Windows 2003 Server (32-Bit x86)

[Bilou_Gateux]

Updating of this page will be discontinued from now on. I am really sorry for that but this is a necessary step, for a number of reasons, including serious time constraints as I am engaged in a number of professional activities & projects.

Getting the Hotfixes, Method 3, Windows Update Catalog

How to download updates and drivers from the Windows Update Catalog

excluded from selection

[Critical Updates and Service Packs]

816093: Security Update Microsoft Virtual Machine (Microsoft VM) - (Posted Date: November 04, 2003)

Critical Update for SQL Server 2000 Desktop Engine (Windows) on Windows Server 2003 (KB829358) - (Posted Date: September 10, 2004)

Critical Update for Windows Small Business Server 2003 (KB832880) - (Posted Date: December 16, 2003)Microsoft .NET Framework 1.0 Service Pack 3, <language> Version - (Posted Date: August 31, 2004)

Microsoft .NET Framework 1.0 Service Pack 3, English Version - (Posted Date: August 31, 2004)

Microsoft .NET Framework Service Pack 2, <language> Version - (Posted Date: August 31, 2004)

Mydoom, Zindos, and Doomjuice Worm Removal Tool (KB836528) - (Posted Date: August 09, 2004)

Security Update for Microsoft .NET Framework, Version 2.0 (KB917283) - (Posted Date: July 07, 2006)

Security Update for Microsoft .NET Framework, Version 2.0 (KB922770) - (Posted Date: October 05, 2006)

Security Update for Microsoft Windows (KB898458)

[Recommended Updates]

Microsoft .NET Framework 2.0: x86 (KB829019) - (Posted Date: November 04, 2005)

Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) - (Posted Date: November 18, 2005)

Microsoft SharePoint Migration Tool - (Posted Date: September 30, 2003)

Windows Desktop Search 2.6.5 (KB911993) - (Posted Date: April 20, 2006)

Windows SharePoint Services English Language Pack - (Posted Date: September 30, 2003)

not available through Windows Update Catalog

Malicious Software Removal Tool (KB890830)

Some updates have been superseeded but not removed from download. ie, you will find in the log file many 'Cumulative Security Update for Internet Explorer'. Keep only the most recent.

Summary:

required tools:

SetEnv

Lilles Lasteprogram A/S v2.0

NirCmd v1.85

• copy SetEnv.exe LileDL.exe and NirCmd.exe to %SystemRoot%\System32 folder.
  
• save "Windows_Update.log" file in %SystemRoot% folder.
  
• Copy HFSlip dir path to clipboard (from the 'full path in the address bar' in explorer)
  
• Click the Start button, and then click Run.
  In the Run dialog box, in the Open box, paste the command below, and then click OK.

  nircmd.exe exec hide setenv /v HFSlip "~$clipboard$"

• Click the Start button, and then click Run.
  In the Run dialog box, in the Open box, paste the command below, and then click OK.

  nircmd.exe execmd for /f "tokens=1-8*" %a in ('type "%SystemRoot%\Windows_Update.log" ^|findstr /i /l /c:"Downloaded file"') do echo.%h>>%HFslip%\ws03full.txt

• Click the Start button, and then click Run.
  In the Run dialog box, in the Open box, paste the command below, and then click OK.

  lilleDL.exe --disable_save_dialog --default_dir:"%HFSLIP%\HF" --load_queue_file:%HFslip%\ws03full.txt --minimize --start_queue

Security Releases on Windows Update Quick Details:

December 12th, 2006 new

November 20th, 2006 +3 new, +1 new for MSXML4, +1 new for MSXML6

October 10th, 2006 +5 new, +1 new for NDP20

September 27th, 2006 +1 Critical OutofCycle Security Bulletin released

September 12th, 2006 +1 new, +2 re-released

August 8th, 2006 +8 new

July 11th, 2006 +3 new, +1 re-released, +1 new for NDP20

June 13th, 2006 +7 new

May 9th, 2006 +0 new

April 11th, 2006 +5 new

March 14th, 2006 +0 new

February 14th, 2006 +3 new, +1 new for WindowsMedia

January 5th and January 10th, 2006 +2 new

November 2005

MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

Update: When Windows Automatic Updates tries to download updates on a Windows Server 2003-based or Windows XP-based computer, an access violation error may occur (910437)

October 2005

MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

Note: 907245 MS05-048 = WindowsServer2003-KB901017-x86-ENU.exe adding more confusion...

MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

MS05-050: Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

MS05-052: Cumulative security update for Internet Explorer (896688)

This update replaces previous Cumulative security update for IE 896727 and includes 903235

September 2005

Non-Affected Software

August 2005

MS05-039: Vulnerability in Plug and Play could allow remote code execution and elevation of privilege (899588)

MS05-040: Vulnerability in Telephony service could allow remote code execution (893756)

MS05-041: Vulnerability in Remote Desktop Protocol could allow denial of service (899591)

MS05-042: Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing (899587)

July 2005

MS05-036: Vulnerability in Microsoft Color Management Module could allow remote code execution (901214)

MS05-037: Vulnerability in JView Profiler could allow remote code execution (903235) superceeded by 896727

June 2005

MS05-026: A vulnerability in HTML Help could allow remote code execution (896358)

MS05-027: Vulnerability in Server Message Block could allow remote code (896422)

MS05-032: Vulnerability in Microsoft agent could allow spoofing (890046)

MS05-033: Vulnerability in Telnet client could allow information (896428)

May 2005

An update for Windows Installer 3.1 is available for Windows Server 2003 SP1 (898715)

April 2005

Windows Server 2003 Service Pack 1 (SP1) (889101)

+--------------------------------------------------------------------------------------------------------------------------+

Recommended Updates

These updates are not critical to your computer's security or performance but they can improve how some features, programs, or devices work.

Microsoft Base Smart Card Crypto Provider Package: x86 (KB909520) - (Posted Date: November 18, 2005)

Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP.

Microsoft .NET Framework 2.0: x86 (KB829019) - (Posted Date: November 04, 2005)

The .NET Framework version 2.0 improves scalability and performance with improved caching, application deployment and updating with ClickOnce, and support for the broadest array of browsers and devices with ASP.NET 2.0 controls and services.

Update for Windows Server 2003 (KB904942) - (Posted Date: May 19, 2006)

Install this update to resolve HTTP authentication issues in Windows-based systems that do not appear until Microsoft Internet Explorer 7 is installed.

Update for Windows Server 2003 (KB912945) - (Posted Date: February 26, 2006)

This update includes minor changes to how Internet Explorer handles some web pages that use Microsoft ActiveX controls. Certain webpages will require users to manually activate Active X controls by clicking on it or using the TAB key and ENTER key. This update contains all previously released security updates.

+--------------------------------------------------------------------------------------------------------------------------+

Windows Update Agent 2.0

build: 5.8.0.2469

WUA API required for accessing Microsoft Windows Update V6

+--------------------------------------------------------------------------------------------------------------------------+

Security updates are available on ISO-9660 CD image files from the Microsoft Download Center

Edited February 3, 2007 by Bilou_Gateux

[tommyp]

@Bilou_Gateux - Thanks for the post. I stickied it. Keep up the good work as always.

[saugatak]

@Bilou_Gateaux, is there a post SP1 update to Win2kServer that has the latest NTDETECT.COM or ntldr?

[SiMoNsAyS]

thanks for the list, i'll certainly use it

[Bilou_Gateux]

Getting the Hotfixes, Method 4, HFNetChk

The Microsoft Baseline Security Analyzer (MBSA) also scans and reports common security-related misconfigurations and can help you install missing security updates for Windows-based computers.

Scan date: 12/07/2006 11:59

KB893756

KB896358

KB896424

KB896428

KB898715

KB899587

KB899588

KB899589

KB899591

KB900725

KB901017

KB901214

KB902400

KB904706

KB905414

KB908519

KB908531

KB910437

KB911280

KB911562

KB911567

KB911927

KB912919

KB914388

KB914389

KB917344

KB917422

KB917734

KB917953

KB918439

KB920213

KB920214

KB920670

KB920683

KB920685

KB921398

KB921883

KB922582

KB922616

KB922760

KB922819

KB923414

KB923980

KB924191

KB924496

KB925486

+--------------------------------------------------------------+

Integrate and slipstream Security Updates above:

download all HFs: Windows Update Catalog

HF Integrate Phase 1 batch: HF1.cmd requires hiveupd.cmd to output hivesft.txt and hivecls.txt

extract HFs and integrate files into source

HF Slipstream Phase 2 batch: HFINT.cmd

compress updated binaries into source using Microsoft autogenerated i386\svcpack\HFINT.DAT

(not done) Phase 3 batch used to merge hivesft.txt and hivecls.txt:

all registry additions are being handled within hivesft.inf and hivecls.inf: Insert text into existing .inf with gsar and sed. Do various edit to TXTSETUP.SIF and DOSNET.INF

+--------------------------------------------------------------+

Windows Update Agent 2.0

Install Method 1: SVCPACK.INF

Install Method 2: slipstreaming into source

EDIT: integrated in HFSLIP. This method is only for educational purpose.

I have written a small batch wuagnt20.cmd which download required files and slipstream into source.

Edit the file, search ::Initialize variables section,

set variable CDROOT = correct_path,

set variable DOWNLOADER = correct_path_to_exe,

save as without .txt extension

How can I create a Windows Server 2003 bootable CD-ROM that has Service Pack 1 (SP1) slipstreamed into it?

Edited December 7, 2006 by Bilou_Gateux

[the_guy]

Note:

907245 MS05-048 = WindowsServer2003-KB901017-x86-ENU.exe adding more confusion...

Actually, 901017 is the Windows vulnerability. 907245 is the same thing, but it is confusing. 906780 is for Exchange. They all use MS05-048. It is the same vulnerability.

Confusing, true.

the_guy

[danholme]

The link to 899587 in the list actually goes to 899591... needs a quick correction on the href.

[Bilou_Gateux]

Last update August 9, 2005

Manual download from a pick list: due to lack of time, won't be updated

Step by step:

• download Two Pilots dPilot™ - friendly user interface for GNU WGet downloader.
  
• download attached file and owerwrite products.txt in dPilot folder.
  
• launch dPilot. On 3rd tab, CLICK on the "Refresh info" button: WS03 updated list will be downloaded from my web space.
  
• pick Microsoft updates from the list and start downloading...
  

In the dPilot folder, you need the following files:

wget.exe 1.8.1 (included in Two Pilots distro)

gpl.txt (included in Two Pilots distro)

help.txt (included in Two Pilots distro)

products.txt (included in Two Pilots distro)

replace original dpilot.exe with special compiled version. post #6 here. Credits to dman. or right-click here and Save

as dPilot.exe (without the .txt extension).

This one use my own web space URL to check current version.txt and download products.txt file.

Microsoft Security Response Center Blog

January, 2006

Microsoft now releases ISO-9660 CD image files that contain all the security and critical updates that are released on the Microsoft Windows Update Web site for Windows and for other Microsoft products. The ISO image files are released at the same time as security and critical updates are released on the Windows Update Web site.

The ISO image files are intended for corporate administrators who:

Manage large multinational organizations.

Must download multiple individual language versions of each security update.

Do not use an automated solution such as Microsoft Windows Server Update Services (WSUS).

By using the ISO image files, administrators can download multiple updates in all languages at the same time.

More information: Security updates available on ISO-9660 image files

Edited September 15, 2006 by Bilou_Gateux

[Bilou_Gateux]

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

Brief Description

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Edited June 23, 2006 by Bilou_Gateux

[SwiftNomad]

Bilou_Gateux, I will like to thank you. Two things; this this is exactly what I been looking for. I'm a no0b at networking but I am driven to excel! So I learned how to slipstream SP1 in the i386 folder so now it's for updates and SQL Server, MXE, and the whole works!

This post rocks! =)

SwiftNomad

[tadc]

Thanks for the great list... however:

MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution (911127)

should point to KB911927 (not 911127)

[Bilou_Gateux]

A tip of the hat to tadc (and Tomcat76 per PM) for pointing this error out.

Correction done!

Edited September 15, 2006 by Bilou_Gateux

[eyeball]

Anyone know which of these hotfixes are already included in 2003 R2? if any?

[Bilou_Gateux]

None of them are included in Server 2003 R2

Server 2003 R2 description:

CD1 software is an interim release that is built on Windows Server 2003 Service Pack 1 includes launcher CD2CHAIN.EXE

CD2 includes a variety of features and improvements

[dziubek]

Update for Windows Server 2003 (KB927620)

Install this update to resolve performance issues experienced when using a Windows-based system to implement Winsock Direct (WSD) in a fast System Area Network (SAN) environment.

Update for Windows Server 2003 (KB924286)

This update adds support for Ethernet-based Remote Direct Memory Access (RDMA) to Windows-based systems.

Update for Windows Server 2003 (KB928388)

Installing this update enables your computer to automatically adjust the computer clock on the correct date in 2007 due to revised Daylight Saving Time laws in many countries.