HOTFIXES: Windows XP SP2 & Windows 2000 SP4

**Incroyable HULK** · January 6, 2005

It was listed as a critical update?

I just ran a simulation today (to check for other things) and just for the fun of it I went to Windows Update... and I didn't get this one.

**Incroyable HULK** · January 7, 2005

@mythosaz

well, what to say, I've been using this command since the beginning of my Unattended adventure... I've seen it in the guide and some other place too.

You are probably right about the fact there is no needs for to much switches!

**ander** · January 7, 2005

yepp, it was listed as critical....

as i'm still building and "trying" my cd, i let u know, if it happens again.

**Reino** · January 7, 2005

Perhaps this "(Replaced) Hotfixes document" I made my self whould help clearing some things out for you guys

http://www.microsoft.com/technet/security/bulletin/MS..-....mspx
http://support.microsoft.com/?kbid=......
================================================================
Security Updates included in WinXP SP2:
---------------------------------------
MS04-025 KB867801 - Cumulative Security Update for Internet Explorer
MS04-024 KB839645 - Vulnerability in Windows Shell Could Allow Remote Code Execution
MS04-023 KB840315 - Vulnerability in HTML Help Could Allow Code Execution
MS04-022 KB841873 - Vulnerability in Task Scheduler Could Allow Code Execution
MS04-018 KB823353 - Cumulative Security Update for Outlook Express
MS04-016 KB839643 - Vulnerability in DirectPlay Could Allow Denial of Service
MS04-015 KB840374 - Vulnerability in Help and Support Center Could Allow Remote Code Execution
MS04-014 KB837001 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
MS04-013 KB837009 - Cumulative Security Update for Outlook Express
MS04-012 KB828741 - Cumulative Update for Microsoft RPC/DCOM
MS04-011 KB835732 - Security Update for Microsoft Windows
MS04-007 KB828028 - ASN.1 Vulnerability Could Allow Code Execution
MS04-004 KB832894 - Cumulative Security Update for Internet Explorer
MS04-003 KB832483 - Buffer Overrun in MDAC Function Could Allow Code Execution
MS03-051 KB813360 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution
MS03-049 KB828749 - Buffer Overrun in the Workstation Service Could Allow Code Execution
MS03-048 KB824145 - Cumulative Security Update for Internet Explorer
MS03-045 KB824141 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
MS03-044 KB825119 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
MS03-043 KB828035 - Buffer Overrun in Messenger Service Could Allow Code Execution
MS03-041 KB823182 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution
MS03-040 KB828750 - Cumulative Patch for Internet Explorer
MS03-039 KB824146 - Buffer Overrun in RPCSS Service Could Allow Code Execution
MS03-034 KB824105 - Flaw in NetBIOS Could Lead to Information Disclosure
MS03-032 KB822925 - Cumulative Patch for Internet Explorer
MS03-030 KB819696 - Unchecked Buffer in DirectX Could Enable System Compromise
MS03-027 KB821557 - Unchecked Buffer in Windows Shell Could Enable System Compromise
MS03-026 KB823980 - Buffer Overrun in RPC Interface Could Allow Code Execution
MS03-024 KB817606 - Buffer Overrun in Windows Could Lead to Data Corruption
MS03-023 KB823559 - Buffer Overrun in HTML Converter Could Allow Code Execution
MS03-021 KB819639 - Flaw in Windows Media Player May Allow Media Library Access
MS03-020 KB818529 - Cumulative Patch for Internet Explorer
MS03-018 KB811114 - Cumulative Patch for Internet Information Service
MS03-015 KB813489 - Cumulative Patch for Internet Explorer
MS03-014 KB330994 - Cumulative Patch for Outlook Express
MS03-013 KB811493 - Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges
MS03-010 KB331953 - Flaw in RPC Endpoint Mapper Could Allow Denial of Service
MS03-008 KB814078 - Flaw in Windows Script Engine Could Allow Code Execution
MS03-007 KB815021 - Unchecked Buffer in Windows Component Could Cause Server Compromise
MS03-005 KB810577 - Microsoft Security Bulletin MS03-005
MS03-004 KB810847 - Cumulative Patch for Internet Explorer
MS03-001 KB810833 - Unchecked Buffer in Locator Service Could Lead to Code
MS02-072 KB329390 - Unchecked Buffer in Windows Shell Could Enable System Compromise
MS02-071 KB328310 - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation
MS02-070 KB329170 - Flaw in SMB Signing Could Enable Group Policy to be Modified
MS02-068 KB324929 - Cumulative Patch for Internet Explorer
MS02-066 KB328970 - Cumulative Patch for Internet Explorer
MS02-063 KB329834 - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks
MS02-062 KB327696 - Cumulative Patch for Internet Information Service
MS02-055 KB323255 - Unchecked Buffer in Windows Help Facility Could Enable Code Execution
MS02-050 KB329115 - Certificate Validation Flaw Could Enable Identity Spoofing
====================================================================================================
====
SP1 Hotfixes:
-------------
MS03-008 KB814078 - Flaw in Windows Script Engine Could Allow Code Execution (JS56NEN.exe)
Switch: /q:a /r:n
Replaced by: WinXp SP2
The problematic version of Windows Script 5.6.0.8513 should be replaced by version 5.6.0.8825 > http://www.microsoft.com/downloads/details.aspx?displaylang=nl&FamilyID=c717d943-7e4b-4622-86eb-95a22b832caa

MS03-011 KB816093 - Flaw in the Microsoft VM Could Enable System Compromise
Switch: /q:a /r:n
For XP SP1 and not SP1a

KB817778 - Advanced Networking Pack for Windows XP
Switch: /q /o /n /z (not svcpack.inf supported)

MS03-017 KB817787 - Flaw in Windows Media Player skins downloading could allow code execution
Switch: /q:a /r:n (not svcpack.inf supported and applicable upto WMP8 > no WMP9!)

KB822603 - Availability of the Windows XP SP1 USB 1.1 and 2.0 Update
Switch: /q /o /n /z

MS03-041 KB823182 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-018 KB823353 - Cumulative Security Update for Outlook Express
Switch: /q:a /r:n
Replaced by: WinXP SP2

MS03-034 KB824105 - Flaw in NetBIOS Could Lead to Information Disclosure
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS03-045 KB824141 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: MS04-032 KB840987, MS04-031 KB841533 and WinXP SP2

MS04-030 KB824151 - Vulnerability in WebDAV XML message handler could lead to a denial of service
Switch: /q /o /n /z

MS03-044 KB825119 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
Switch: /q /o /n /z
Replaced by: WinXP SP2

KB826939 - Update Rollup 1 for Windows XP
Switch: /q /o /n /z
Replaced by: WinXP SP2 (almost completely)

KB828026 - Update for Windows Media Player URL Script Command Behavior
Switch: /q /o /n /z
Replaced by: KB832353 (applicable upto WMP9 > no WMP10!)

MS03-043 KB828035 - Buffer Overrun in Messenger Service Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-012 KB828741 - Cumulative Update for Microsoft RPC/DCOM
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-003 KB832483 - Buffer Overrun in MDAC Function Could Allow Code Execution
Switch: /C:""dahotfix.exe /q /n"" /q:a"
Replaced by: WinXP SP2

KB832353 - Some URL script commands do not work after you apply the Windows Media update from Knowledge Base article 828026
Switch: /q /o /n /z
Replaces: KB828026 (applicable upto WMP9 > no WMP10!)

MS04-028 KB833987 - Buffer overrun in JPEG processing (GDI+) could allow code execution
Switch: /q /o /n /z

MS04-038 KB834707 - Cumulative Security Update for Internet Explorer
Switch: /q /o /n /z
Replaces: MS04-025 KB867801
Replaced by: KB873377, MS04-040 KB889293 and KB889669

MS04-011 KB835732 - Security Update for Microsoft Windows
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-014 KB837001 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-024 KB839645 - Vulnerability in Windows Shell Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaced by: MS04-027 KB841356 and WinXP SP2

MS04-023 KB840315 - Vulnerability in HTML Help Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-015 KB840374 - Vulnerability in Help and Support Center Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2

MS04-032 KB840987 - Security Update for Microsoft Windows
Switch: /q /o /n /z
Replaces: MS03-045 KB824141

MS04-027 KB841356 - Vulnerability in Windows Shell Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaces: MS04-024 KB839645

MS04-031 KB841533 - Vulnerability in NetDDE Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaces: MS02-071 KB328310 and MS03-045 KB824141 (both are within WinXP SP2)

MS04-022 KB841873 - Vulnerability in Task Scheduler Could Allow Code Execution
Switch: /q /o /n /z
Replaced by: WinXP SP2 

KB842773 - Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1
Switch: /q /o /n /z

MS04-025 KB867801 - Cumulative Security Update for Internet Explorer
Switch: /q:a /r:n
Replaced by: MS04-038 KB834707

KB870669 - Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer
Switch: /q:a /r:n

KB873374 - Microsoft GDI+ Detection Tool (related to MS04-028 KB833987)
The Microsoft GDI+ Detection Tool is not a hotfix but a little program
which detects programs that maybe vulnerable to MS04-28 KB833987.

MS04-034 KB873376 - Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution
Switch: /q /o /n /z
Replaces: MS02-054 KB329048)

KB873377 - Update Rollup for Internet Explorer SP1
Switch: /q /o /n /z
Replaces: MS04-038 KB834707
Replaced by: KB889669

KB883357 - Your backup program may fail or incorrectly exclude some files from your backup in Windows XP
Switch: /q /o /n /z

MS04-044 KB885835 - Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege
Switch: /q /o /n /z

MS04-040 KB889293 - Cumulative Security Update for Internet Explorer
Switch: /q /o /n /z
Replaces: MS04-038 KB834707
Replaced by: KB889669

KB889669 - Update Rollup for Internet Explorer 6 SP1
Switch: /q /o /n /z
Replaces: MS04-040 KB889293, KB873377 and MS04-038 KB834707
====================================================================================================
=======================
SP2 Hotfixes:
-------------
KB884020 - Programs that connect to IP addresses that are in the loopback address range may not work as you expect in Windows XP Service Pack 2
Switch: /q /o /n /z

MS04-044 KB885835 - Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege
Switch: /q /o /n /z
Replaces: MS03-005 KB810577 and MS03-013 KB811493 (both are within WinXP SP2)

KB886185 - Critical Update for Windows XP Service Pack 2
Switch: /q /o /n /z

KB887797 - Cumulative Update for Outlook Express for Windows XP
Switch: /q /o /n /z
KB823353 is required to be installed before applying this hotfix!!!

**SilverBulletUK** · January 7, 2005

@CoRoNe

Very nice list mate, appreciated.

**Lucius Snow** · January 10, 2005

According clubic.com, 3 new security holes in I.E. have been discovered.

**Incroyable HULK** · January 10, 2005

According Clubic.com, three new security holes have been discovered in Windows XP. Only one of them concerns Windows XP SP2. No hotfix released yet.

You are Double Posting!

**Lucius Snow** · January 10, 2005

According Clubic.com, three new security holes have been discovered in Windows XP. Only one of them concerns Windows XP SP2. No hotfix released yet.
You are Double Posting!

lol !

**RyanVM** · January 10, 2005

According clubic.com, 3 new security holes in I.E. have been discovered.

They aren't new security holes. They've been known about for three months. What's new is that Secunia upgraded their threat level.

2004-10-21: Updated advisory.
2004-10-28: Added another workaround in "Solution" section and linked to Microsoft Knowledge Base article.
2004-11-02: Updated with additional information in "Description" and "Solution" section.
2004-11-29: Updated "Description" section with additional information from Paul.
2004-12-23: Added link to US-CERT vulnerability note.
2004-12-25: Updated "Description" section with additional information from Paul and Michael Evanchik.
2005-01-07: Increased rating. Added link to test. Updated "Description" and "Solution" sections.

Leave it to the sensationalists to botch the story

**Lucius Snow** · January 10, 2005

Ahhh so they're the same. Fair enough, that'll make less hotfixes.

**willpantin** · January 11, 2005

OK, two new updates are out which seem to be missing on the list on page 1...!

KB890830

and

KB890175

**sixpack** · January 11, 2005

KB890830 is a scan tool for mydoom etc.

but show's up on windows update

the last time we had somthing like this there was a regtweak if i remember well

**RyanVM** · January 11, 2005

Version 1.0.5 of my update pack is in final testing now. It should be ready to go in a couple hours barring an emergency. Keep your eyes on my signature or my website for when it's officially out.

EDIT: It's out.

**war59312** · January 12, 2005

So are the two new ones included?

Yeap appears so.

**Incroyable HULK** · January 12, 2005

I have added the two new hotfixes for Windows XP SP2.

Sign In

HOTFIXES: Windows XP SP2 & Windows 2000 SP4

Recommended Posts

Incroyable HULK

Incroyable HULK

ander

Reino

SilverBulletUK

Lucius Snow

Incroyable HULK

Lucius Snow

RyanVM

Lucius Snow

willpantin

sixpack

RyanVM

war59312

Incroyable HULK

Recently Browsing 0 members

Activity

Browse