identified an Indexing Service component (CiWebHitsFile) that, when called from a specially crafted URL, is vulnerable to this scenario.
Q278499
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q278499_W2K_SP2_x86_en.EXE
MS00-085 - ActiveX Parameter Validation Vulnerability
Posted: 2000/11/02
An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desired action on the user's machine, limited only by the permissions of the user.
Q278511
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q278511_W2K_SP2_x86_en.EXE
MS00-086 - Web Server File Request Parsing Vulnerability
Posted: 2000/11/06
The ability to execute operating system commands on the web server would enable a malicious user to take virtually any action that an interactively-logged on user could take. He could, for instance, add, delete or change files on the server, run code that was already on the server, or upload code of his choice and run it.
Q277873
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: arbexei.exe
Q277873
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q277873_W2K_SP2_x86_en.EXE
MS00-087 - Terminal Server Login Buffer Overflow Vulnerability
Posted: 2000/11/08
Q277910
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: q277910i.exe
MS00-088 - Exchange User Account Vulnerability
Posted: 2000/11/16
Q278523
Affected Products:
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
Patch: Q278523ENGI.EXE
MS00-089 - Domain Account Lockout Vulnerability
Posted: 2000/11/21
Q274372
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
Patch: q274372_w2k_sp2_x86_en.exe
MS00-090 - .ASX Buffer Overrun and .WMS Script Execution Vulnerabilities
Posted: 2000/11/22
Q280419
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu34419.EXE
Q280419
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wmsu33995.exe
Q280419
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wmsu33995.exe
MS00-091 - Incomplete TCP/IP Packet Vulnerability
Posted: 2000/11/30
There is a denial of service vulnerability that affects Windows NT 4.0 Windows 95, 98, 98 Second Edition and Windows Me. By sending a flood of specially malformed TCP/IP packets to a victim?s machine a malicious user could cause either of two effects. In the most likely case, the flood would temporarily prevent any networking resources on an affected computer from responding to client requests; as soon as the packets stopped arriving, the machine would resume normal operation. In a less likely case, the system could hang, and remain unresponsive until it was rebooted. This vulnerability could only be exploited if TCP port 139 was open on the target machine. If the server service or File/Print sharing were disabled on a computer it would not be susceptible to this vulnerability
Q275567
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: q275567i.exe
Q275567
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q275567ts.exe
MS00-092 - Extended Stored Procedure Parameter Parsing Vulnerability
Posted: 2000/12/01
Q280380
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: s70918i.exe
Q280380
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 Gold
Patch: s80233i.exe
MS00-093 - Browser Print Template and File Upload via Form Vulnerabilities
Posted: 2000/12/01
Q279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
Q279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q279328.exe
Q279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q279328.Exe
MS00-094 - Phone Book Service Buffer Overflow Vulnerability
Posted: 2000/12/04
Q276575
Affected Products:
- Connection Manager
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q276575_W2K_SP2_x86_en.EXE
Q276575
Affected Products:
- Connection Manager
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: q276575i.exe
Q276575
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q276575ts.exe
MS00-095 - Registry Permissions Vulnerability
Posted: 2000/12/06
Q265714
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q265714i.EXE
Q265714
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q265714i.exe
MS00-096 - SNMP Parameters Vulnerability
Posted: 2000/12/06
This vulnerability is virtually identical to the SNMP Parameters vulnerability affecting Windows NT 4.0 systems and discussed in Microsoft Security Bulletin MS00-095. The SNMP Parameters key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters, provides the SNMP community name and SNMP management station identifiers, if they exist. SNMP community strings may allow either read or read-write access to the SNMP service. If no read-write access strings exist, the user could only use this vulnerability to read information through SNMP that is normally available to local users. If read-write access strings do exist, a malicious user could use this vulnerability to make changes to any system using the same community string for read-write access. It is important to remember that SNMP v1.0 has no security by design, and any user who could monitor network traffic could also obtain the SNMP community strings. SNMP is not installed on Windows NT 4.0 machines by default. It should be noted that the information revealed by this vulnerability is normally transmitted in plaintext across SNMP-managed networks. As a result, even in the absence of incorrect registry permissions, a malicious user could carry out the same attack if she could monitor network communicatio
Q266794
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q266794_W2K_SP2_x86_en.EXE
MS00-097 - Severed Windows Media Server Connection Vulnerability
Posted: 2000/12/15
Q281256
Affected Products:
- Windows Media Services 4.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows Media Services 4.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: WMSU35924.EXE
MS00-098 - Indexing Service File Enumeration Vulnerability
Posted: 2000/12/19
An ActiveX control that ships as part of Indexing Service is incorrectly marked as safe for scripting, thereby enabling it to be executed by web site applications. The control at issue here could be used to enumerate files and folders, and to view their properties. It would not be necessary for Indexing Service to be running in order for the vulnerability to be exploited; however, if it were running, the control also could be used to search for files containing specific words. The vulnerability could not be used to read files, except via a fairly unlikely scenario discussed in detail in the FAQ. It could not be used under any conditions to change, add or delete information on the user?s computer.
Q280838
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q280838_W2K_SP2_x86_en.EXE
MS00-099 - Directory Service Restore Mode Password Vulnerability
Posted: 2000/12/20
Q271641
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q271641_W2K_SP2_x86_en.EXE
MS00-100 - Malformed Web Form Submission Vulnerability
Posted: 2000/12/22
The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.
Q280322
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q280322_W2K_SP2_x86_en.EXE
Q280322
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q280322i.EXE
Q280322
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q280322
MS01-001 - Web Client Will Perform NTLM Authentication Regardless of Security Settings
Posted: 2001/01/11
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user?s web site ? either by browsing to the site or by opening an HTML mail that initiated a session with it an application on the site could capture the user?s NTLM credentials. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources. The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user.
Q282132
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 282132usam.exe
Q282132
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q282132_W2K_SP2_x86_en
Q282132
Affected Products:
- Office 2000
- Office 2000 SR1
Patch: fpwec
MS01-002 - PowerPoint 2000 File Parser Contains Unchecked Buffer
Posted: 2001/01/22
If an attacker inserted specially chosen data into a PowerPoint file and could entice another user into opening the file on his machine, the data would overrun the buffer, causing either of two effects.
Q285978
Affected Products:
- PowerPoint 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: ppt2ksec.exe
MS01-003 - Weak Permissions on Winsock Mutex Can Allow Service Failure
Posted: 2001/01/24
This could enable an attacker who had the ability to run code on a local machine to monopolize the mutex, thereby preventing any other processes from using the resource that it controlled. This would have the effect of preventing the machine from participating in the network.
Q279336
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q279336i.EXE
Q279336
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q279336i.exe
MS01-004 - Malformed .HTR Request Allows Reading of File Fragments
Posted: 2001/01/29
This one could enable an attacker to request a file in a way that would cause it to be processed by the .HTR ISAPI extension. The result of doing this is that fragments of server-side files like .ASP files could potentially be sent to the attacker.
Q285985
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: frgvuli.exe
Q285985
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285985_W2K_SP3_x86_en.EXE
MS01-005 - Packaging Anomaly Could Cause Hotfixes to be Removed
Posted: 2001/01/30
Microsoft packages all Windows 2000 hotfixes (including security patches) with a catalog file that lists all of the valid hotfixes that have been issued to date. The catalog is digitally signed to ensure its integrity, and Windows File Protection uses the signed catalog to determine which hotfixes are valid. An error in the production of the catalog files for English language Windows 2000 Post Service Pack 1 hotfixes made available through December 18, 2000 could, under very unlikely circumstances, cause Windows File Protection to remove a valid hotfix from a system. The removal of a hotfix could cause a customer?s system to revert to a version of a Windows 2000 module that contained a security vulnerability. Windows File Protection will only remove valid hotfixes from a Windows 2000 system under a very restrictive set of circumstances
Q281767
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
Patch: Q281767_W2K_SP2_x86_en.EXE
Q285083
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q285083_W2K_SP2_x86_en.EXE
MS01-006 - Invalid RDP Data Can Cause Terminal Server Failure
Posted: 2001/01/31
Q286132
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q286132_W2K_SP2_x86_en.EXE
MS01-007 - Network DDE Agent Requests Can Enable Code to Run in System Context
Posted: 2001/02/05
A vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.
Q285851
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285851_W2K_SP3_x86_en.EXE
MS01-008 - Malformed NTLMSSP Request Can Enable Code to Run with System Privileges
Posted: 2001/02/07
A flaw in the NTLM Security Support Provider (NTLMSSP) service could potentially allow a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. This vulnerability could only be exploited by an attacker who could log onto the affected machine interactively. However, best practices strongly suggest that unprivileged users not be allowed to interactively log onto business-critical servers like domain controllers, ERP servers, print and file servers, database servers, and others. If this recommendation has been followed, machines such as these would not be at risk from this vulnerability and, as a result, the machines most likely to be affected would be workstations and terminal servers.
Q280119
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q280119i.EXE
Q280119
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q280119i.exe
MS00-009 - Image Source Redirect Vulnerability
Posted: 2000/02/16
When a web server navigates a window from one domain into another one, the IE security model checks the server's permissions on the new page. However, it is possible for a web server to open a browser window to a client-local file, then navigate the window to a page that is in the web site's domain in such a way that the data in the client-local file is accessible to the new window. The data would only be accessible to the new window for a very brief period, but the result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user.
Q251109
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q251109.exe
Q251109
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: q251109.exe
MS01-009 - Malformed PPTP Packet Stream Can Cause Kernel Exhaustion
Posted: 2001/02/13
The PPTP service in Windows NT 4.0 has a flaw in a part of the code that handles a particular type of data packet, which results in a leak of kernel memory resulting in a denial of service vulnerability.
Q283001
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q283001i.exe
Q283001
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q283001ts.exe
MS01-010 - Windows Media Player Skins Files Can Enable Java Code to Execute
Posted: 2001/02/14
If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site, it could potentially cause the deployment of zipped Java code to a known location on the visiting user?s machine. Since the Java code would reside in a known location on the machine, script hosted on a hostile web site or embedded in a hostile HTML mail message could potentially invoke the script in the local computer security zone to take arbitrary action on the user?s machine.
Q287045
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu38041
- %windir%\system
MS01-011 - Malformed Request to Domain Controller Can Cause CPU Exhaustion
Posted: 2001/02/20
A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a flaw affecting how it processes a certain type of invalid service request. Specifically, the service should handle the request at issue here by determining that it is invalid and simply dropping it; in fact, the service performs some resource-intensive processing and then sends a response. If an attacker sent a continuous stream of such requests to an affected machine, it could consume most or all of the machine?s CPU availability. This could cause the domain controller to process requests for service slowly or not at all, and could limit the number of new logons the machine could process and the number of Kerberos tickets that could be issued.
Q299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS00-075 - Microsoft VM ActiveX Component Vulnerability
Posted: 2000/10/12
Q275609
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86_jvm.exe
Q275609
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
Q287030
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
MS00-071 - Word Mail Merge Vulnerability
Posted: 2000/10/05
Q274226
Affected Products:
- Word 2000
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SR1
Patch: wrdacc.exe
Q274226 (Word 2000)
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wdac97.exe
MS00-044 - Absent Directory Browser Argument Vulnerability
Posted: 2000/07/14
The vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it.
Q267559
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: htrdos4i.exe
Q267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q267559_W2K_SP2_x86_en.EXE
MS00-045 - Persistent Mail-Browser Link Vulnerability
Posted: 2000/07/20
This could allow the browser window to retrieve the text of mails subsequently displayed in the preview pane, and relay it to the malicious user.
Q261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
Q261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-046 - Cache Bypass Vulnerability
Posted: 2000/07/20
If an HTML mail created an HTML file outside the cache, it would run in the Local Computer Zone when opened. This could allow it to open a file on the user's computer and send it a malicious user's web site. The vulnerability also could be used as a way of placing an executable file on the user's machine, which the malicious user would then seek to launch via some other means.
Q261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
Q261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-048 - Stored Procedure Permissions Vulnerability
Posted: 2000/07/07
Q266766
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP2
Patch: s70918i.exe
MS00-051 - Excel REGISTER.ID Function Vulnerability
Posted: 2000/07/26
Q269252
Affected Products:
- Excel 2000
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SR1
Patch: xl9p3pkg.exe
Q269252
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p10pkg.exe
MS00-054 - Malformed IPX Ping Packet Vulnerability
Posted: 2000/08/03
Q265334
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 265334US5.EXE
Q265334
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 265334USA8.EXE
MS00-056 - Microsoft Office HTML Object Tag Vulnerability
Posted: 2000/08/09
Q269880
Affected Products:
- Office 2000
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SR1
Patch: Of9data.exe
MS00-058 - Specialized Header Vulnerability
Posted: 2000/08/14
If an IIS server receives a file request that contains a specialized header as well as one of several particular characters at the end, the expected ISAPI extension processing may not occur. The result is that the source code of the file would be sent to the browser.
Q256888
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q256888_W2K_SP1_x86_en.EXE
MS00-061 - Money Password Vulnerability
Posted: 2000/08/25
Q272232
Affected Products:
- Money 2000
- Money 2000 Gold
- Money 2001
- Money 2001 Gold
Patch: Update Internet Information
- On the Tools menu, click Update Internet Information.
MS00-042 - Active Setup Download Vulnerability
Posted: 2000/06/29
The flaws in downloading .cab file would allow a malicious web site operator to download a Microsoft-signed .cab file as a means of overwriting a file on the user's machine. By overwriting system files, this could allow the malicious user to render the machine unusable.
Q269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
Q265258
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q265258.exe
Q265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q265258.exe
Q265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q265258.Exe
MS00-043 - Malformed E-mail Header Vulnerability
Posted: 2000/07/18
Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user's computer.
Q261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
Q267884
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-064 - Unicast Service Race Condition Vulnerability
Posted: 2000/09/06
Q273014
Affected Products:
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
Patch: WMSU27678.EXE
MS00-033 - Frame Domain Verification and Unauthorized Cookie Access and Malformed Component Attribute Vulnerabilities
Posted: 2000/05/17
Q269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
Q269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-039 - SSL Certificate Validation Vulnerabilities
Posted: 2000/06/05
Q269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
Q269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-041 - DTS Password Vulnerability
Posted: 2000/06/13
Q264880
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: s70918i.exe
MS00-049 - Office HTML Script and IE Script Vulnerabilities
Posted: 2000/07/13
Q268365
Affected Products:
- Excel 2000
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SR1
Patch: Addinsec.exe
Q268365
Affected Products:
- PowerPoint 2000
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SR1
Patch: Addinsec.Exe
Q268365
Affected Products:
- PowerPoint 97
- PowerPoint 97 Gold
- Office 97
- Office 97 Gold
Patch: ppt97sec.EXE
Q269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
Q269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
Q269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
Q269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-050 - Telnet Server Flooding Vulnerability
Posted: 2000/07/24
The denial of service can occur when a malicious client sends a particular malformed string to the server through the Telnet service provided as part of Windows 2000 products.
Q267843
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q267843_w2k_sp2_x86_en.exe
MS00-055 - Scriptlet Rendering Vulnerability
Posted: 2000/08/09
Q269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
Q269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
Q269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
Q269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-034 - Office 2000 UA Control Vulnerability
Posted: 2000/05/12
Q262767
Affected Products:
- Office 2000
- Office 2000 SR1
Patch: Uactlsec.exe
MS00-035 - SQL Server 7.0 Service Pack Password Vulnerability
Posted: 2000/05/30
Q263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: sqlsp.exe
MS00-037 - HTML Help File Code Execution Vulnerability
Posted: 2000/06/02
The HTML Help facility provides the ability to launch code via shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user's computer without the user's approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site.
Q259166
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: hhupd.exe
Q259166
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q259166_W2K_SP1_x86_en.EXE
MS00-038 - Malformed Windows Media Encoder Request Vulnerability
Posted: 2000/05/30
Q264133
Affected Products:
- Windows Media Encoder 4.0
- Windows Media Encoder 4.0 Gold
- Windows Media Encoder 4.1
- Windows Media Encoder 4.1 Gold
Patch: WMSU20935a.EXE
MS00-010 - Site Wizard Input Validation Vulnerability
Posted: 2000/02/18
Q252614
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0 SP3
- Site Server 3.0 SP4
Patch: Q252614.zip
MS00-012 - Remote Agent Permissions Vulnerability
Posted: 2000/02/22
Q249847
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
Patch: Q249847i.EXE
MS00-013 - Misordered Windows Media Services Handshake Vulnerability
Posted: 2000/02/23
Q253943
Affected Products:
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
Patch: WMSU4954_NT4.EXE
Q253943
Affected Products:
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
Patch: WMSU4954_Win2000.EXE
MS00-014 - SQL Query Abuse Vulnerability
Posted: 2000/03/08
Q256052
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 Gold
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
Patch: s70780i.exe
MS00-015 - Clip Art Buffer Overrun Vulnerability
Posted: 2000/03/06
Q256167
Affected Products:
- Office 2000
- Office 2000 Gold
- Works 2000
- Works 2000 Gold
- PictureIt 2000
- PictureIt 2000 Gold
- Home Publishing 2000
- Home Publishing 2000 Gold
- Publisher 99
- Publisher 99 Gold
- Photo Draw 2000 Version 1
- Photo Draw 2000 Version 1 Gold
- Greetings 2000
- Greetings 2000 Gold
Patch: cilupdt.exe
MS00-016 - Malformed Media License Request Vulnerability
Posted: 2000/03/17
Q257200
Affected Products:
- Windows Media Rights Manager 1
- Windows Media Rights Manager 1 Gold
Patch: WMRMU8912_NT4.EXE
MS00-017 - DOS Device in Path Name Vulnerability
Posted: 2000/03/16
Q256015
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 256015USA5.EXE
Q256015
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 256015USA8.EXE
MS00-018 - Chunked Encoding Post Vulnerability
Posted: 2000/03/20
Q252693
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: chkenc4i.exe
Posted: 2000/03/30
Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user.
Q249599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: uncsec4i.exe
Q249599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q249599_W2K_SP1_X86_en.EXE
MS00-022 - XLM Text Macro Vulnerability
Posted: 2000/04/03
Q255605
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p9pkg.exe
MS00-023 - Myriad Escaped Characters Vulnerability
Posted: 2000/04/12
Special characters can be embedded in URLs by use of so-called escaped character sequences. By providing a specially-malformed URL with an extremely large number of escaped characters, a malicious user could arbitrarily increase the work factor associated with parsing the escaped characters, thereby consuming much or all of the CPU availability on the server and preventing useful work from being done.
Q254142
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: escseq4i.exe
Q254142
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q254142_W2K_SP1_x86_en.EXE
MS00-024 - OffloadModExpo Registry Permissions Vulnerability
Posted: 2000/04/12
Q259496
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.exe
MS00-025 - Link View Server-Side Component Vulnerability
Posted: 2000/04/14
Q259799
Affected Products:
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q259799
MS00-028 - Server-Side Image Map Components Vulnerability
Posted: 2000/04/21
Q260267
Affected Products:
- FrontPage 97 Server Extensions
- FrontPage 97 Server Extensions Gold
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q260267
MS00-030 - Malformed Extension Data in URL Vulnerability
Posted: 2000/05/11
In compliance with RFC 2396, the algorithm in IIS that processes URLs has flexibility built in to allow it to process any arbitrary sequence of file extensions or subresource identifiers (referred to in the RFC as path_segments). By providing an URL that contains specially-malformed file extension information, a malicious user could misuse this flexibility in order to arbitrarily increase the work factor associated with parsing the URL. This could consume much or all of the CPU availability on the server and prevent useful work from being done.
Q260205
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: myrdot4i.exe
Q260205
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q260205_W2K_SP1_x86_en.EXE
MS00-031 - Undelimited .HTR Request and File Fragment Reading via .HTR Vulnerabilities
Posted: 2000/05/10
The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions.
Q267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: q267559_w2k_sp2_x86_en.exe
Q260838
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: ismpst4i.exe
MS99-053 - Windows Multithreaded SSL ISAPI Filter Vulnerability
Posted: 1999/12/02
Q244613
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
Patch: sslune4i.exe
MS99-054 - WPAD Spoofing Vulnerability
Posted: 1999/12/01
Q247333
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q247333
MS99-058 - Virtual Directory Naming Vulnerability
Posted: 1999/12/21
Q238606
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
Patch: vrdcon4i.exe
MS99-059 - Malformed TDS Packet Header Vulnerability
Posted: 1999/12/20
Q248749
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
Patch: S70761i.exe
MS99-060 - HTML Mail Attachment Vulnerability
Posted: 1999/12/22
Q249082
Affected Products:
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
- Internet Explorer 4.5 for Macintosh
- Internet Explorer 4.5 for Macintosh Gold
Patch: MacFiles
MS99-061 - Escape Character Parsing Vulnerability
Posted: 1999/12/21
Q246401
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: unschx4i.exe
MS99-052 - Legacy Credential Caching Vulnerability
Posted: 1999/11/29
Q168115
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 168115us5.exe
Q168115
Affected Products:
- Windows 98
- Windows 98 Gold
Patch: 168115us8.exe
MS99-051 - IE Task Scheduler Vulnerability
Posted: 1999/11/29
Q246972
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q246972
MS99-049 - File Access URL Vulnerability
Posted: 1999/11/12
Q245729
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 245729us5.exe
Q245729
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: 245729us8.exe
MS99-048 - Active Setup Control Vulnerability
Posted: 1999/11/11
Q244540
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244540.exe
Q244540
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q244540.exe
MS99-044 - Excel SYLK Vulnerability
Posted: 1999/10/20
Q241900
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p9pkg.exe
Q241901
Affected Products:
- Excel 2000
- Office 2000 Gold
Patch: xl9p2pkg.exe
MS99-043 - Javascript Redirect Vulnerability
Posted: 1999/10/18
Q244356
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244356.exe
Q244357
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q244357.exe
MS99-042 - IFRAME ExecCommand Vulnerability
Posted: 1999/10/11
Q243638
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638.exe
MS99-040 - Download Behavior Vulnerability
Posted: 1999/09/28
Q243638
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638.exe
MS99-037 - ImportExportFavorites Vulnerability
Posted: 1999/09/10
Q241361
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q241361.exe
Q241361
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q241361.exe
MS99-035 - Set Cookie Header Caching Vulnerability
Posted: 1999/09/10
Q238647
Affected Products:
- Site Server 3.0
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q238647x86eng.exe
MS99-033 - Malformed Telnet Argument Vulnerability
Posted: 1999/09/09
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: telnet95.exe
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: TelnetUp.EXE
MS99-032 - scriptlet.typelib/Eyedog Vulnerability
Posted: 1999/08/31
Q240308
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
- Outlook Express 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: q240308.exe
MS99-030 - Office ODBC Vulnerabilities
Posted: 1999/08/20
Q239114
Affected Products:
- Office 95
- Office 95 Gold
Patch: Jet30Pkg.exe
Q239114
Affected Products:
- Office 97
- Office 97 Gold
- Office 97 SR-1
- Office 97 SR-2/SR-2b
Patch: jetCopkg.exe
Q239114
Affected Products:
- Office 2000
- Office 2000 Gold
- Office 2000 SR1old
- Office 2000 SR1
Patch: JetcoPkg.exe
MS99-022 - Double Byte Code Page Vulnerability
Posted: 1999/06/24
Q233335
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: fesrc3i.exe
Q233335
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 3
Patch: fesrc4i.exe
MS99-019 - Malformed HTR Request Vulnerability
Posted: 1999/06/15
Q234905
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: extfixi.exe
MS99-018 - Malformed Favorites Icon Vulnerability
Posted: 1999/05/27
Q241361
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q241361.exe
Q241361
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: q241361.exe
MS99-014 - Excel 97 Virus Warning Vulnerabilities
Posted: 1999/05/07
Q231304
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg.exe
MS99-012 - MSHTML Update Available for Internet Explorer
Posted: 1999/04/21
Q226326
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: mshtml5.exe
Q226326
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: mshtml4.exe
MS99-011 - DHTML Edit Vulnerability
Posted: 1999/04/21
Q226326
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: DHTMLED5.EXE
MS01-012 - Outlook - Outlook Express VCard Handler Contains Unchecked Buffer
Posted: 2001/02/22
Outlook Express provides several components that are used both by it and, if installed on the machine, Outlook. One such component, used to process vCards, contains an unchecked buffer. By creating a vCard and editing it to contain specially chosen data, then sending it to another user, an attacker could cause either of two effects to occur if the recipient opened it. In the less serious case, the attacker could cause the mail client to fail. If this happened, the recipient could resume normal operation by restarting the mail client and deleting the offending mail. In the more serious case, the attacker could cause the mail client to run code of her choice on the user?s machine. Such code could take any desired action, limited only by the permissions of the recipient on the machine.
Q283908
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
- Outlook Express 5.5
- Internet Explorer 5.5 SP1
Patch: q283908.exe
Q283908
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Outlook Express 5.01
- Internet Explorer 5.01 SP1
Patch: Q283908.exe
MS01-013 - Windows 2000 Event Viewer Contains Unchecked Buffer
Posted: 2001/02/26
This is a buffer overrun vulnerability. By entering a specially malformed record into a machine?s event log, an attacker could cause either of two effects to occur when the record was subsequently opened. In the least serious case, he could cause the event viewer to fail. In the more serious case, he could cause the event viewer?s functionality to be modified while running, in order to perform a task of his choosing on the other user?s machine.
Q285156
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285156_W2K_SP3_x86_en.EXE
MS01-014 - Malformed URL Can Cause Service Failure in IIS 5.0 and Exchange 2000
Posted: 2001/03/01
This is a denial of service vulnerability. It could enable an attacker to temporarily disrupt service on an affected web, or to temporarily disrupt web-based access to an affected mail server. Although the server in either case would automatically resume normal operation, any sessions in progress at the time of the attack would be lost. The vulnerability does not provide any opportunity for the attacker to usurp administrative control over the server, or to add, change or delete data on it.
Q286818
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q286818_W2K_SP3_x86_en.EXE
Q287678
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q287678engi386.EXE
MS01-015 - IE Can Divulge Location of Cached Content
Posted: 2001/03/06
The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user's local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted. A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.
Q279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
Q286045
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286045.exe
Q286043
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286043.exe
Q279328
Affected Products:
- Windows Script 5.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: scripten.exe
Q279328
Affected Products:
- Windows Script 5.1
- Windows 95 SR 2.5
- Windows 95 SR 2.1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 98 Gold
- Windows 98 SP1
Patch: ste51en.exe
Q279328
Affected Products:
- Windows Script 5.5
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Scripten.exe
Q279328
Affected Products:
- Windows Script 5.5
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98 Gold
- Windows 98 SP1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Scr55en.exe
MS01-016 - Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources
Posted: 2001/03/08
WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.
Q291845
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q291845_W2K_SP2_x86_en.EXE
MS01-017 - Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Posted: 2001/03/22
VeriSign, Inc., recently advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is ?Microsoft Corporation?. The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run. The certificates could be used to sign programs, ActiveX controls, Office macros, and other executable content. Of these, signed ActiveX controls and Office macros would pose the greatest risk, because the attack scenarios involving them would be the most straightforward. Both ActiveX controls and Word documents can be delivered via either web pages or HTML mails. ActiveX controls can be automatically invoked via script, and Word documents can be automatically opened via script unless the user has applied the Office Document Open Confirmation Tool. However, even though the certificates say they are owned by Microsoft, they are not bona fide Microsoft certificates, and content signed by them would not be trusted by default. Trust is defined on a certificate-by-certificate basis, rather than on the basis of the common name. As a result, a warning dialogue would be displayed before any of the signed content could be executed, even if the user had previously agreed to trust other certificates with the common name ?Microsoft Corporation?. The danger, of course, is that even a security-conscious user might agree to let the content execute, and might agree to always trust the bogus certificates. VeriSign has revoked the certificates, and they are listed in VeriSign?s current Certificate Revocation List (CRL). However, because VeriSign?s code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser?s CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem. The update package includes a CRL containing the two certificates, and an installable revocation handler that consults the CRL on the local machine, rather than attempting to use the CDP mechanism.
Q293818
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: Crlupd.exe
Q293818
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: crlupd.exe
Q293818
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: crlupdts.exe
Q293818
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: crlupD.exe
MS01-018 - Visual Studio VB-TSQL Object Contains Unchecked Buffer
Posted: 2001/03/27
The VB-TSQL debugger object that ships with Visual Studio 6.0 Enterprise Edition has an unchecked buffer in the code that processes parameters for one of the object?s methods. The object can, by design, be programmatically accessed remotely. If the object were to be referenced by a program that contained specially malformed data within the parameter, either of two outcomes would result. In the less serious case, the attacker could cause the object to fail on the hosting machine. In the more serious case, the attacker could exploit the buffer overrun to run code of the attacker's choice on the hosting machine. The debugger object (vbsdicli.exe) is installed by default with Visual Studio 6.0 Enterprise Edition and runs in the context of the interactively logged-on user. The attacker could only execute a successful attack if he knew that a user had the component installed and that the user was logged in at the time of the attack.
Q281297
Affected Products:
- Visual Studio 6.0
- Visual Studio 6.0 SP 5
- Visual Basic 6.0
- Visual Basic 6.0 Gold
Patch: Q281297.EXE
MS01-019 - Passwords for Compressed Folders are Recoverable
Posted: 2001/03/28
Plus! 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package?s implementation, the passwords used to protect the folders are recorded in a file on the user?s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files. It is important to understand that, although this flaw does constitute a security vulnerability, the password protection feature is not intended to provide strong security. It was included in the products to enable interoperability with password-protection features in other third-party data compression products, and is only intended to provide protection against casual inspection. Customers who need strong protection for files should use Windows 2000. The patch will prevent passwords from being written to the user?s system in the future. However, as discussed in the FAQ, after applying the patch, it is important to also delete c:\windows\dynazip.log, in order to ensure that all previously-recorded passwords are deleted.
Q252694
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 252694usa8.exe
Q252694
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 252694usam.exe
MS01-020 - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Posted: 2001/03/29
Because HTML e-mails are simply web pages, IE can render them and open binary attachments in a way that is appropriate to their MIME types. However, a flaw exists in the type of processing that is specified for certain unusual MIME types. If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail. An attacker could use this vulnerability in either of two scenarios. She could host an affected HTML e-mail on a web site and try to persuade another user to visit it, at which point script on a web page could open the mail and initiate the executable. Alternatively, she could send the HTML mail directly to the user. In either case, the executable attachment, if it ran, would be limited only by user?s permissions on the system.
Q290108
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q290108.exe
Q290108
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q290108.exe
MS01-021 - Web Request Can Cause Access Violation in ISA Server Web Proxy Service
Posted: 2001/04/16
The ISA Server Web Proxy service does not correctly handle web requests that contain a particular type of malformed argument. Processing such a request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing web proxy requests until the service was restarted.
Q295279
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf63.exe
MS01-022 - WebDAV Service Provider Can Allow Scripts to Levy Requests as User
Posted: 2001/04/18
The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by a script running in the user?s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user. The specific actions an attacker could take via this vulnerability would depend on the Web-based resources available to the user, and the user?s privileges on them. However, it is likely that at a minimum, the attacker could browse the user?s intranet, and potentially access web-based e-mail as well.
Q296441
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: rbupdate.exe
Q296441
Affected Products:
- WEC
- WEC Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Rbupdate.exe
MS01-023 - Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server
Posted: 2001/05/01
Windows 2000 introduced native support for the Internet Printing Protocol (IPP), an industry-standard protocol for submitting and controlling print jobs over HTTP. The protocol is implemented in Windows 2000 via an ISAPI extension that is installed by default as part of Windows 2000 but which can only be accessed via IIS 5.0. A security vulnerability results because the ISAPI extension contains an unchecked buffer in a section of code that handles input parameters. This could enable a remote attacker to conduct a buffer overrun attack and cause code of her choice to run on the server. Such code would run in the Local System security context. This would give the attacker complete control of the server, and would enable her to take virtually any action she chose. The attacker could exploit the vulnerability against any server with which she could conduct a web session. No other services would need to be available, and only port 80 (HTTP) or 443 (HTTPS) would need to be open. Clearly, this is a very serious vulnerability, and Microsoft strongly recommends that all IIS 5.0 administrators install the patch immediately. Customers who cannot install the patch can protect their systems by removing the mapping for the Internet Printing ISAPI extension. However, it is important to understand that if Web Printing is enabled via Group Policy, this would override the settings made in the Internet Services Manager. As the FAQ discusses in more detail, customers who have enabled Web Printing via Group Policy should disable it first, then unmap the Internet Printing ISAPI extension.
Q296576
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q296576_W2K_SP2_x86_en.EXE
MS01-024 - Malformed Request to Domain Controller Can Cause Memory Exhaustion
Posted: 2001/05/08
A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a memory leak, which can be triggered when it attempts to process a certain type of invalid service request. By repeatedly sending such a request, an attacker could deplete the available memory on the server. If memory were sufficiently depleted, the domain controller could become unresponsive, which would prevent it from processing logon requests or issuing new Kerberos tickets. An affected machine could be put back into service by rebooting.
Q299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-025 - Index Server Search Function Contains Unchecked Buffer
Posted: 2001/05/10
The patches discussed below address two security vulnerabilities that are unrelated to each other except in the sense that both affect Index Server 2.0. The first vulnerability is a buffer overrun vulnerability. Index Server 2.0 has an unchecked buffer in a function that processes search requests. If an overly long value were provided for a particular search parameter, it would overrun the buffer. If the buffer were overrun with random data, it would cause Index Server to fail. If it were overrun with carefully selected data, code of the attacker?s choice could be made to run on the server, in the Local System security context. The second vulnerability affects both Index Server 2.0 and Indexing Service in Windows 2000, and is a new variant of the ?Malformed Hit-Highlighting? vulnerability discussed in Microsoft Security Bulletin MS00-006. The new variant has almost the same scope as the original vulnerability, but potentially exposes a new file type If an attacker provided an invalid search request, she could read ?include? files residing on the web server. The new patch eliminates all known variants of the vulnerability.
Q294472
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q294472i.exe
Q296185
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q296185i.exe
Q296185
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q296185_W2K_SP3_x86_en.EXE
MS01-026 - 14 May 2001 Cumulative Patch for IIS
Posted: 2001/05/14
This update eliminates three new vulnerabilities: A vulnerability that could enable a malicious user to run operating system commands on an affected server. A vulnerability that could allow a malicious user to enter a File Transfer Protocol (FTP) command, which can cause IIS 5.0 to fail. FTP is the protocol used for copying files to and from remote computer systems on a network. A vulnerability that can enable a malicious user to access a guest account using the FTP service.
Q293826
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q293826_W2K_SP3_x86_en.EXE
Q295534
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q295534i.exe
MS01-027 - Flaws in Web Server Certificate Validation Could Enable Spoofing
Posted: 2001/05/16
A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer, both of which could enable an attacker to spoof trusted web sites.
Q295106
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q295106.exe
Q299618
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q299618.exe
MS01-028 - RTF Document Linked to Template Can Run Macros Without Warning
Posted: 2001/05/21
Q288266
Affected Products:
- Word 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: wd2kmsec.exe
Q288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
MS01-029 - Windows Media Player .ASX Processor Contains Unchecked Buffer
Posted: 2001/05/23
This update addresses two security vulnerabilities that are related to each other only by the fact that they both affect Windows Media Player. The two vulnerabilities are a buffer overrun in the functionality used to process Active Stream Redirector (.ASX) files, and a vulnerability affecting how Windows Media Player handles Internet shortcuts. In addition, this update addresses a potential privacy vulnerability that was recently identified.
Q296138
Affected Products:
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: WMSU47357.exe
Q296138
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: mp71.exe
Q296138
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wmsu47357.exe
MS01-030 - Incorrect Attachment Handling in Exchange OWA Can Execute Script
Posted: 2001/06/06
Q301361
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q301361i386.EXE
Q299535
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q299535engi386.EXE
MS01-031 - Predictable Named Pipes Could Enable Privilege Elevation via Telnet
Posted: 2001/06/07
Q299553
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299553_W2K_SP3_x86_en.EXE
MS01-032 - SQL Query Method Enables Cached Administrator Connection to be Reused
Posted: 2001/06/12
Q299717
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 Gold
Patch: s80296i.exe
Q299717
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: s70996i.exe
MS01-033 - Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
Posted: 2001/06/18
Q300972
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q300972_W2K_SP3_x86_en.EXE
Q300972
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 6a
Patch: Q300972i.exe
Q300972
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q300972ts.exe
MS01-034 - Malformed Word Document Could Enable Macro to Run Automatically
Posted: 2001/06/21
Q288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
Q288266
Affected Products:
- Word 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: wd2kmsecb.exe
Q300553
Affected Products:
- Word 2002
- Word 2002 Gold
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: WRD1001.exe
MS01-035 - FrontPage Server Extension Sub-Component Contains Unchecked Buffer
Posted: 2001/06/21
Q300477
Affected Products:
- Front Page 2000 Server Extensions
- Windows 2000 Service Pack 2
Patch: Q300477_W2K_SP3_x86_en.EXE
Q300477
Affected Products:
- Front Page 2000 Server Extensions
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q300477.exe
MS01-036 - Function Exposed via LDAP over SSL Could Enable Passwords to be Changed
Posted: 2001/06/25
Q299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-037 - Authentication Error in SMTP Service Could Allow Mail Relaying
Posted: 2001/07/05
Q302755
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q302755_W2k_SP3_x86_en.exe
MS01-038 - Outlook View Control Exposes Unsafe Functionality
Posted: 2001/07/12
Q303833
Affected Products:
- Outlook 2000
- Office 2000 SP2
- Office 2000 SR1
Patch: outlctlx.exe
Q303835
Affected Products:
- Outlook 2002
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: olk1003.exe
MS01-039 - Services for Unix 2.0 Telnet and NFS Services Contain Memory Leaks
Posted: 2001/07/24
Q294380
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q294380_sfu_2_x86.exe
Q301514
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q301514_sfu_2_x86.exe
Q294380
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q294380_sfu_2_x86.Exe
- http://download.microsoft.com/download/win2000platform/patch/q294380/nt5/en-us/q294380_sfu_2_x86.exe
Q301514
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q301514_sfu_2_x86.Exe
MS01-040 - Invalid RDP Data Can Cause Memory Leak in Terminal Services
Posted: 2001/07/25
Q292435
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q292435_w2k_sp3_x86_en.exe
Q292435
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: q292435i.exe
MS01-041 - Malformed RPC Request Can Cause Service Failure
Posted: 2001/07/26
Q299444
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q299444i.exe
Q299444
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q299444I.exe
Q298012
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q298012_w2k_sp3_x86_en.exe
Q298012
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
Patch: q298012_sql2000_x86_en.exe
Q298012
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: q298012_sql70sp2_x86_en.exe
Q304062
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: q304062engi386.exe
Q304063
Affected Products:
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
Patch: q304063engi386.exe
Q299444
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q299444ts.exe
MS01-042 - Windows Media Player .NSC Processor Contains Unchecked Buffer
Posted: 2001/07/26
Q304404
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wmsu55362.exe
Q304404
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wMsu55362.exe
Q304404
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmSu55362.exe
Q304404
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wmsu55362.exe
MS01-043 - NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak
Posted: 2001/08/14
Q304876
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q304876engi386.exe
Q303984
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q303984_w2k_sp3_x86_en.exe
MS01-044 - 15 August 2001 Cumulative Patch for IIS
Posted: 2001/08/15
Q301625
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: q301625i.exe
Q301625
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q301625_w2k_sp3_x86_en.exe
MS01-045 - ISA Server H.323 Gatekeeper Service Contains Memory Leak
Posted: 2001/08/16
Q289503
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf68.exe
MS01-046 - Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart
Posted: 2001/08/21
Q252795
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q252795_W2K_SP3_x86_en.EXE
MS01-047 - OWA Function Allows Unauthenticated User to Enumerate Global Address List
Posted: 2001/09/06
Q307195
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q307195engi386.EXE
MS01-048 - Malformed Request to RPC Endpoint Mapper Can Cause RPC Service to Fail
Posted: 2001/09/10
Q305399
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q305399i.exe
MS01-049 - Deeply-nested OWA Request Can Consume Server CPU Availability
Posted: 2001/09/26
Q303451
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP1
- Exchange 2000 Server
- Exchange 2000 SP1
Patch: Q303451engi386.EXE
MS01-050 - Malformed Excel or PowerPoint Document Can Bypass Macro Security
Posted: 2001/10/04
Q306606
Affected Products:
- Excel 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: e2kmac_a.exe
Q306606
Affected Products:
- Excel 2002
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: exc1001a.exe
Q306605
Affected Products:
- PowerPoint 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: p2kmac_a.exe
Q306605
Affected Products:
- PowerPoint 2002
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: ppt1001a.exe
MS01-051 - Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
Posted: 2001/10/10
Q306121
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q306121.exe
Q306121
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q306121.exe
Q306121
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q306121.Exe
MS01-052 - Invalid RDP Data Can Cause Terminal Service Failure
Posted: 2001/10/18
Q307454
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q307454.exe
Q307454
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q307454_W2K_SP3_x86_en.exe
MS01-053 - Downloaded Applications Can Execute on Mac IE 5.1 for OS X
Posted: 2001/10/23
Q311052
Affected Products:
- IE 5.1 for Macintosh
- IE 5.1 for Macintosh Gold
Patch: MacIE501
MS01-054 - Invalid Universal Plug and Play Request Can Disrupt System Operation
Posted: 2001/11/01
Q311311
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 309073USA8.EXE
Q311311
Affected Products:
- Windows Me
- Windows Me Gold
Patch: WinMEUPnP
Q309521
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WinXPUPnP
MS01-055 - 13 November 2001 Cumulative Patch for IE
Posted: 2001/11/08
Q312461
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q312461.exe
Q312461
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q312461.exe
MS01-056 - Windows Media Player .ASF Processor Contains Unchecked Buffer
Posted: 2001/11/20
Q308567
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wm308567.exe
Q308567
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wM308567.exe
Q308567
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wm308567.Exe
Q309521
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows Media Player for Windows XP Gold
Patch: WinXPUPnP
Q308567
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wm308567.exe
MS01-057 - Specially Formed Script in HTML Mail Can Execute in Exchange 5.5 OWA
Posted: 2001/12/06
Q313576
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q313576i386.exe
MS01-058 - 13 December 2001 Cumulative Patch for IE
Posted: 2001/12/13
Q313675
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q313675.exe
Q313675
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q313675.exe
MS01-059 - Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise
Posted: 2001/12/19
Q315000
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q315000_WXP_SP1_x86_ENU.exe
Q315000
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 314941USA8.EXE
Q315000
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 314757USAM.EXE
MS01-060 - SQL Server Text Formatting Functions Contain Unchecked Buffers
Posted: 2001/12/20
Q304850
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP1
Patch: s80428i.exe
Q304851
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: sql7
MS02-001 - Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
Posted: 2002/01/22
Q311401
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.exe
Q311401
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.Exe
Q317636
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q317636i.EXE
MS02-002 - Malformed Network Request Can Cause Office v. X for Mac to Fail
Posted: 2002/02/06
Q317879
Affected Products:
- Office v. X for Mac
- Office v. X for Mac Gold
Patch: MacPatch
MS02-003 - Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions
Posted: 2002/02/07
Q316056
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP2
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
Patch: Q316056engi386.EXE
MS02-004 - Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution
Posted: 2002/02/07
Q307298
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Interix 2.2
- Interix 2.2 Gold
Patch: Q316056engi386.EXE
MS02-005 - 11 February 2002 Cumulative Patch for Internet Explorer
Posted: 2002/02/11
Q316059
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q316059.exe
Q316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q316059.exe
Q316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q316059.Exe
Q316059
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: Q316059.Exe
MS02-006 - Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
Posted: 2002/02/12
Q314147
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q314147i.exe
Q314147
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: nopatch
Q314147
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q314147_W2K_SP3_X86_EN.exe
Q314147
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q314147_WXP_SP1_x86_ENU.exe
Q314147
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q314147i.exe
MS02-007 - SQL Server Remote Data Source Function Contain Unchecked Buffers
Posted: 2002/02/20
Q316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0578.exe
Q318268
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP3
Patch: s71021a.exe
MS02-008 - XMLHTTP Control Can Allow Access to Local Files
Posted: 2002/02/21
Q318202
Affected Products:
- MSXML 2.6
- MSXML 2.6 Gold
- MSXML 2.6 SP1
- MSXML 2.6 SP2
Patch: Q318202_MSXML20_x86_msxml.exe
Q318202
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318202_MSXML20_x86_en.exe
Q318203
Affected Products:
- MSXML 3.0
- MSXML 3.0 Gold
- MSXML 3.0 SP1
- MSXML 3.0 SP2
Patch: Q318203_MSXML30_x86_msxml.exe
Q318203
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318203_MSXML30_x86.exe
Q317244
Affected Products:
- MSXML 4.0
- MSXML 4.0 Gold
Patch: msxml4qfe_msxml.exe
Q317244
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: msxml4qfe.exe
MS02-009 - Incorrect VBScript Handling in IE Can Allow Web Pages to Read Local Files
Posted: 2002/02/21
Q318089
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: vbs51nen.exe
Q318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: vbs55nen.exe
Q318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Vbs55nen.exe
Q318089
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: vbs56nen.exe
MS02-010 - Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise
Posted: 2002/02/21
Q317615
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 SP2
Patch: Q317615_COMMERCE_2000_EN.EXE
MS02-011 - Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service
Posted: 2002/02/27
Q313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q313450_W2K_SP3_X86_EN.Exe
Q289258
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q289258engi386.EXE
Q310669
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4OptionPack-KB310669.EXE
MS02-012 - Malformed Data Transfer Request Can Cause Windows SMTP Service to Fail
Posted: 2002/02/27
Q313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q313450_W2K_SP3_X86_EN.exe
Q313450
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
- Internet Information Services 5.1
- Windows XP Gold
Patch: Q313450_WXP_SP1_x86_ENU.exe
MS02-013 - 04 March 2002 Cumulative VM Update
Posted: 2002/03/04
Q300845
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 98 SE
- Windows 98se Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: msjavx86.exe
Q300845
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86.Exe
Q300845
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
Patch: Q300845_W2K_SP3_X86_EN.exe
Q300845
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 1
Patch: Q300845_W2K_SP3_X86_EN.Exe
MS02-014 - Unchecked Buffer in Windows Shell Could Lead to Code Execution
Posted: 2002/03/07
Q313829
Affected Products:
- Windows 98 SE
- Windows 98se Gold
- Windows 98
- Windows 98 SP1
- Windows 98 Gold
Patch: win9802-014
Q313829
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q313829i.exe
Q313829
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q313829i.exe
Q313829
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q313829_W2K_SP3_X86_EN.exe
MS02-015 - 28 March 2002 Cumulative Patch for Internet Explorer
Posted: 2002/03/28
Q319182
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q319182.exe
Q319182
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: Q319182.exe
Q319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q319182.Exe
Q319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q319182.EXE
MS02-016 - Opening Group Policy Files for Exclusive Read Blocks Policy Application (Q318593)
Posted: 2002/04/04
Q318593
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q318593_W2K_SP3_X86_EN.exe
MS02-017 - Unchecked Buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967)
Posted: 2002/04/04
Q311967
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q312895i.exe
Q311967
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q312895i.exe
Q311967
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q311967_W2K_SP3_X86_EN.exe
Q311967
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q311967_WXP_SP1_x86_ENU.exe
MS02-018 - Cumulative Patch for Internet Information Service (Q319733)
Posted: 2002/04/10
Q319733
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q319733i.exe
Q319733
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q319733_W2K_SP3_X86_EN.exe
Q319733
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
Patch: Q319733_WXP_SP1_x86_ENU.exe
Q319733
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q319733ts.exe
MS02-019 - Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)
Posted: 2002/04/16
Q321309
Affected Products:
- Excel v. X for Macintosh
- Excel v. X for Macintosh Gold
- Excel 2001 for Macintosh
- Excel 2001 for Macintosh Gold
- PowerPoint 2001 for Macintosh
- PowerPoint 2001 for Macintosh Gold
- PowerPoint 98 for Macintosh
- PowerPoint 98 for Macintosh Gold
- PowerPoint v. X for Macintosh
- PowerPoint v. X for Macintosh Gold
- Internet Explorer 5.1 for Machintosh OS 8 and 9
- Internet Explorer 5.1 for Machintosh OS 8 and 9 Gold
- Internet Explorer 5.1 for Macintosh OS X
- Internet Explorer 5.1 for Macintosh OS X Gold
- Entourage 2001 for Macintosh
- Entourage 2001 for Macintosh Gold
- Entourage v. X for Macintosh
- Entourage v. X for Macintosh Gold
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
Patch: macpatches
MS02-020 - SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)
Posted: 2002/04/17
Q318268
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP3
Patch: 7.00.1030_SQL7_sp3_x86_enu.exe
Q316333
Affected Products:
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0608_SQL2K_sp2_x86_enu.exe
MS02-021 - E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804)
Posted: 2002/04/25
Q320441
Affected Products:
- Word 2002
- Office XP SP1
- Office XP Install Point
- Office XP Install Point SP1
Patch: wrd1003.exe
Q320536
Affected Products:
- Word 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: wrd0901.exe
MS02-022 - Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661)
Posted: 2002/05/08
Q321661
Affected Products:
- MSN Messenger
- MSN Messenger Gold
Patch: messenger
MS02-023 - 15 May 2002 Cumulative Patch for Internet Explorer (Q321232)
Posted: 2002/05/15
Q321232
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q321232.exe
Q321232
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q321232.exe
Q321232
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q321232.Exe
Q321232
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: q321232.Exe
MS02-024 - Authentication Flaw in Windows Debugger Can Lead to Elevated Privileges (Q320206)
Posted: 2002/05/22
Q320206
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q320206_W2K_SP4_X86_EN.exe
Q320206
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q320206i.exe
Q320206
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q320206i.exe
MS02-025 - Malformed Mail Attribute Can Cause Exchange 2000 to Exhaust CPU Resources (Q320436)
Posted: 2002/05/28
Q320436
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP2
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
Patch: Q320436enui386.EXE
MS02-026 - Unchecked Buffer in ASP.NET Worker Process (Q322289)
Posted: 2002/06/06
Q322289
Affected Products:
- .NET Framework
- .NET Framework SP1
Patch: NDP10_QFEM_Q322289_En.exe
MS02-027 - Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)
Posted: 2002/06/11
Q323759
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: q323759.exe
Q323889
Affected Products:
- Proxy Server 2.0
- Proxy Server 2.0 Gold
Patch: 29106_ENU_i386_zip.exe
Q323889
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf177.exe
Q323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q323759.exe
Q323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q323759.Exe
Q323759
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q323759.Exe
MS02-028 - Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599)
Posted: 2002/06/11
Q321599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q321599_W2K_SP4_X86_EN.exe
Q321599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q321599i.exe
MS02-029 - Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
Posted: 2002/06/11
Q318138
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q318138_W2K_SP3_X86_EN.exe
Q318138
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q318138_WXP_SP1_x86_ENU.exe
Q318138
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q318138i.exe
Q318138
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q318138i.exe
Q318138
Affected Products:
- Windows NT Server 4.0, Enterprise Edition, RRAS
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, RRAS
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0, RRAS
- Windows NT4 Service Pack 6a
Patch: Q318138i.Exe
Q318138
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition RRAS
- Windows NT4 Terminal Server Service Pack 6
Patch: Q318138i.EXE
MS02-030 - Unchecked Buffer in SQLXML Could Lead to Code Execution (Q321911)
Posted: 2002/06/12
Q321460
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
Patch: SQLXML2_Q321460.EXE
- http://download.microsoft.com/download/sqlsvr2000/patch/q321460/w98nt42kme/en-us/sqlxml2_q321460.exe
Q320833
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
Patch: SQLXML3_Q320833.EXE
- http://download.microsoft.com/download/sqlsvr2000/patch/q320833/w98nt42kme/en-us/sqlxml3_q320833.exe
MS02-031 - Cumulative Patches for Excel and Word for Windows (Q324458)
Posted: 2002/06/19
Q324126
Affected Products:
- Excel 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: exc0901.exe
Q323548
Affected Products:
- Excel 2002
- Office XP SP1
- Office XP Install Point
- Office XP Install Point SP1
Patch: exc1002.exe
Q323547
Affected Products:
- Word 2002
- Office XP SP1
- Office XP Install Point
- Office XP Install Point SP1
Patch: wrd1004.exe
MS02-032 - Cumulative Patch for Windows Media Player (Q320920)
Posted: 2002/06/26
Q320920
Affected Products:
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wm320920_64.exe
- http://download.microsoft.com/download/winmediaplayer/update/320920/w98nt42kme/en-us/wm320920_64.exe
Q320920
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wm320920_64.exe
- http://download.microsoft.com/download/winmediaplayer/update/320920/w98nt42kme/en-us/wm320920_64.exe
Q320920
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wm320920_71.exe
Q320920
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows Media Player for Windows XP Gold
Patch: wm320920_8.exe
MS02-033 - Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273)
Posted: 2002/06/26
Q322273
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 SP2
Patch: Q322273_EN.EXE
Q322273
Affected Products:
- Commerce Server 2002
- Commerce Server 2002 Gold
Patch: Q322273_CS2002_EN.exe
MS02-034 - Cumulative Patch for SQL Server (Q316333)
Posted: 2002/07/10
Q322853
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0650_enu.exe
MS02-035 - SQL Server Installation Process May Leave Passwords on System (Q263968)
Posted: 2002/07/10
Q263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
- SQL Server 7.0 SP3
- SQL Server 7.0 SP4
Patch: SQLKillPwd.exe
Q263968
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server 2000 SP1
- SQL Server 2000 SP2
Patch: SQL2kKillPwd.exe
MS02-036 - Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138)
Posted: 2002/07/24
Q317138
Affected Products:
- Microsoft Metadirectory Services 2.2
- Microsoft Metadirectory Services 2.2 SP1
Patch: Q317138.EXE
MS02-037 - Server Response To SMTP Client EHLO Command Results In Buffer Overrun (Q326322)
Posted: 2002/07/24
Q326322
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q326322enui386.EXE
MS02-038 - Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution (Q316333)
Posted: 2002/07/24
Q316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0655_enu.exe
MS02-039 - Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
Posted: 2002/07/24
Q323875
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: Q323875_SQL2000_SP2_en.EXE
MS02-040 - Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)
Posted: 2002/07/30
Q326573
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
Patch: Q323264_MDAC25_x86_en.exe
Q326573
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: Q323266_MDAC26_x86_en.exe
Q326573
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: Q323263_MDAC27_x86_en.exe
MS02-041 - Unchecked Buffer in Content Management Server Could Enable Server Compromise (Q326075)
Posted: 2002/08/06
Q326075
Affected Products:
- Content Management Server 2001
- Content Management Server 2001 SP1
Patch: mcms2001srp1.exe
MS02-042 - Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)
Posted: 2002/08/15
Q326886
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q326886_W2K_SP4_X86_EN.exe
MS02-043 - Cumulative Patch for SQL Server (Q316333)
Posted: 2002/08/15
Q327068
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP4
Patch: 7.00.1076_enu.exe
Q316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0667_enu.exe
MS02-044 - Unsafe Functions in Office Web Components (Q328130)
Posted: 2002/08/21
Q328043
Affected Products:
- Project 2002 Standard
- Project 2002 Standard Gold
- Project 2002 Professional
- Project 2002 Professional Gold
Patch: prj1001.exe
Q328130
Affected Products:
- Project Server 2002
- Project Server 2002 Gold
Patch: ps1001en.exe
- http://download.microsoft.com/download/microsoftproject2002/ps1001en/10/WIN98MeXP/EN-US/ps1001en.exe
Q322382
Affected Products:
- Office 2000
- Office 2000 Gold
- Office 2000 SR1
- Office 2000 SP2
Patch: owcupd2k.exe
Q322382
Affected Products:
- Office XP
- Office XP Gold
- Office XP SP1
Patch: owcupdxp.exe
Posted: 2002/08/21
Q326830
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
Patch: Q326830_W2K_SP4_X86_EN.exe
Q326830
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q326830_WXP_SP1_x86_ENU.exe
Q326830
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q326830i.exe
Q326830
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q326830i.Exe
MS02-046 - Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution (Q327521)
Posted: 2002/08/21
Q327521
Affected Products:
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX control
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX control Gold
Patch: tswebsetup.exe
MS02-047 - Cumulative Patch for Internet Explorer (Q323759)
Posted: 2002/08/21
Q323759
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: q323759.exe
Q323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q323759.exe
Q323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q323759.Exe
Q323759
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q323759.Exe
MS02-048 - Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172)
Posted: 2002/08/28
Q323172
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q323172_WXP_SP1_x86_ENU.exe
Q323172
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q323172i.exe
Q323172
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q323172i.Exe
Q323172
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 323172USAM.EXE
Q323172
Affected Products:
- Windows 98 SE
- Windows 98se Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: 323172USA8.EXE
Q323172
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: q323172_W2K_SP4_X86_EN.exe
MS02-049 - Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application Without Warning (Q326568)
Posted: 2002/09/04
Q326568
Affected Products:
- Visual FoxPro 6.0
- Visual FoxPro 6.0 Gold
Patch: vfp_q326568_en.exe
MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
Posted: 2002/09/04
Q329115
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q329115i.EXE
Q329115
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q329115i.EXE
Q329115
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q329115_WXP_SP2_ENU.exe
Q329115
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329115_W2K_SP4_X86_EN.exe
Q329115
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 4
Patch: Windows2000-KB329115-x86-ENU.exe
MS02-051 - Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)
Posted: 2002/09/18
Q324380
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
Patch: Q324380_W2K_SP4_X86_EN.exe
Q324380
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q324380_WXP_SP1_x86_ENU.exe
MS02-052 - Flaw in Java VM JDBC Classes Could Allow Code Execution (Q329077)
Posted: 2002/09/18
Q329077
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: vm-sfix3.exe
Q329077
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: vm-sfix3.Exe
Q329077
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Vm-sfix3.exe
MS02-053 - Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
Posted: 2002/09/24
Q324096
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Front Page 2000 Server Extensions
- Front Page 2000 Server Extensions Gold
Patch: FPSE0901.exe
Q324096
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Front Page 2000 Server Extensions
- Front Page 2000 Server Extensions Gold
Patch: Q324096_W2K_SP4_X86_EN.exe
- http://download.microsoft.com/download/win2000pro/Patch/Q324096/NT5/EN-US/Q324096_W2K_SP4_X86_EN.exe
Q324096
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
- Front Page 2000 Server Extensions
- Front Page 2000 Server Extensions Gold
Patch: Q324096_WXP_SP1_x86_ENU.exe
Q324096
Affected Products:
- Front Page Server Extensions 2002
- Front Page Server Extensions 2002 Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
- Windows XP Gold
Patch: fpse1002.exe
MS02-054 - Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
Posted: 2002/10/02
Q329048
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 329048USAM.EXE
Q329048
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q329048_WXP_SP2_x86_ENU.exe
Q329048
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: q329048_WXP_SP2_x86_ENU.exe
Q329048
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 329048USA8.EXE
MS02-055 - Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)
Posted: 2002/10/02
Q323255
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q323255_WXP_SP2_x86_ENU.exe
Q323255
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q323255_W2K_SP4_X86_EN.exe
Q323255
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: hhupd.exe
Q323255
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 323255USA8.EXE
Q323255
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 323255USAM.EXE
MS02-056 - Cumulative Patch for SQL Server (Q316333)
Posted: 2002/10/02
Q316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0679_enu.exe
Q316333
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP4
Patch: 7.00.1077_enu.exe
MS02-057 - Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution (Q329209)
Posted: 2002/10/02
Q329209
Affected Products:
- Services For Unix 3.0 Interix SDK
- Services For Unix 3.0 Interix SDK Gold
Patch: q329209_sfu_3_x86_en.exe
MS02-058 - Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)
Posted: 2002/10/09
Q328389
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q328389.exe
Q328676
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q328676.exe
MS02-059 - Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)
Posted: 2002/10/16
Q330008
Affected Products:
- Word 2002
- Office XP SP2
- Office XP Install Point
- Office XP Install Point SP2
Patch: wrd1005.exe
Q330008
Affected Products:
- Word 2000
- Office 2000 SP2
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SP2
- Office 2000 Install Point SR1
Patch: wrd0902.exe
Q330008
Affected Products:
- Excel 2002
- Office XP SP2
- Office XP Install Point
- Office XP Install Point SP2
Patch: exc1003.exe
MS02-060 - Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)
Posted: 2002/10/16
Q328940
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q328940_WXP_SP1_x86_ENU.exe
MS02-061 - Elevation of Privilege in SQL Server Web Tasks (Q316333)
Posted: 2002/10/16
Q316333
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP4
Patch: 7.00.1078_enu.exe
Q316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0679_enu.exe
Q316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server 2000 SP1
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 Gold
- SQL Server Desktop Engine (MSDE) 2000 SP1
Patch: sqlslammernote
MS02-062 - Cumulative Patch for Internet Information Service (Q327696)
Posted: 2002/10/30
Q327696
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q327696I.EXE
Q327696
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
Patch: Q327696_W2K_SP4_X86_EN.exe
Q327696
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q327696_WXP_SP2_x86_ENU.exe
MS02-063 - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
Posted: 2002/10/30
Q329834
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329834_W2K_SP4_X86_EN.exe
Q329834
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: q329834_WXP_SP2_x86_ENU.exe
Q329834
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q329834_WXP_SP2_x86_ENU.exe
MS02-064 - Windows 2000 Default Permissions Could Allow Trojan Horse Program (Q327522)
Posted: 2002/10/30
Q327522
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: workaroundwin2k
MS02-065 - Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
Posted: 2002/11/20
Q329414
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
- MDAC 2.6 Gold
- MDAC 2.6 SP1
Patch: Q329414_mdac_all_x86.exe
Q329414
Affected Products:
- MDAC 2.5
- MDAC 2.5 Gold
- MDAC 2.5 SP1
- MDAC 2.5 SP2
- MDAC 2.5 SP3
Patch: q329414_mdac_all_x86.exe
MS02-066 - Cumulative Patch for Internet Explorer (Q328970)
Posted: 2002/11/20
Q328970
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: q328970.exe
Q328970
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q328970.exe
Q328970
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q328970.Exe
Q328970
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: q328970.exE
MS02-067 - E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866)
Posted: 2002/12/04
Q331866
Affected Products:
- Outlook 2002
- Office XP SP2
- Office XP Install Point
- Office XP Install Point SP2
Patch: olk1005.exe
MS02-068 - Cumulative Patch for Internet Explorer (324929)
Posted: 2002/12/04
Q324929
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q324929.exe
Q324929
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q324929.exe
Q324929
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: Q324929.Exe
MS02-069 - Flaw in Microsoft VM Could Enable System Compromise (810030)
Posted: 2002/12/12
Q810030
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: jvm_upd
Q810030
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: Jvm_upd
Q810030
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: jvm_upd_win2k
MS02-070 - Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)
Posted: 2002/12/12
Q329170
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329170_W2K_SP4_X86_EN.exe
Q329170
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q329170_WXP_SP2_x86_ENU.exe
Q329170
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: q329170_WXP_SP2_x86_ENU.exe
MS02-071 - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
Posted: 2002/12/12
Q328310
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q328310i.EXe
Q328310
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q328310i.EXe
Q328310
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q328310_W2K_SP4_X86_EN.exe
Q328310
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q328310_WXP_SP2_x86_ENU.exe
Q328310
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q328310_WXP_SP2_x86_ENU.Exe
MS02-072 - Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)
Posted: 2002/12/18
Q329390
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q329390_WXP_SP2_x86_ENU.exe
Q329390
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q329390_WXP_SP2_x86_ENU.Exe
OFFXP-OL100401 - Outlook 2002 Administrative Update: October 4, 2001
Posted: 2001/10/04
Q300551
Affected Products:
- Outlook 2002
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: olk1004a.exe
OFFXP-OL062101 - Outlook 2002 Administrative Update: June 21, 2001
Posted: 2001/06/21
Q300550
Affected Products:
- Outlook 2002
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: OLK1001a.exe
MS03-001 - Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
Posted: 2003/01/22
Q810833
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q810833i.EXE
Q810833
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q810833i.EXE
Q810833
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q810833_W2K_SP4_X86_EN.exe
Q810833
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q810833_WXP_SP2_x86_ENU.exe
Q810833
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: q810833_WXP_SP2_x86_ENU.exe
MS03-002 - Cumulative Patch for Microsoft Content Management Server (810487)
Posted: 2003/01/22
Q810487
Affected Products:
- Content Management Server 2001
- Content Management Server 2001 SP1
Patch: mcms2001srp2.exe
MS03-003 - Flaw in How Outlook 2002 Handles V1 Exchange Server Security Certificates Could Lead to Information Disclosure (812262)
Posted: 2003/01/22
Q812262
Affected Products:
- Outlook 2002
- Office XP SP1
- Office XP SP2
- Office XP Install Point
- Office XP Install Point SP1
- Office XP Install Point SP2
Patch: Olk1006a.exe
MS03-004 - Cumulative Patch for Internet Explorer (810847)
Posted: 2003/02/05
Q810847
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: q810847.exe
Q810847
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q810847.exe
Q810847
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q810847.Exe
Q810847
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q810847o.Exe
Q810847
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: Q810847.Exe
MS03-005 - Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
Posted: 2003/02/05
Q810577
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q810577_WXP_SP2_x86_ENU.exe
Q810577
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q810577_WXP_SP2_x86_ENU.Exe
MS03-006 - Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709)
Posted: 2003/02/26
Q812709
Affected Products:
- Windows Me
- Windows Me Gold
Patch: winme03006
OFFXP-OF100401 - Office XP Activation Update: October 4, 2001
Posted: 2001/10/04
Q307741
Affected Products:
- Office XP
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: oxp1001a.exe
OFFXP-OF080901 - Office XP Web Components Update: August 9, 2001
Posted: 2001/08/09
Q300552
Affected Products:
- Office XP
- Office XP Gold
- Office XP Install Point
- Office XP Install Point Gold
Patch: OWC1001a.exe
OFFXP-OF061902 - Office XP Clip Organizer Update: June 19, 2002
Posted: 2003/03/08
Q324110
Affected Products:
- Office XP
- Office XP SP1
- Office XP Install Point
- Office XP Install Point SP1
Patch: cag1001a.exe
ISA3-174 - ISA Server 2000 Hotfix for Rules Engine and Potential Web Proxy Service Crash
Posted: 2002/04/26
Q319374
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf174.exe
OFF2K-OL121802 - Outlook 2000 Update: December 18, 2002
Posted: 2002/12/18
Q811167
Affected Products:
- Outlook 2000
- Office 2000 SP3
- Office 2000 Install Point
- Office 2000 Install Point SP3
Patch: Olk0901a.exe
OFF2K-OLOESU - Outlook 2000 E-mail Security Update
Posted: 2001/08/16
Q262631
Affected Products:
- Outlook 2000
- Office 2000 SR1
- Office 2000 Install Point
- Office 2000 Install Point SR1
Patch: o2ksec_a.exe
OFF2K-OF061902 - Office 2000 Clip Gallery Update: June 19, 2002
Posted: 2003/03/16
Q324108
Affected Products:
- Office 2000
- Office 2000 SR1
- Office 2000 SP2
- Office 2000 Install Point
- Office 2000 Install Point SR1
- Office 2000 Install Point SP2
Patch: cag0901a.exe
MS03-007 - Unchecked Buffer in Windows Component Could Cause Web Server Compromise (815021)
Posted: 2003/03/17
Q815021
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q815021_W2K_sp4_x86_EN.EXE
Q815021
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q815021i.EXE
Q815021
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q815021i.EXE
Q815021
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q815021_WXP_SP2_x86_ENU.exe
Q815021
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q815021_WXP_SP2_x86_ENU.Exe
MS03-008 - Flaw in Windows Script Engine Could Allow Code Execution (814078)
Posted: 2003/03/19
Q814078
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: js56men.exe
Q814078
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: js56nen.exe
Q814078
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: JS56nen.exe
Q814078
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: js56men.Exe
MS03-009 - Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065)
Posted: 2003/03/19
Q331065
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf256.exe
MS03-010 - Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)
Posted: 2003/03/26
Q331953
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q331953_W2K_SP4_X86_EN.exe
Q331953
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q331953_WXP_SP2_x86_ENU.exe
Q331953
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q331953_WXP_SP2_x86_ENU.Exe
MS03-011 - Flaw in Microsoft VM Could Enable System Compromise (816093)
Posted: 2003/04/09
Q816093
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q816093_W2K_SP4_X86_EN.Exe
Q816093
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 4
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 4
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Service Pack 2
Patch: msjavwu.EXE
Q816093
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavwu.exe
MS03-012 - Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service
Posted: 2003/04/09
Q331066
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf257.exe
MS03-013 - Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges (811493)
Posted: 2003/04/16
Q811493
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q811493i.EXE
Q811493
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q811493i.EXE
Q811493
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q811493_W2K_SP4_X86_EN.exe
Q811493
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q811493_WXP_SP2_x86_ENU.exe
Q811493
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q811493_WXP_SP2_x86_ENU.Exe
MS03-014 - Cumulative Patch for Outlook Express (330994)
Posted: 2003/04/23
Q330994
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: q330994.exe
Q330994
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q330994.exe
Q330994
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q330994o.exe
Q330994
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q330994.Exe
MS03-015 - Cumulative Patch for Internet Explorer (813489)
Posted: 2003/04/23
Q813489
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: q813489.exe
Q813489
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q813489.exe
Q813489
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q813489o.exe
Q813489
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q813489.Exe
Q813489
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: Q813489.Exe
MS03-016 - Cumulative Patch for BizTalk Server (815206)
Posted: 2003/04/30
Q815207
Affected Products:
- BizTalk Server 2000
- BizTalk Server 2000 SP2
Patch: BTS2000-815207-EN.EXE
Q815208
Affected Products:
- BizTalk Server 2002
- BizTalk Server 2002 Gold
Patch: BTS2002-815208-ENU.exe
MS03-017 - Flaw in Windows Media Player Skins Downloading Could Allow Code Execution (817787)
Posted: 2003/05/07
Q817787
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: WindowsMedia71-KB817787-x86-ENU.exe
Q817787
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsMedia8-KB817787-x86-ENU.exe
MS03-018 - Cumulative Patch for Internet Information Service (811114)
Posted: 2003/05/28
Q811114
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q811114I.EXE
Q811114
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q811114_W2K_SP4_X86_EN.exe
Q811114
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q811114_WXP_SP2_x86_ENU.exe
MS03-019 - Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service (817772)
Posted: 2003/05/28
Q817772
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsMedia41-KB817772-x86-ENU.exe
Q817772
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: WindowsMedia2K-KB817772-x86-ENU.exe
MS03-020 - Cumulative Patch for Internet Explorer (818529)
Posted: 2003/06/04
Q818529
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: q818529.exe
Q818529
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q818529.exe
Q818529
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q818529o.exe
Q818529
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q818529.Exe
Q818529
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: Q818529.Exe
Q818529
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-kb818529-x86-ENU.exe
MS03-021 - Flaw In Windows Media Player May Allow Media Library Access (819639)
Posted: 2003/06/25
Q819639
Affected Products:
- Windows Media Player 9.0
- Windows Media Player 9.0 Gold
Patch: WindowsMedia9-KB819639-x86-ENU.exe
MS03-022 - Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
Posted: 2003/06/25
Q822343
Affected Products:
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: WindowsMedia41-KB822343-x86-ENU.exe
MS03-023 - Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Posted: 2003/07/09
Q823559
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823559-x86-ENU.exe
Q823559
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Windows-KB823559-ENU.EXE
Q823559
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Windows-KB823559-ENU.eXE
Q823559
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB823559-x86-ENU.exe
Q823559
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsXP-KB823559-x86-ENU.exe
MS03-024 - Buffer Overrun in Windows Could Lead to Data Corruption (817606)
Posted: 2003/07/09
Q817606
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q817606i.EXE
Q817606
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q817606i.eXE
Q817606
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 3
Patch: Windows2000-KB817606-x86-ENU.exe
Q817606
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: Q817606_WXP_SP2_x86_ENU.exe
Q817606
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: Q817606_WXP_SP2_x86_ENU.Exe
MS03-025 - Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)
Posted: 2003/07/09
Q822679
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
Patch: Windows2000-KB822679-x86-ENU.exe
MS03-026 - Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Posted: 2003/07/16
Q823980
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q823980i.EXE
Q823980
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q823980i.EXe
Q823980
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
Patch: Windows2000-KB823980-x86-ENU.exe
Q823980
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB823980-x86-ENU.exe
Q823980
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB823980-x86-ENU.Exe
Q823980
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823980-x86-ENU.exe
Q823980
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Small Business Server 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q823980NOTE
MS03-027 - Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
Posted: 2003/07/16
Q821557
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB821557-x86-ENU.Exe
Q821557
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB821557-x86-ENU.exe
MS03-028 - Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456)
Posted: 2003/07/16
Q816456
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: ISA2000-KB816456-x86.exe
MS03-029 - MS03-029 : Flaw in Windows Function Could Allow Denial of Service (823803)
Posted: 2003/07/23
Q823803
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q823803i.EXE
Q823803
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q823803i.eXE
MS03-030 - MS03-030 : Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Posted: 2003/07/23
Q819696
Affected Products:
- DirectX 4.70 for Windows 2000
- DirectX 4.70 for Windows 2000 Gold
Patch: Windows2000-KB819696.exe
Q819696
Affected Products:
- DirectX 4.81 for Windows XP
- DirectX 4.81 for Windows XP Gold
Patch: Q819696_WXP_SP2.exe
Q819696
Affected Products:
- DirectX 4.81 for Windows Server 2003
- DirectX 4.81 for Windows Server 2003 Gold
- DirectX 4.81 for Windows Small Business Server 2003
- DirectX 4.81 for Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB819696.exe
Q819696
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q819696i.EXE
Q819696
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q819696i.eXE
Q819696
Affected Products:
- DirectX 4.90
- DirectX 4.90 Gold
Patch: DirectX9-KB819696.exe
Q819696
Affected Products:
- DirectX 4.80 for Windows 2000
- DirectX 4.80 for Windows 2000 Gold
- DirectX 4.81 for Windows 2000
- DirectX 4.81 for Windows 2000 Gold
- DirectX 4.82 for Windows 2000
- DirectX 4.82 for Windows 2000 Gold
Patch: DirectX8-KB819696.exe
MS03-031 - MS03-031 : Cumulative Patch for Microsoft SQL Server (815495)
Posted: 2003/07/23
Q815495
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
Patch: SQL70-KB815495-v7.00.1094-ENU.exe
Q815495
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP3
Patch: SQL2000-KB815495-8.00.0818-ENU.exe
MS03-032 - Cumulative Patch for Internet Explorer (822925)
Posted: 2003/08/20
Q822925
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB822925-x86-ENU.exe
Q822925
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q822925.exe
Q822925
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q822925o.exe
Q822925
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: Q822925.exe
Q822925
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q822925.Exe
Q822925
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: Q822925.Exe
Q822925
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: Q822925.EXE
MS03-033 - Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Posted: 2003/08/20
Q823718
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
Patch: Q823718_MDAC_SecurityPatch.exe
Q823718
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP3
Patch: Q823718_MDAC_SecurityPatch.Exe
Q823718
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: q823718_MDAC_SecurityPatch.exe
Q823718
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: q823718_MDAC_SecurityPatch.Exe
Q823718
Affected Products:
- MDAC 2.7
- MDAC 2.7 SP1
Patch: Q823718_MDAC_SecurityPatch.EXE
MS03-034 - Flaw in NetBIOS Could Lead to Information Disclosure (824105)
Posted: 2003/09/03
Q824105
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824105-x86-ENU.exe
Q824105
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB824105-x86-ENU.exe
Q824105
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB824105-x86-ENU.Exe
Q824105
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824105-x86-ENU.exe
Q824105
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824105-x86-ENU.EXE
Q824105
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824105-x86-ENU.EXE
MS03-035 - Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)
Posted: 2003/09/03
Q824936
Affected Products:
- Word 2000
- Office 2000 SP3
Patch: office2000-kb824936-client-enu.exe
Q824934
Affected Products:
- Word 2002
- Office XP SP2
Patch: officexp-kb824934-client-enu.exe
MS03-036 - Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103)
Posted: 2003/09/03
Q824993
Affected Products:
- Office 2000
- Office 2000 SP3
Patch: office2000-kb824993-client-enu.exe
Q824938
Affected Products:
- Office XP
- Office XP SP2
Patch: officexp-kb824938-client-enu.exe
MS03-037 - Flaw in Visual Basic for Applications Could Allow Arbitrary Code execution (822715)
Posted: 2003/09/03
Q822035
Affected Products:
- Office 2000
- Office 2000 SP3
Patch: office2000-kb822035-client-enu.exe
Q822036
Affected Products:
- Office XP
- Office XP SP2
Patch: officexp-kb822036-client-enu.exe
Q822150
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: VBA64-KB822150-X86-ENU.exe
Q822211
Affected Products:
- Project 2002 Standard
- Project 2002 Standard Gold
- Project 2002 Professional
- Project 2002 Professional Gold
Patch: project2002-kb822211-fullfile-enu.exe
Q822212
Affected Products:
- Visio 2002 for Enterprise Architects
- Visio 2002 for Enterprise Architects Gold
- Visio 2002 for Enterprise Architects SP1
- Visio 2002 Professional
- Visio 2002 Professional Gold
- Visio 2002 Professional SP1
- Visio 2002 Standard
- Visio 2002 Standard Gold
- Visio 2002 Standard SP1
Patch: visio2002-kb822212-fullfile-enu.exe
MS03-038 - Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)
Posted: 2003/09/03
Q826292
Affected Products:
- Access 2000
- Office 2000 SP3
Patch: office2000-kb826292-client-enu.exe
Q826293
Affected Products:
- Access 2002
- Office XP SP2
Patch: officexp-kb826293-fullfile-enu.exe
MS03-039 - Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Posted: 2003/09/10
Q824146
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB824146-x86-ENU.EXE
Q824146
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824146-x86-ENU.EXE
Q824146
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824146-x86-ENU.EXE
Q824146
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824146-x86-ENU.exe
Q824146
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB824146-x86-ENU.exe
Q824146
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB824146-x86-ENU.Exe
Q824146
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824146-x86-ENU.exe
MS03-040 - Cumulative Patch for Internet Explorer (828750)
Posted: 2003/10/04
Q828750
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB828750-x86-ENU.exe
Q828750
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: q828750.exe
Q828750
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q828750.exe
Q828750
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q828750o.exe
Q828750
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q828750.Exe
Q828750
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: Q828750.Exe
Q828750
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: Q828750.EXE
Q828026
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: WindowsMedia64-KB828026-x86-ENU.exe
Q828026
Affected Products:
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: WindowsMedia64-KB828026-ENU.exe
Q828026
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: WindowsMedia71-KB828026-ENU.exe
Q828026
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsMedia8-KB828026-ENU.exe
Q828026
Affected Products:
- Windows Media Player 9.0
- Windows Media Player 9.0 Gold
Patch: WindowsMedia9-KB828026-ENU.exe
MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
Posted: 2003/10/15
Q823182
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB823182-x86-ENU.EXE
Q823182
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB823182-x86-ENU.EXE
Q823182
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB823182-x86-ENU.EXE
Q823182
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
Patch: Windows2000-KB823182-x86-ENU-CustomServicePackSupport.EXE
Q823182
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB823182-x86-ENU.exe
Q823182
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB823182-x86-ENU.exe
Q823182
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB823182-x86-ENU.Exe
Q823182
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823182-x86-ENU.exe
MS03-042 - Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
Posted: 2003/10/15
Q826232
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
Patch: Windows2000-KB826232-x86-ENU-CustomServicePackSupport.EXE
Q826232
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB826232-x86-ENU.exe
MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
Posted: 2003/10/15
Q828035
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB828035-x86-ENU.EXE
Q828035
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB828035-x86-ENU.EXE
Q828035
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB828035-x86-ENU.EXE
Q828035
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
Patch: Windows2000-KB828035-x86-ENU-CustomServicePackSupport.EXE
Q828035
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828035-x86-ENU.exe
Q828035
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB828035-x86-ENU.exe
Q828035
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB828035-x86-ENU.Exe
Q828035
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828035-x86-ENU.exe
MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
Posted: 2003/10/15
Q825119
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB825119-x86-ENU.EXE
Q825119
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB825119-x86-ENU.EXE
Q825119
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB825119-x86-ENU.EXE
Q825119
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
Patch: Windows2000-KB825119-x86-ENU-CustomServicePackSupport.EXE
Q825119
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB825119-x86-ENU.exe
Q825119
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsXP-KB825119-x86-ENU.exe
Q825119
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB825119-x86-ENU.exe
MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
Posted: 2003/10/15
Q824141
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB824141-x86-ENU.EXE
Q824141
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824141-x86-ENU.EXE
Q824141
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824141-x86-ENU.EXE
Q824141
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 2
Patch: Windows2000-KB824141-x86-ENU-CustomServicePackSupport.EXE
Q824141
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824141-x86-ENU.exe
Q824141
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB824141-x86-ENU.exe
Q824141
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB824141-x86-ENU.Exe
Q824141
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824141-x86-ENU.exe
MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)
Posted: 2003/10/15
Q829436
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Exchange5.5-KB829436-x86-enu.EXE
Q829436
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP3
- Exchange 2000 Enterprise Server
- Exchange 2000 SP3
Patch: Exchange2000-KB829436-x86-enu.exe
MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)
Posted: 2003/10/15
Q828489
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Exchange5.5-KB828489-x86-enu.EXE
MS03-048 - Cumulative Security Update for Internet Explorer (824145)
Posted: 2003/11/11
Q824145
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q824145.exe
Q824145
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: Q824145.exe
Q824145
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: Q824145.Exe
Q824145
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q824145.Exe
Q824145
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: q824145.eXe
Q824145
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q824145o.eXe
Q824145
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: q824145.exE
Q824145
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB824145-x86-ENU.exe
MS03-049 - Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
Posted: 2003/11/11
Q828749
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828749-x86-ENU.exe
Q828035
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB828035-x86-ENU.eXe
Q828035
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB828035-x86-ENU.eXE
MS03-050 - Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
Posted: 2003/11/11
Q830349
Affected Products:
- Excel 2000
- Office 2000 SP3
Patch: office2000-kb830349-client-enu.exe
Q830350
Affected Products:
- Excel 2002
- Office XP SP2
Patch: officexp-kb830350-client-enu.exe
Q830347
Affected Products:
- Word 2000
- Office 2000 SP3
Patch: Office2000-kb830347-client-enu.exe
Q830346
Affected Products:
- Word 2002
- Office XP SP2
Patch: Officexp-kb830346-client-enu.exe
MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Posted: 2003/11/11
Q813379
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: office2000-kb813379-client-enu.exe
Q810217
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Windows2000-KB810217-x86-ENU.exe
Q810217
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsXP-KB810217-x86-ENU.exe
Q813380
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: officexp-KB813380-client-ENG.exe
MS04-001 - Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)
Posted: 2004/01/02
Q816458
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: ISA2000-KB816458-x86.exe
MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)
Posted: 2004/01/02
Q832759
Affected Products:
- Exchange Server 2003
- Exchange Server 2003 Gold
Patch: Exchange2003-KB832759-x86-enu.exe
MS04-003 - Buffer Overrun in MDAC Function Could Allow Code Execution (832483)
Posted: 2004/01/02
Q832483
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
Patch: ENU_Q832483_MDAC_252.EXE
Q832483
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP3
Patch: ENU_Q832483_MDAC_253.EXE
Q832483
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: ENU_Q832483_MDAC_262.EXE
Q832483
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: ENU_Q832483_MDAC_270.EXE
Q832483
Affected Products:
- MDAC 2.7
- MDAC 2.7 SP1
Patch: ENU_Q832483_MDAC_271.EXE
Q832483
Affected Products:
- MDAC 2.8
- MDAC 2.8 Gold
- MDAC 2.8 for Windows Server 2003
- MDAC 2.8 for Windows Server 2003 Gold
- MDAC 2.8 for Windows Small Business Server 2003
- MDAC 2.8 for Windows Small Business Server 2003 Gold
- MDAC 2.8 for Windows XP
- MDAC 2.8 for Windows XP Gold
Patch: ENU_Q832483_MDAC_280.EXE
TOOL03-039 - A tool is available to remove Blaster worm and Nachi worm infections from computers that are running Windows 2000 or Windows XP
Posted: 2003/12/31
Q833330
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows-KB833330-ENU.exe
Q833330
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Windows-KB833330-ENU.EXE
MS04-004 - Cumulative Security Update for Internet Explorer (832894)
Posted: 2004/02/02
Q832894
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: Q832894-501SP2.exe
Q832894
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: Q832894-501SP3.exe
Q832894
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: Q832894-501SP4.exe
Q832894
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q832894-55SP2.exe
Q832894
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q832894-6G.exe
Q832894
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q832894-6Go.exe
Q832894
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: Q832894-6SP1.exe
Q832894
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: Q832894-6WS03.exe
MS04-005 - Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)
Posted: 2004/02/10
Q835150
Affected Products:
- Microsoft Virtual PC for Mac version 6.0
- Microsoft Virtual PC for Mac version 6.0 Gold
- Microsoft Virtual PC for Mac version 6.01
- Microsoft Virtual PC for Mac version 6.01 Gold
- Microsoft Virtual PC for Mac version 6.02
- Microsoft Virtual PC for Mac version 6.02 Gold
- Microsoft Virtual PC for Mac version 6.1
- Microsoft Virtual PC for Mac version 6.1 Gold
Patch: VPCMac
MS04-006 - Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
Posted: 2004/02/10
Q830352
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB830352-x86-ENU.EXE
Q830352
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB830352-x86-ENU.exe
Q830352
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB830352-x86-ENU.EXE
Q830352
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB830352-x86-ENU.exe
MS04-007 - ASN.1 Vulnerability Could Allow Code Execution (828028)
Posted: 2004/02/10
Q828028
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB828028-x86-ENU.EXE
Q828028
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB828028-x86-ENU.EXE
Q828028
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB828028-x86-ENU.EXE
Q828028
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828028-x86-ENU.exe
Q828028
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB828028-SP1-ENU.exe
Q828028
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB828028-SP2-ENU.exe
Q828028
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server Gold
Patch: WindowsServer2003-KB828028-x86-ENU.exe
MS04-008 - Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)
Posted: 2004/03/09
Q832359
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: WindowsMedia41-KB832359-ENU.exe
MS04-009 - Vulnerability in Microsoft Outlook Could Allow Code Execution (828040)
Posted: 2004/03/09
Q828040
Affected Products:
- Outlook 2002
- Office XP SP1
- Office XP SP2
Patch: officexp-kb828040-fullfile-enu.exe
MS04-010 - Vulnerability in MSN Messenger Could Allow Information Disclosure (838512)
Posted: 2004/03/09
Q838512
Affected Products:
- MSN Messenger
- MSN Messenger Gold
Patch: MessengerPatch
MS04-011 - Security Update for Microsoft Windows (835732)
Posted: 2004/04/13
Q835732
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB835732-x86-ENU.EXE
Q835732
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB835732-x86-ENU.EXE
Q835732
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB835732-x86-ENU.EXE
Q835732
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB835732-x86-ENU.EXE
Q835732
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB835732-x86-ENU.EXE
Q835732
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB835732-x86-ENU-SP2.EXE
Q835732
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB835732-x86-ENU.EXE
MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
Posted: 2004/04/13
Q828741
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB828741-x86-ENU.EXE
Q828741
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB828741-x86-ENU.EXE
Q828741
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB828741-x86-ENU.EXE
Q828741
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828741-x86-ENU.EXE
Q828741
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB828741-x86-ENU.EXE
Q828741
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB828741-x86-ENU-SP2.EXE
Q828741
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828741-x86-ENU.EXE
MS04-013 - Cumulative Security Update for Outlook Express (837009)
Posted: 2004/04/12
Q837009
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB837009-x86-ENU.EXE
Q837009
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB837009-x86-ENU.exe
Q837009
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: Q837009-IE6-Gold.exe
Q837009
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q837009-IE6-Goldo.exe
Q837009
Affected Products:
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 SP4
Patch: Q837009-IE55.exe
MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
Posted: 2004/04/13
Q837001
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB837001-x86-ENU.EXE
Q837001
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB837001-x86-ENU.EXE
Q837001
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB837001-x86-ENU-SP2.EXE
Q837001
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB837001-x86-ENU.EXE
Q837001
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Jet40-KB837001-ENU.exe
MS04-015 - Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)
Posted: 2004/05/11
Q840374
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB840374.EXE
Q840374
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB840374-SP2.EXE
Q840374
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB840374.EXE
E2K3-464 - IIS 6.0 Compression Corruption Causes Access Violations
Posted: 2004/05/19
Q831464
Affected Products:
- Exchange Server 2003
- Exchange Server 2003 Gold
Patch: WindowsServer2003-KB831464.exe
ISA3-365 - ISA Server Service Pack 2
Posted: 2004/05/28
Q816460
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
- ISA Server 2000 SP1
Patch: isasp2.EXE
MS04-016 - Vulnerability in DirectPlay Could Allow Denial of Service (839643)
Posted: 2004/06/08
Q839643
Affected Products:
- DirectX 4.70 for Windows 2000
- DirectX 4.70 for Windows 2000 Gold
Patch: Windows2000-KB839643.EXE
Q839643
Affected Products:
- DirectX 4.80 for Windows 2000
- DirectX 4.80 for Windows 2000 Gold
Patch: DirectX80-KB839643.EXE
Q839643
Affected Products:
- DirectX 4.81 for Windows 2000
- DirectX 4.81 for Windows 2000 Gold
Patch: DirectX81-KB839643.EXE
Q839643
Affected Products:
- DirectX 4.82 for Windows 2000
- DirectX 4.82 for Windows 2000 Gold
Patch: DirectX82-KB839643.EXE
Q839643
Affected Products:
- DirectX 4.81 for Windows XP
- DirectX 4.81 for Windows XP Gold
Patch: WindowsXP-KB839643.EXE
Q839643
Affected Products:
- DirectX 4.81 for Windows Server 2003
- DirectX 4.81 for Windows Server 2003 Gold
- DirectX 4.81 for Windows Small Business Server 2003
- DirectX 4.81 for Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB839643.EXE
Q839643
Affected Products:
- DirectX 4.90b
- DirectX 4.90b Gold
- DirectX 4.90
- DirectX 4.90 Gold
Patch: DirectX90-KB839643.EXE
MS04-017 - Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689)
Posted: 2004/06/08
Q842689
Affected Products:
- Crystal Reports
- Crystal Reports Gold
Patch: CrystalReports1
MS04-018 - Cumulative Security Update for Outlook Express (823353)
Posted: 2004/07/13
Q823353
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 SP4
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: IE5.5sp2-KB823353-x86-ENU.exe
Q823353
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: IE6.0-KB823353-WindowsXP-x86-ENU.exe
Q823353
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: IE6.0-KB823353-WindowsXP-x86-ENUo.exe
Q823353
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB823353-x86-ENU.exe
Q823353
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB823353-x86-enu.exe
MS04-019 - Vulnerability in Utility Manager Could Allow Code Execution (842526)
Posted: 2004/07/13
Q842526
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB842526-x86-ENU.EXE
MS04-020 - Vulnerability in POSIX Could Allow Code Execution (841872)
Posted: 2004/07/13
Q841872
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB841872-x86-ENU.exe
Q841872
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB841872-x86-ENU.exe
Q841872
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB841872-x86-ENU.exe
Q841872
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB841872-x86-ENU.EXE
MS04-021 - Security Update for IIS 4.0 (841373)
Posted: 2004/07/13
Q841373
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q841373I_EN.exe
MS04-022 - Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Posted: 2004/07/13
Q841873
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: IE-KB841873-WindowsNT4sp6-x86-ENU.exe
Q841873
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB841873-x86-ENU.EXE
Q841873
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB841873-x86-enu.exe
Q841873
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB841873-x86-enu-sp2.exe
MS04-023 - Vulnerability in HTML Help Could Allow Code Execution (840315)
Posted: 2004/07/13
Q840315
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB840315-x86-ENU.EXE
Q840315
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB840315-x86-enu.exe
Q840315
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB840315-x86-enu-sp2.exe
Q840315
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB840315-x86-enu.exe
Q840315
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
Patch: WindowsNT4-KB840315-ENU.EXE
MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
Posted: 2004/07/13
Q839645
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB839645-x86-ENU.exe
Q839645
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB839645-x86-ENU.exe
Q839645
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB839645-x86-ENU.exe
Q839645
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB839645-x86-ENU.EXE
Q839645
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB839645-x86-enu.exe
Q839645
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB839645-x86-enu-sp2.exe
Q839645
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB839645-x86-enu.exe
MS04-025 - Cumulative Security Update for Internet Explorer (867801)
Posted: 2004/07/30
Q867801
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: IE5.01sp3-KB867801-Windows2000sp3-x86-ENU.exe
Q867801
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
Patch: IE5.01sp4-KB867801-Windows2000sp4-x86-ENU.exe
Q867801
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: IE5.5sp2-KB867801-x86-ENU.exe
Q867801
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: IE6.0-KB867801-WindowsXP-x86-ENU.exe
Q867801
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: IE6.0-KB867801-WindowsXP-x86-ENUo.exe
Q867801
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB867801-x86-ENU.exe
Q867801
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB867801-x86-enu.exe
Q867801
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: IE5.01sp2-KB867801-Windows2000sp2-x86-ENU.exe
MS04-026 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)
Posted: 2004/08/10
Q842436
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Exchange5.5-KB842436-x86-enu.EXE
MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
Posted: 2004/09/14
Q873380
Affected Products:
- Office 2000
- Office 2000 SP3
- Office 2000 SP2
Patch: office2000-kb873380-fullfile-enu.exe
Q873379
Affected Products:
- Office XP
- Office XP SP3
- Office XP SP2
Patch: officexp-kb873379-fullfile-enu.exe
Q873378
Affected Products:
- Office 2003
- Office 2003 Gold
Patch: office2003-kb873378-fullfile-enu.exe
MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Posted: 2004/09/14
Q833987
Affected Products:
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB833987-x86-ENU.EXE
Q833987
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB833987-x86-ENU.EXE
Q833987
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB833987-x86-SP2.EXE
Q832332
Affected Products:
- Office XP
- Office XP SP2
- Office XP SP3
Patch: officexp-kb832332-fullfile-enu.exe
Q838905
Affected Products:
- Office 2003
- Office 2003 Gold
Patch: office2003-kb838905-fullfile-enu.exe
Q833989
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB833989-x86-ENU.exe
Q831931
Affected Products:
- Project 2002 Professional
- Project 2002 Professional SP1
- Project 2002 Standard
- Project 2002 Standard SP1
Patch: project2002-KB831931-FullFile-ENU.EXE
Q838344
Affected Products:
- Project 2003 Professional
- Project 2003 Professional Gold
- Project 2003 Standard
- Project 2003 Standard Gold
Patch: project2003-KB838344-FullFile-ENU.EXE
Q831932
Affected Products:
- Visio 2002 for Enterprise Architects
- Visio 2002 for Enterprise Architects SP2
- Visio 2002 Professional
- Visio 2002 Professional SP2
- Visio 2002 Standard
- Visio 2002 Standard SP2
Patch: Visio2002-KB831932-FullFile-ENU.EXE
Q838345
Affected Products:
- Visio 2003 Professional
- Visio 2003 Professional Gold
- Visio 2003 Standard
- Visio 2003 Standard Gold
Patch: Visio2003-KB838345-FullFile-ENU.EXE
Q830348
Affected Products:
- .NET Framework
- .NET Framework SP2
Patch: NDP1.0sp2-KB830348-X86-Enu.exe
Q830348
Affected Products:
- .NET Framework 1.1
- .NET Framework 1.1 Gold
Patch: NDP1.1-KB830348-X86.exe
MS04-029 - Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)
Posted: 2004/10/12
Q873350
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB873350-x86-ENU.exe
Q873350
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB873350-x86-ENU.exe
MS04-030 - Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)
Posted: 2004/10/12
Q824151
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824151-x86-ENU.EXE
Q824151
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
Patch: WindowsXP-KB824151-x86-enu.exe
Q824151
Affected Products:
- Internet Information Services 5.1
- Windows XP Service Pack 1
Patch: WindowsXP-KB824151-x86-SP1-enu.exe
Q824151
Affected Products:
- Internet Information Services 6.0
- Windows Server 2003 Gold
- Internet Information Services 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB824151-x86-enu.EXE
MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
Posted: 2004/10/12
Q841533
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB841533-x86-ENU.exe
Q841533
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB841533-x86-ENU.EXE
Q841533
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB841533-x86-enu.exe
Q841533
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB841533-x86-SP1-enu.exe
Q841533
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB841533-x86-ENU.exe
Q841533
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB841533-x86-enu.EXE
MS04-032 - Security Update for Microsoft Windows (840987)
Posted: 2004/10/12
Q840987
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB840987-x86-ENU.exe
Q840987
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB840987-x86-ENU.exe
Q840987
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB840987-x86-ENU.EXE
Q840987
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB840987-x86-enu.exe
Q840987
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB840987-x86-SP1-enu.exe
Q840987
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB840987-x86-enu.EXE
MS04-033 - Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)
Posted: 2004/10/12
Q873372
Affected Products:
- Excel 2000
- Office 2000 SP2
- Office 2000 SP3
Patch: office2000-kb873372-fullfile-enu.exe
Q873366
Affected Products:
- Excel 2002
- Office XP SP2
Patch: officexp-kb873366-fullfile-enu.exe
MS04-034 - Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
Posted: 2004/10/12
Q873376
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB873376-x86-enu.exe
Q873376
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB873376-x86-SP2-enu.exe
Q873376
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB873376-x86-enu.EXE
MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution (885881)
Posted: 2004/10/12
Q885881
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB885881-x86-enu.EXE
Q885882
Affected Products:
- Exchange Server 2003
- Exchange Server 2003 Gold
Patch: Exchange2003-KB885882-x86-ENU.exe
Q890066
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP3
- Exchange 2000 Server
- Exchange 2000 SP3
Patch: Exchange2000-KB890066-x86-ENU.exe
MS04-036 - Vulnerability in NNTP Could Allow Remote Code Execution (883935)
Posted: 2004/10/12
Q883935
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB883935-x86-ENU.EXE
Q883935
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB883935-x86-enu.EXE
Q883935
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4OptionPack-KB883935-x86-enu.EXE
MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
Posted: 2004/10/12
Q841356
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB841356-x86-ENU.exe
Q841356
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB841356-x86-ENU.exe
Q841356
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB841356-x86-ENU.EXE
Q841356
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Tablet PC Edition
- Windows XP Gold
Patch: WindowsXP-KB841356-x86-enu.exe
Q841356
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB841356-x86-SP1-enu.exe
Q841356
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB841356-x86-enu.EXE
MS04-038 - Cumulative Security Update for Internet Explorer (834707)
Posted: 2004/10/12
Q834707
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: IE5.01sp3-KB834707-Windows2000sp3-x86-ENU.exe
Q834707
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
Patch: IE5.01sp4-KB834707-Windows2000sp4-x86-ENU.exe
Q834707
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP Gold
Patch: IE6.0-KB834707-WindowsXP-x86-ENU.exe
Q834707
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: IE6.0-KB834707-WindowsXP-x86-ENUo.exe
Q834707
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
Patch: IE6.0sp1-KB834707-Windows-2000-XP-x86-ENU.exe
Q834707
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB834707-x86-enu.EXE
Q834707
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP2
Patch: WindowsXP-KB834707-x86-enu.exe
Q834707
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: IE6.0sp1-KB834707-Windows-NT4Ssp6a-98-ME-x86-ENU.exe
Q834707
Affected Products:
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB834707-Windows-NT4Ssp6a-98-ME-x86-ENU2.exe
BTS4-168 - BizTalk Server 2004 Rollup Package 1
Posted: 2004/04/08
Q837168
Affected Products:
- BizTalk Server 2004
- BizTalk Server 2004 Gold
Patch: BTS2004-KB837168-ENU.exe
ST05-001 - Patch Engine Update
Posted: 2005/01/10
QSKB588
Affected Products:
- Shavlik HFNetChkPro4 4.3.0.1
- Shavlik HFNetChkPro4 4.3.0.1 Gold
Patch: Shavlik_SKB588.exe
QSKB588
Affected Products:
- Shavlik HFNetChkPro4 4.3.1.0
- Shavlik HFNetChkPro4 4.3.1.0 Gold
Patch: Japanese_SKB588.exe
QSKB588
Affected Products:
- Quest Patch Management - v 4.3.0.1
- Quest Patch Management - v 4.3.0.1 Gold
Patch: Quest_SKB588.exe
QSKB588
Affected Products:
- BindView Patch Deployment - v 4.3.0.1
- BindView Patch Deployment - v 4.3.0.1 Gold
Patch: BindView_SKB588.exe
QSKB588
Affected Products:
- Symantec ON iPatch - v 1.1
- Symantec ON iPatch - v 1.1 Gold
Patch: Symantec_SKB588.exe
QSKB588
Affected Products:
- NetIQ Patch Manager - v 4.3.0.1
- NetIQ Patch Manager - v 4.3.0.1 Gold
Patch: NetIQ_SKB588.exe
MS04-039 - Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)
Posted: 2004/11/09
Q888258
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
- ISA Server 2000 SP2
Patch: ISA2000-KB888258-X86-ENU.exe
Q888258
Affected Products:
- Proxy Server 2.0
- Proxy Server 2.0 SP1
Patch: PROXY20-KB888258-X86-ENU.exe
MS04-040 - Cumulative Security Update for Internet Explorer (889293)
Posted: 2004/12/01
Q889293
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB889293-Windows-2000-XP-x86-ENU.exe
Q889293
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: IE6.0sp1-KB889293-Windows-NT4sp6a-98-ME-x86-ENU.exe
Q889293
Affected Products:
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: IE6.0sp1-KB889293-Windows-NT4sp6a.exe
MS04-041 - Vulnerability in WordPad Could Allow Code Execution (885836)
Posted: 2004/12/13
Q885836
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB885836-x86-ENU.exe
Q885836
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB885836-x86-ENU.exe
Q885836
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB885836-x86-ENU.EXE
Q885836
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB885836-x86-ENU.exe
Q885836
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP-KB885836-SP2.exe
Q885836
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB885836-x86-enu.exe
MS04-042 - Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249)
Posted: 2004/12/13
Q885249
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB885249-V2-x86-ENU.exe
Q885249
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB885249-V2-x86-ENU.exe
MS04-043 - Vulnerability in HyperTerminal Could Allow Code Execution (873339)
Posted: 2004/12/13
Q873339
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB873339-x86-ENU.exe
Q873339
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB873339-x86-ENU.exe
Q873339
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
Patch: Windows2000-KB873339-x86-ENU.EXE
Q873339
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB873339-x86-ENU.exe
Q873339
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP-KB873339-x86-sp2.exe
Q873339
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB873339-x86-enu.exe
MS04-044 - Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
Posted: 2004/12/13
Q885835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB885835-x86-ENU.exe
Q885835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB885835-x86-ENU.exe
Q885835
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB885835-x86-ENU.EXE
Q885835
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB885835-x86-ENU.exe
Q885835
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP-KB885835-SP2.exe
Q885835
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB885835-x86-enu.exe
MS04-045 - Vulnerability in WINS Could Allow Remote Code Execution (870763)
Posted: 2004/12/13
Q870763
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB870763-x86-enu.exe
Q870763
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
Patch: Windows2000-KB870763-x86-ENU.EXE
Q870763
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB870763-x86-ENU.exe
Q870763
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB870763-x86-ENU.exe
MS05-001 - Vulnerability in HTML Help Could Allow Code Execution (890175)
Posted: 2005/01/11
Q890175
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB890175-x86-ENU.EXE
Q890175
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB890175-x86-ENU.exe
Q890175
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB890175-x86-ENU.exe
Q890175
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003, Web Edition Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB890175-x86-enu.exe
Q890175
Affected Products:
- Internet Explorer 6.0 for Windows NT
- Internet Explorer 6 SP1
Patch: WindowsNT4-KB890175-ENU.EXE
MS05-002 - Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
Posted: 2005/01/11
Q891711
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB891711-x86-ENU.exe
Q891711
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB891711-x86-ENU.exe
Q891711
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB891711-x86-ENU.EXE
Q891711
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB891711-x86-ENU.exe
Q891711
Affected Products:
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB891711-x86-enu.exe
MS05-003 - Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
Posted: 2005/01/11
Q871250
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB871250-x86-ENU.EXE
Q871250
Affected Products:
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB871250-x86-ENU.exe
Q871250
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB871250-x86-enu.exe
MS05-004 - ASP.NET Path Validation Vulnerability (887219)
Posted: 2005/02/08
Q886903
Affected Products:
- .NET Framework 1.1
- .NET Framework 1.1 SP1
Patch: NDP1.1sp1-KB886903-X86.exe
Q886903
Affected Products:
- .NET Framework 1.1 for Windows Server 2003
- .NET Framework 1.1 for Windows Server 2003 SP1
- .NET Framework 1.1 for Windows Small Business Server 2003
- .NET Framework 1.1 for Windows Small Business Server 2003 SP1
Patch: WindowsServer2003-KB886903-x86-ENU.EXE
Q886906
Affected Products:
- .NET Framework
- .NET Framework SP3
Patch: NDP1.0sp3-KB886906-X86-Enu.exe
Q886904
Affected Products:
- .NET Framework 1.1 for Windows Server 2003
- .NET Framework 1.1 for Windows Server 2003 Gold
- .NET Framework 1.1 for Windows Small Business Server 2003
- .NET Framework 1.1 for Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB886904-x86-enu.exe
Q887998
Affected Products:
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
- Windows XP Service Pack 2
Patch: NDP1.0sp3-KB887998.exe
Q886904
Affected Products:
- .NET Framework 1.1
- .NET Framework 1.1 Gold
Patch: NDP1.1-KB886904-X86.exe
Q886905
Affected Products:
- .NET Framework
- .NET Framework SP2
Patch: NDP1.0sp2-KB886905-X86-Enu.exe
MS05-005 - Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
Posted: 2005/02/08
Q873352
Affected Products:
- Office XP
- Office XP SP2
- Office XP SP3
Patch: officexp-kb873352-fullfile-enu.exe
Q873354
Affected Products:
- Visio 2002 for Enterprise Architects
- Visio 2002 for Enterprise Architects SP2
- Visio 2002 for Enterprise Architects SP1
- Visio 2002 Professional
- Visio 2002 Professional SP2
- Visio 2002 Professional SP1
- Visio 2002 Standard
- Visio 2002 Standard SP2
- Visio 2002 Standard SP1
Patch: Visio2002-KB873354-FullFile-ENU.EXE
Q873355
Affected Products:
- Project 2002 Professional
- Project 2002 Professional SP1
- Project 2002 Standard
- Project 2002 Standard SP1
Patch: project2002-KB873355-FullFile-ENU.EXE
Posted: 2005/02/08
Q887981
Affected Products:
- Windows SharePoint Services
- Windows SharePoint Services Gold
- Internet Information Services 6.0
- Windows Server 2003 Gold
- Internet Information Services 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: wss2003-kb887981.exe
MS05-007 - Vulnerability in Windows Could Allow Information Disclosure (888302)
Posted: 2005/02/08
Q888302
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB888302-x86-ENU.exe
Q888302
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB888302-x86-ENU.exe
MS05-008 - Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
Posted: 2005/02/08
Q890047
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB890047-x86-ENU.EXE
Q890047
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB890047-X86-ENU.exe
Q890047
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB890047-X86-ENU.exe
Q890047
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB890047-x86-enu.exe
MS05-009 - Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
Posted: 2005/02/08
Q885492
Affected Products:
- Windows Media Player 9.0
- Windows Media Player 9.0 Gold
Patch: WindowsMedia9-KB885492-x86-ENU.exe
Q887472
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsMessenger-KB887472.exe
Q887472
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP-KB887472-x86-enu.exe
MS05-010 - Vulnerability in the License Logging Service Could Allow Code Execution (885834)
Posted: 2005/02/08
Q885834
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB885834-x86-ENU.exe
Q885834
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB885834-x86-ENU.exe
Q885834
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB885834-x86-ENU.EXE
Q885834
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB885834-x86-enu.exe
MS05-011 - Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
Posted: 2005/02/08
Q885250
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB885250-x86-ENU.EXE
Q885250
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB885250-x86-ENU.exe
Q885250
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB885250-x86-ENU.exe
Q885250
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB885250-x86-enu.exe
MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
Posted: 2005/02/08
Q873333
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB873333-x86-ENU.EXE
Q873333
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB873333-x86-ENU.exe
Q873333
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB873333-x86-ENU.exe
Q873333
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB873333-x86-enu.exe
MS05-013 - Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
Posted: 2005/02/08
Q891781
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 3
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB891781-x86-ENU.EXE
Q891781
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB891781-x86-ENU.exe
Q891781
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB891781-x86-ENU.exe
Q891781
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB891781-x86-enu.exe
MS05-014 - Cumulative Security Update for Internet Explorer (867282)
Posted: 2005/02/08
Q867282
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 3
Patch: IE5.01sp3-KB867282-Windows2000sp3-x86-ENU.exe
Q867282
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
- Internet Explorer 5.01 for Windows 2000
- Windows 2000 Service Pack 4
Patch: IE5.01sp4-KB867282-Windows2000sp4-x86-ENU.exe
Q867282
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP1
Patch: IE6.0sp1-KB867282-Windows-2000-XP-x86-ENU.exe
Q867282
Affected Products:
- Internet Explorer 6.0 for Windows XP
- Internet Explorer 6.0 for Windows XP SP2
Patch: WindowsXP-KB867282-x86-ENU.exe
Q867282
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
- Internet Explorer 6.0 for Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB867282-x86-enu.exe
MS05-015 - Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
Posted: 2005/02/08
Q888113
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Small Business Server 2000
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB888113-x86-ENU.EXE
Q888113
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Tablet PC Edition
- Windows XP Service Pack 1
Patch: WindowsXP-KB888113-x86-ENU.exe
Q888113
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 2
- Windows XP Professional
- Windows XP Service Pack 2
- Windows XP Tablet PC Edition
- Windows XP Service Pack 2
Patch: WindowsXP2-KB888113-x86-ENU.exe
Q888113
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Small Business Server 2003
- Windows Small Business Server 2003 Gold
Patch: WindowsServer2003-KB888113-x86-enu.exe
E2K0-540 - Update Rollup for Exchange 2000 (KB870540)
Posted: 2004/08/16
Q870540
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP3
- Exchange 2000 Enterprise Server
- Exchange 2000 SP3
Patch: Exchange2000-KB870540-v2-x86-ENU.exe
