Windows XP (all)

[the_guy]

Windows XP Service Pack 3

Changelog:

August 15-Added 950974, 951066, 952954, 953838, and 953839. Removed 950759 and 950760.

July 10-Added 951748.

June 27-Initial Release! Added 951698, 951376, 950762, 950760, and 950759. Also added 938127 for IE7.

Legend:

Windows

Internet Explorer 6

Internet Explorer 7

Windows Media Player 9

Windows Media Player 10

Windows Media Player 11

**New Update**

June 2008:

951376 - MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution

951698 - MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution

950762 - MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service

July 2008:

951748 - MS08-037: Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008

August 2008:

**952954 - MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution**

**951066 - MS08-048: Security Update for Outlook Express and Windows Mail**

**950974 - MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution**

**953839: Cumulative Security Update for ActiveX**

Internet Explorer 6

**953838 - MS08-045: Cumulative Security Update for Internet Explorer**

This update replaces previous Cumulative security update for IE 950759

Roots Update direct download link UPDATED September 25 2007!

Internet Explorer 7

938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution

**953838 - MS08-045: Cumulative Security Update for Internet Explorer**

This update replaces previous Cumulative security update for IE 950759

Roots Update direct download link UPDATED September 25 2007!

Windows Media Player 9

Nothing yet!

Windows Media Player 10

923689 - MS06-078: Vulnerability in Windows Media Player could allow remote code execution UPDATED JULY 10, 2007!

936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution

941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

Windows Media Player 11

936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution

941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

-----------------------------------------------------------------------------------------------------------------------------

Windows XP Service Pack 2

Changelog:

August 15-Added 950974, 951066, 952954, 953838, and 953839. Removed 941202, 950759, and 950760.

July 10-Added 951748. Removed 922819 and 941644.

June 27-Added 951698, 951376, 950762, 950760, 950759 and 950749. Removed 948881, 947864, 941568, and 919007.

April 18-Added 941693, 945553, 947864, 948590, and 948881. Removed 938829 and 944533.

March 5-Added 942830, 942831, 944533, 946026, and 947890. Removed 917537, 921503, and 942615

January 10-Added 941644 and 943485. Removed 917953. Fixed typos.

December 16-Added 937894, 941568, 941569, 942615, and 944653. Removed 904706 and 939653. Also added WMP9 updates as that's what's included in XP SP2.

November 16-Added 943460

October 27-Updated 936357 to version 2.

October 10-Added 933729, 939653, and 941202. Removed 937143. Updated Roots Certificate Update.

August 25-Fixed 937413 with correct 937143.

August 14-Added 921503, 936227, 936782, 937413, 938127, 938829, and Windows Script 5.7. Removed 917734, 924191, 929969, 933566, and Windows Script 5.6.

July 11-Added 939373 and 936357. Updated Roots Certificate Update. Removed 885626.

June 20-Added 929123, 933566, 935839, and 935840. Removed 917422, 923694, and 931768.

May 11-Added 931768. Removed 928090.

April 14 (update #2)-Added 935448. Removed 928843.

April 14-Added 925902, 931261, 932168, 930178, and 931784. Removed 896424 and 912919.

March 17-Fixed Technical issues.

February 17-Added 928255, 927802, 928843, 927779, 926436, 924667, 918118, and 928090. Removed 925454, 921398, and 922616

January 10-Added 929969. Removed 925486.

December 19-Added 925454 to IE6 updates. Added 926247, 926255, 923694, and 925398. Added 923689 to WMP10 updates. Removed 922760, 911567, and 920214.

November 17-Added 923980, 922760, 920213, 923789 and 924270. Removed 885835, 890046, 918899, 899589, 921883, 924496 and 913433.

October 10-Added 923191, 924191, 923414. Removed 917159.

September 26-Added 925486.

September 13-Added 919007, 920685, 920872, and 922582.

August 28-Added 887472, 902400, and 913433 (missing) Removed 912817 as it's not high priority.

August 9-Added 917422, 918899, 920214, 920670, 920683, 921398, 921883, and 922616. Removed 916281 and 888113.

Legend:

Windows

Internet Explorer 6

Internet Explorer 7

Windows Media Player 9

Windows Media Player 10

Windows Media Player 11

**New Update**

December 2004:

885836 - MS04-041: A vulnerability in WordPad could allow code execution

873339 - MS04-043: Vulnerability in HyperTerminal could allow code execution

886185: Description of the critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2

February 2005:

888302 - MS05-007: Vulnerability in Windows could allow information disclosure

887472 - MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution

891781 - MS05-013: Vulnerability in the DHTML editing component ActiveX control could allow code execution

April 2005:

890859 - MS05-018: Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service

May 2005:

893803: Windows Installer 3.1 (v2) is available

June 2005:

896358 - MS05-026: A vulnerability in HTML Help could allow remote code execution

896428 - MS05-033: Vulnerability in Telnet client could allow information

898461: Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4

July 2005:

901214 - MS05-036: Vulnerability in Microsoft Color Management Module could allow remote code execution

August 2005:

893756 - MS05-040: Vulnerability in Telephony service could allow remote code execution

899591 - MS05-041: Vulnerability in Remote Desktop Protocol could allow denial of service

899587 - MS05-042: Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing

896423 - MS05-043: Vulnerability in Print Spooler service could allow remote code execution

October 2005:

905414 - MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service

905749 - MS05-047: Vulnerability in Plug and Play could allow remote code execution and local elevation of privilege

901017/907245 - MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution

900725 - MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code Execution

902400 - MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution

December 2005:

910437: When Windows Automatic Updates tries to download updates on a Windows Server 2003-based or Windows XP-based computer, an access violation error may occur

January 2006:

908519 - MS06-002: Vulnerability in Embedded Web Fonts Could Allow Code Execution

February 2006:

911564 - MS06-006: Vulnerability in Windows Media plug-in with non-Microsoft Internet Browsers could allow remote code execution

911927 - MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution

901190 - MS06-009: Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege

April 2006:

911562 - MS06-014: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution

908531 - MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution

May 2006:

913580 - MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service

June 2006:

918439 - MS06-022: Vulnerability in ART image rendering could allow remote code execution

911280 - MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution

914389 - MS06-030: Vulnerability in Server Message Block Could Allow Elevation of Privilege

916595: Stop error message on a Windows XP-based computer: "STOP 0x000000D1"

July 2006:

914388 - MS06-036: A vulnerability in the DHCP Client Service could allow remote code execution

August 2006:

920683 - MS06-041: Vulnerability in DNS resolution could allow remote code execution

920670 - MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library could allow remote code execution

September 2006:

920685 - MS06-053: Vulnerability in Indexing Service Could Allow Cross-Site Scripting

920872: Audio playback does not play the audio file from the correct position after you pause it, and you randomly receive a Stop error message when you try to play audio files in Windows XP Service Pack 2 (SP2)

922582: Error message when you try to update a Microsoft Windows-based computer: "0x80070002"

October 2006:

923191 - MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution

923414 - MS06-063: Vulnerability in Server Service Could Allow Denial of Service

November 2006:

923980 - MS06-066: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution

920213 - MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution

923789 - MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution

924270 - MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution

December 2006:

926247 - MS06-074: Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution

926255 - MS06-075: Vulnerability in Windows could allow elevation of privilege

925398 - MS06-078: Vulnerability in Windows Media Player 6.4 could allow remote code execution

February 2007:

928255 - MS07-006: Vulnerability in Windows Shell could allow elevation of privilege

927802 - MS07-007: Vulnerability in Windows Image Acquisition Service could allow elevation of privilege

927779 - MS07-009: Vulnerability in Microsoft Data Access Components could allow remote code execution

926436 - MS07-011: Vulnerability in Microsoft OLE Dialog could allow remote code execution

924667 - MS07-012: Vulnerability in Microsoft Foundation Classes could allow for remote code execution

918118 - MS07-013: Vulnerability in Microsoft RichEdit could allow remote code execution

April 2007:

925902 - MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution

931261 - MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution

932168 - MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution

930178 - MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution

931784 - MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege

935448: Certain third-party applications may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation"

June 2007:

935840 - MS07-030: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution

929123 - MS07-034: Cumulative Security Update for Outlook Express and Windows Mail

935839 - MS07-035: Vulnerability in Win 32 API Could Allow Remote Code Execution

July 2007:

939373 - MS07-041: Vulnerability in Internet Information Services could allow remote code execution

August 2007:

936227 - MS07-042: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

October 2007:

933729 - MS07-058: Vulnerability in RPC Could Allow Denial of Service

936357: A microcode reliability update is available that improves the reliability of systems that use Intel processors UPDATED October 23 2007!

November 2007:

943460 - MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution

December 2007:

937894 - MS07-065: Vulnerability in Message Queuing Service could allow remote code execution in Windows XP and in Windows 2000

944653 - MS07-067: Vulnerability in Macrovision driver could allow local elevation of privilege

January 2008:

943485 – MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege

February 2008:

942831 - MS08-005: Vulnerability in Internet Information Services could allow elevation of privileges

942830 - MS08-006: Vulnerability in Internet Information Services could allow remote code execution

946026 - MS08-007: Vulnerability in WebDAV Mini-Redirector could allow remote code execution

947890 - MS08-008: A vulnerability in OLE Automation could allow remote code execution

April 2008:

945553 - MS08-020: Vulnerability in DNS Client Could Allow Spoofing

948590 - MS08-021: Vulnerabilities in GDI Could Allow Remote Code Execution

941693 - MS08-025: Vulnerability in Windows Kernel Could Allow Elevation of Privilege

May 2008:

950749 - MS08-028: Vulnerability in the Microsoft Jet Database Engine could allow remote code execution

June 2008:

951376 - MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution

951698 - MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution

950762 - MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service

July 2008:

951748 - MS08-037: Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008

August 2008:

**952954 - MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution**

**951066 - MS08-048: Security Update for Outlook Express and Windows Mail**

**950974 - MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution**

**953839: Cumulative Security Update for ActiveX**

Internet Explorer 6

938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution

**953838 - MS08-045: Cumulative Security Update for Internet Explorer**

This update replaces previous Cumulative security update for IE 950759

Roots Update direct download link UPDATED September 25 2007!

Windows Script 5.7.0.16535 direct download link

Internet Explorer 7

938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution

**953838 - MS08-045: Cumulative Security Update for Internet Explorer**

This update replaces previous Cumulative security update for IE 950759

Roots Update direct download link UPDATED September 25 2007!

Windows Script 5.7.0.16535 direct download link

Windows Media Player 9

911564 - MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution

936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution

941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

Windows Media Player 10

923689 - MS06-078: Vulnerability in Windows Media Player could allow remote code execution UPDATED JULY 10, 2007!

936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution

941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

Windows Media Player 11

936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution

941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

-----------------------------------------------------------------------------------------------------------------------------

Windows XP Service Pack 1:

SP1.htm

-----------------------------------------------------------------------------------------------------------------------------

This checked as of August 15, 2008. Please tell me any inaccuracies with high priority updates ONLY.

the_guy

Edited August 15, 2008 by the_guy

[the_guy]

I have updated this topic to include Windows XP Service Pack 1. If Anyone finds it too confusing, I will split the topics.

the_guy

[JuMz]

Wow. Awesome job. I like the month to month breakdown. Props!

[the_guy]

Updated with August Patches.

the_guy

[the_guy]

In the next day or 2 I plan on updating the list. It will remove 912817 and re-add MS05-051. 894391 is replaced by 902400 (have NO idea why it still shows up on WU). 887472 and 913433 will be added in the next update (somehow missed them).

the_guy

[heisking]

the_guy

902400 was replaced by 912817

heisking

[the_guy]

heisking

912817 is not a high priority update on WU/MU, so that's why it's being removed.

the_guy

[Tomcat76]

894391 is replaced by 902400 (have NO idea why it still shows up on WU).

It doesn't show for me. I think you misread OE's post: he was testing with a clean SP2 source. It does happen that Windows Update lists replaced updates along with the newer versions if both are newer than what's installed.

[the_guy]

I did. That's what I was getting at.

List will be updated soon.

the_guy

[Tomcat76]

I remember there was an optional update (showing on Windows Update!) which replaced a critical update but I don't remember which two updates were involved. So it's possible that Windows Update complains about a missing critical update if you don't include the optional updates from my list.

[the_guy]

Ok. Do you know which one?

List is now updated.

the_guy

[the_guy]

List updated with September Patches.

the_guy

[the_guy]

Updated list to add 925486.

the_guy

[the_guy]

Updated list with October fixes.

the_guy

[saugatak]

Tomcat, you are still including KB917159 in your XP list, which was replaced with KB923414 in latest updates.

Also, in my list I have KB923996v2, which neither of you two include. I'm confused by KB923996v2 because it can be downloaded from this page, but it links to Microsoft Security Bulletin MS06-042 which refers to KB918899, an IE cumulative fix.

Let me know what you guys think. Thanks.