Jump to content

HOTFIXES: Windows XP SP2 & Windows 2000 SP4


Recommended Posts


Perhaps this "(Replaced) Hotfixes document" I made my self whould help clearing some things out for you guys :)

http://www.microsoft.com/technet/security/bulletin/MS..-....mspx
http://support.microsoft.com/?kbid=......
================================================================
Security Updates included in WinXP SP2:
---------------------------------------
MS04-025 KB867801 - Cumulative Security Update for Internet Explorer
MS04-024 KB839645 - Vulnerability in Windows Shell Could Allow Remote Code Execution
MS04-023 KB840315 - Vulnerability in HTML Help Could Allow Code Execution
MS04-022 KB841873 - Vulnerability in Task Scheduler Could Allow Code Execution
MS04-018 KB823353 - Cumulative Security Update for Outlook Express
MS04-016 KB839643 - Vulnerability in DirectPlay Could Allow Denial of Service
MS04-015 KB840374 - Vulnerability in Help and Support Center Could Allow Remote Code Execution
MS04-014 KB837001 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
MS04-013 KB837009 - Cumulative Security Update for Outlook Express
MS04-012 KB828741 - Cumulative Update for Microsoft RPC/DCOM
MS04-011 KB835732 - Security Update for Microsoft Windows
MS04-007 KB828028 - ASN.1 Vulnerability Could Allow Code Execution
MS04-004 KB832894 - Cumulative Security Update for Internet Explorer
MS04-003 KB832483 - Buffer Overrun in MDAC Function Could Allow Code Execution
MS03-051 KB813360 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution
MS03-049 KB828749 - Buffer Overrun in the Workstation Service Could Allow Code Execution
MS03-048 KB824145 - Cumulative Security Update for Internet Explorer
MS03-045 KB824141 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
MS03-044 KB825119 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
MS03-043 KB828035 - Buffer Overrun in Messenger Service Could Allow Code Execution
MS03-041 KB823182 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution
MS03-040 KB828750 - Cumulative Patch for Internet Explorer
MS03-039 KB824146 - Buffer Overrun in RPCSS Service Could Allow Code Execution
MS03-034 KB824105 - Flaw in NetBIOS Could Lead to Information Disclosure
MS03-032 KB822925 - Cumulative Patch for Internet Explorer
MS03-030 KB819696 - Unchecked Buffer in DirectX Could Enable System Compromise
MS03-027 KB821557 - Unchecked Buffer in Windows Shell Could Enable System Compromise
MS03-026 KB823980 - Buffer Overrun in RPC Interface Could Allow Code Execution
MS03-024 KB817606 - Buffer Overrun in Windows Could Lead to Data Corruption
MS03-023 KB823559 - Buffer Overrun in HTML Converter Could Allow Code Execution
MS03-021 KB819639 - Flaw in Windows Media Player May Allow Media Library Access
MS03-020 KB818529 - Cumulative Patch for Internet Explorer
MS03-018 KB811114 - Cumulative Patch for Internet Information Service
MS03-015 KB813489 - Cumulative Patch for Internet Explorer
MS03-014 KB330994 - Cumulative Patch for Outlook Express
MS03-013 KB811493 - Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges
MS03-010 KB331953 - Flaw in RPC Endpoint Mapper Could Allow Denial of Service
MS03-008 KB814078 - Flaw in Windows Script Engine Could Allow Code Execution
MS03-007 KB815021 - Unchecked Buffer in Windows Component Could Cause Server Compromise
MS03-005 KB810577 - Microsoft Security Bulletin MS03-005
MS03-004 KB810847 - Cumulative Patch for Internet Explorer
MS03-001 KB810833 - Unchecked Buffer in Locator Service Could Lead to Code
MS02-072 KB329390 - Unchecked Buffer in Windows Shell Could Enable System Compromise
MS02-071 KB328310 - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation
MS02-070 KB329170 - Flaw in SMB Signing Could Enable Group Policy to be Modified
MS02-068 KB324929 - Cumulative Patch for Internet Explorer
MS02-066 KB328970 - Cumulative Patch for Internet Explorer
MS02-063 KB329834 - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks
MS02-062 KB327696 - Cumulative Patch for Internet Information Service
MS02-055 KB323255 - Unchecked Buffer in Windows Help Facility Could Enable Code Execution
MS02-050 KB329115 - Certificate Validation Flaw Could Enable Identity Spoofing
====================================================================================================
====
SP1 Hotfixes:
-------------
MS03-008 KB814078 - Flaw in Windows Script Engine Could Allow Code Execution (JS56NEN.exe)
Switch: /q:a /r:n
Replaced by: WinXp SP2
The problematic version of Windows Script 5.6.0.8513 should be replaced by version 5.6.0.8825 > http://www.microsoft.com/downloads/details.aspx?displaylang=nl&FamilyID=c717d943-7e4b-4622-86eb-95a22b832caa

MS03-011 KB816093 - Flaw in the Microsoft VM Could Enable System Compromise
Switch: /q:a /r:n
For XP SP1 and not SP1a

KB817778 - Advanced Networking Pack for Windows XP
Switch: /q /o /n /z (not svcpack.inf supported)

MS03-017 KB817787 - Flaw in Windows Media Player skins downloading could allow code execution
Switch: /q:a /r:n (not svcpack.inf supported and applicable upto WMP8 > no WMP9!)

KB822603 - Availability of the Windows XP SP1 USB 1.1 and 2.0 Update
Switch: /q /o /n /z

MS03-041 KB823182 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-018 KB823353 - Cumulative Security Update for Outlook Express
Switch: /q:a /r:n
Replaced by: WinXP SP2

MS03-034 KB824105 - Flaw in NetBIOS Could Lead to Information Disclosure
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS03-045 KB824141 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: MS04-032 KB840987, MS04-031 KB841533 and WinXP SP2

MS04-030 KB824151 - Vulnerability in WebDAV XML message handler could lead to a denial of service
Switch: /q /o /n /z

MS03-044 KB825119 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
Switch: /q /o /n /z
Replaced by: WinXP SP2

KB826939 - Update Rollup 1 for Windows XP
Switch: /q /o /n /z
Replaced by: WinXP SP2 (almost completely)

KB828026 - Update for Windows Media Player URL Script Command Behavior
Switch: /q /o /n /z
Replaced by: KB832353 (applicable upto WMP9 > no WMP10!)

MS03-043 KB828035 - Buffer Overrun in Messenger Service Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-012 KB828741 - Cumulative Update for Microsoft RPC/DCOM
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-003 KB832483 - Buffer Overrun in MDAC Function Could Allow Code Execution
Switch: /C:""dahotfix.exe /q /n"" /q:a"
Replaced by: WinXP SP2

KB832353 - Some URL script commands do not work after you apply the Windows Media update from Knowledge Base article 828026
Switch: /q /o /n /z
Replaces: KB828026 (applicable upto WMP9 > no WMP10!)

MS04-028 KB833987 - Buffer overrun in JPEG processing (GDI+) could allow code execution
Switch: /q /o /n /z

MS04-038 KB834707 - Cumulative Security Update for Internet Explorer
Switch: /q /o /n /z
Replaces: MS04-025 KB867801
Replaced by: KB873377, MS04-040 KB889293 and KB889669

MS04-011 KB835732 - Security Update for Microsoft Windows
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-014 KB837001 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-024 KB839645 - Vulnerability in Windows Shell Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaced by: MS04-027 KB841356 and WinXP SP2

MS04-023 KB840315 - Vulnerability in HTML Help Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-015 KB840374 - Vulnerability in Help and Support Center Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-032 KB840987 - Security Update for Microsoft Windows
Switch: /q /o /n /z
Replaces: MS03-045 KB824141

MS04-027 KB841356 - Vulnerability in Windows Shell Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaces: MS04-024 KB839645

MS04-031 KB841533 - Vulnerability in NetDDE Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaces: MS02-071 KB328310 and MS03-045 KB824141 (both are within WinXP SP2)

MS04-022 KB841873 - Vulnerability in Task Scheduler Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

KB842773 - Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1
Switch: /q /o /n /z

MS04-025 KB867801 - Cumulative Security Update for Internet Explorer
Switch: /q:a /r:n
Replaced by: MS04-038 KB834707

KB870669 - Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer
Switch: /q:a /r:n

KB873374 - Microsoft GDI+ Detection Tool (related to MS04-028 KB833987)
The Microsoft GDI+ Detection Tool is not a hotfix but a little program
which detects programs that maybe vulnerable to MS04-28 KB833987.

MS04-034 KB873376 - Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaces: MS02-054 KB329048)

KB873377 - Update Rollup for Internet Explorer SP1
Switch: /q /o /n /z
Replaces: MS04-038 KB834707
Replaced by: KB889669

KB883357 - Your backup program may fail or incorrectly exclude some files from your backup in Windows XP
Switch: /q /o /n /z

MS04-044 KB885835 - Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege
Switch: /q /o /n /z

MS04-040 KB889293 - Cumulative Security Update for Internet Explorer
Switch: /q /o /n /z
Replaces: MS04-038 KB834707
Replaced by: KB889669

KB889669 - Update Rollup for Internet Explorer 6 SP1
Switch: /q /o /n /z
Replaces: MS04-040 KB889293, KB873377 and MS04-038 KB834707
====================================================================================================
=======================
SP2 Hotfixes:
-------------
KB884020 - Programs that connect to IP addresses that are in the loopback address range may not work as you expect in Windows XP Service Pack 2
Switch: /q /o /n /z

MS04-044 KB885835 - Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege
Switch: /q /o /n /z
Replaces: MS03-005 KB810577 and MS03-013 KB811493 (both are within WinXP SP2)

KB886185 - Critical Update for Windows XP Service Pack 2
Switch: /q /o /n /z

KB887797 - Cumulative Update for Outlook Express for Windows XP
Switch: /q /o /n /z
KB823353 is required to be installed before applying this hotfix!!!

Link to comment
Share on other sites

According clubic.com, 3 new security holes in I.E. have been discovered.

They aren't new security holes. They've been known about for three months. What's new is that Secunia upgraded their threat level.

2004-10-21: Updated advisory.
2004-10-28: Added another workaround in "Solution" section and linked to Microsoft Knowledge Base article.
2004-11-02: Updated with additional information in "Description" and "Solution" section.
2004-11-29: Updated "Description" section with additional information from Paul.
2004-12-23: Added link to US-CERT vulnerability note.
2004-12-25: Updated "Description" section with additional information from Paul and Michael Evanchik.
2005-01-07: Increased rating. Added link to test. Updated "Description" and "Solution" sections.

Leave it to the sensationalists to botch the story :rolleyes:

Link to comment
Share on other sites

Version 1.0.5 of my update pack is in final testing now. It should be ready to go in a couple hours barring an emergency. Keep your eyes on my signature or my website for when it's officially out.

EDIT: It's out.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...