dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads




2. General Maintenance

This FAQ will be updated as bulletins are released throughout the year.

Notes:
  • All Security Bulletins can be found at the Microsoft Security Bulletin Search.
  • A summary of all Bulletins documented beginning in 2005 can be found in these archived FAQs -
  • Update Info
    • Updated MS08-024

    Released 04/08/08 Updated 4/11/08

    MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)

    Maximum Severity Rating: Important

    Affected Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Server 2008 for 32-bit Systems
    • Windows Server 2008 for x64-based Systems
    • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to clarify the Known Issues section of the FAQ.
    • V1.2 (April 11, 2008): Vulnerability FAQ updated to clarify the systems at risk and remove a reference to unsupported software.

    Released 04/08/08 Updated 4/22/08

    MS08-024 Cumulative Security Update for Internet Explorer (947864)

    Maximum Severity Rating: Critical

    Affected Component\Operating System:
    • Microsoft Internet Explorer 5.01 Service Pack 4
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Internet Explorer 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Internet Explorer 7
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista and Windows Vista Service Pack 1
      • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
      • Windows Server 2008 for 32-bit Systems
      • Windows Server 2008 for x64-based Systems
      • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 08, 2008): Bulletin published.
    • V1.1 (April 16, 2008): Corrected the uninstall utility path for Internet Explorer 6 for Windows XP.
    • V2.0 (April 22, 2008): Added Internet Explorer 7 for Windows XP Service Pack 3 and Internet Explorer 7 for Windows XP x64 Edition Service Pack 3 to affected software.

    Released 04/08/08 Updated 4/16/08

    MS08-023 Security Update of ActiveX Kill Bits (948881)

    Maximum Severity Rating: Critical

    Affected Component\Operating System:
    • Microsoft Internet Explorer 5.01 Service Pack 4
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Internet Explorer 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Server 2008 for 32-bit Systems
    • Windows Server 2008 for x64-based Systems
    • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 08, 2008): Bulletin published.
    • V1.1 (April 16, 2008): Corrected the uninstall utility path for this update on Windows XP (all editions).

    Released 04/08/08 Updated 4/9/08

    MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

    Maximum Severity Rating: Critical

    Affected Component\Operating System:
    • VBScript 5.1 and JScript 5.1
      • Microsoft Windows 2000 Service Pack 4
    • VBScript 5.6 and JScript 5.6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    Non-Affected Software\Operating System
    • Windows Vista
    • Windows Vista x64 Edition
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated. Combined JScript with VBScript in the Vulnerability Severity rating table.

    Released 04/08/08 Updated 4/11/08

    MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

    Maximum Severity Rating: Critical

    Affected Software\Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista and Windows Vista Service Pack 1
    • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    • Windows Server 2008 for 32-bit Systems
    • Windows Server 2008 for x64-based Systems
    • Windows Server 2008 for Itanium-based Systems
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to add a Known Issues link to Microsoft Knowledge Base Article 948590, to add a Known Issues section to the FAQ, to update the uninstall registry path, and to update the Acknowledgments.
    • V1.2 (April 11, 2008): Bulletin updated to remove a reference to unsupported software in the Vulnerability FAQs.

    Released 04/08/08 Updated 4/11/08

    MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553)

    Maximum Severity Rating: Important

    Affected Software\Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition
    Non-Affected Software
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to add Windows Vista x64 Edition to the list of affected software in the Executive Summary.
    • V1.2 (April 11, 2008): Vulnerability FAQ updated to clarify the systems at risk and remove a reference to unsupported software.

    Released 04/08/08 Updated 4/16/08

    MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

    Maximum Severity Rating: Important

    Affected Component\Office Suite and other Software:
    • Microsoft Office XP Service Pack 2
    • Microsoft Visio 2002 Service Pack 2
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Visio 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Visio 2003 Service Pack 3
    • 2007 Microsoft Office System
    • Microsoft Visio 2007
    • 2007 Microsoft Office System Service Pack 1
    Non-Affected Software
    • Microsoft Visio 2002 Viewer
    • Microsoft Visio 2003 Viewer
    • Microsoft Visio 2007 Viewer
    • Microsoft Visio 2007 Viewer Service Pack 1
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Known Issues updated.
    • V1.2 (April 11, 2008): Bulletin updated. FAQ entry added about known issue relating to a Visio 2007 detection problem.
    • V1.3 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2. Clarified the affected software table.

    Released 04/08/08 Updated 4/16/08

    MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)

    Maximum Severity Rating: Critical

    Affected Component\Office Suite and other Software:
    • Microsoft Project 2000 Service Release 1
    • Microsoft Project 2002 Service Pack 1
    • Microsoft Project 2003 Service Pack 2

    Non-Affected Software
    • Microsoft Project Server 2003
    • Microsoft Project Server 2003 Service Pack 3
    • Microsoft Project 2007
    • Microsoft Project 2007 Service Pack 1
    • Microsoft Project Portfolio Server 2007
    • Microsoft Project Server 2007
    Revisions
    • V1.0 (April 8, 2008): Bulletin published.
    • V1.1 (April 9, 2008): Bulletin updated to add Microsoft Project 2003 Service Pack 3 to the Non-Affected Software table, to add a link to Microsoft Knowledge Base Article 950183 in Known Issues, and to add a section for Microsoft Project 2003 Service Pack 3 to the FAQ.
    • V1.2 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2. Updated Microsoft Baseline Security Analyzer and Systems Management Server tables to match the Affected Software table.

    Released 03/11/08 Updated 3/26/08

    MS08-017 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

    Maximum Severity Rating: Critical

    Affected Component\Office Suite and other Software:
    • Microsoft Office Web Components 2000
      • Microsoft Office 2000 Service Pack 3
      • Microsoft Office XP Service Pack 3
      • Visual Studio .NET 2002 Service Pack 1
      • Visual Studio .NET 2003 Service Pack 1
      • Microsoft BizTalk Server 2000
      • Microsoft BizTalk Server 2002
      • Microsoft Commerce Server 2000
      • Internet Security and Acceleration Server 2000 Service Pack 2
    Non-Affected Software
    • Microsoft Works 8
    • Microsoft Works 9
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft BizTalk Server 2004
    • Microsoft BizTalk Server 2006
    • Microsoft Commerce Server 2000 Service Pack 1, Microsoft Commerce Server 2000 Service Pack 2, and Microsoft Commerce Server 2000 Service Pack 3
    • Microsoft Commerce Server 2002
    • Microsoft Commerce Server 2007
    • Internet Security and Acceleration Server 2004
    • Internet Security and Acceleration Server 2006
    REVISIONS
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated to reflect new download link for Microsoft Office Web Components 2000 for BizTalk Server 2000 and 2002. Also corrected the registry key for verifying the update for ISA Server.
    • V1.2 (March 26, 2008): Bulletin updated to add a finder for CVE-2006-4695.

    Released 03/11/08 Updated 4/16/08

    MS08-016 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

    Maximum Severity Rating: Critical

    Affected Office Suite and other Software:
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office Excel Viewer 2003
    • Microsoft Office 2004 for Mac
    Non-affected Software:
    • Microsoft Office 2003 Service Pack 3
    • Microsoft PowerPoint Viewer 2003
    • Microsoft Visio 2002 Service Pack 2
    • Microsoft Visio 2003 Viewer
    • Microsoft Word Viewer 2003
    • Microsoft Project 2000 Service Pack 1
    • Microsoft Project 2002 Service Pack 2
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Office 2008 for Mac
    Revisions
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also removed MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
    • V1.2 (March 26, 2008): Bulletin updated. Added MS07-025 as a replaced bulletin for Microsoft Office 2003 Service Pack 2.
    • V2.0 (April 16, 2008): Bulletin updated. Added Microsoft Office Word Viewer 2003 and Microsoft Office Word Viewer 2003 Service Pack 3 as affected software.

    Released 03/11/08 Updated 4/16/08

    MS08-015 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

    Maximum Severity Rating: Critical

    Affected Office Suite\Component:
    • Microsoft Office 2000 Service Pack 3\Outlook 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3\Outlook 2002 Service Pack 3
    • Microsoft Office 2003 Service Pack 2\Outlook 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3\Outlook 2003 Service Pack 3
    • 2007 Microsoft Office System
    Non-Affected Software
    • 2007 Microsoft Office System Service Pack 1\Outlook 2007 Service Pack 1
    Revisions
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also updated the vulnerability FAQs and the file information tables for Outlook 2000 and Outlook 2003.
    • V1.2 (March 26, 2008): Bulletin updated. Updated the file information table for Outlook 2000.
    • V1.3 (April 9, 2008): Bulletin updated. Added link to Microsoft Knowledge Base Article 949031 in Known Issues.
    • V1.4 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 03/11/08 Updated 4/16/08

    MS08-014 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

    Maximum Severity Rating: Critical

    Affected Office Suite\Component:
    • Microsoft Office 2000 Service Pack 3\Excel 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3\Excel 2002 Service Pack 3
    • Microsoft Office 2003 Service Pack 2\Excel 2003 Service Pack 2
    • 2007 Microsoft Office System\Excel 2007
    • Microsoft Office Excel Viewer 2003
    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
    • Microsoft Office 2004 for Mac
    • Microsoft Office 2008 for Mac
    Non-Affected Software\Component:
    • Microsoft Office 2003 Service Pack 3\Excel 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1\Excel 2007 Service Pack 1
    • Microsoft Works 8.0
    • Microsoft Works 8.5
    • Microsoft Works 9.0
    • Microsoft Works Suite 2005
    • Microsoft Works Suite 2006
    Revisions
    • V1.0 (March 11, 2008): Bulletin published.
    • V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update.
    • V2.0 (March 13, 2008): Bulletin updated. FAQ added about known issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3.
    • V3.0 (March 19, 2008): Bulletin updated. Added Excel Viewer 2003 Service Pack 3 and Compatibility Pack Service Pack 1 to non-affected software. Added FAQ about re-release to fix known issues relating to Excel 2003 Service Pack 2 or Service Pack 3. Updated the file name of the Excel 2003 update executable.
    • V3.1 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 02/12/08 Updated 4/16/08

    MS08-013 Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)

    Maximum Severity Rating: Critical

    Affected Software:
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office 2004 for Mac

    Non-Affected Software
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Excel Viewer 2003
    • Microsoft PowerPoint 2003 Viewer
    • Microsoft Visio 2003 Viewer
    • Microsoft Word Viewer 2003
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Office 2008 for Mac

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated to reflect that there are no known issues with installing this security update.
    • V1.2 (February 27, 2008): Bulletin updated to reflect the reason why this update cannot be uninstalled for Office XP and Office 2003.
    • V1.3 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 02/12/08 Updated 2/13/08

    MS08-012 Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)

    Maximum Severity Rating: Critical

    Office Suite and Affected Software:
    • Microsoft Office 2000 Service Pack 3
      • Microsoft Office Publisher 2000
    • Microsoft Office XP Service Pack 3
      • Microsoft Office Publisher 2002
    • Microsoft Office 2003 Service Pack 2
      • Microsoft Office Publisher 2003 Service Pack 2

    Non-Affected Software / Office Suite Application
    • 2007 Microsoft Office System
      • Microsoft Office Publisher 2007
    • 2007 Microsoft Office System Service Pack 1
      • Microsoft Office Publisher 2007 Service Pack 1
    • Microsoft Office 2003 Service Pack 3
      • Microsoft Office Publisher 2003 Service Pack 3
    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated to reflect that there are no known issues with installing this security update, and to list Microsoft Publisher 2003 Service Pack 2 (instead of Service Pack 3) in the MBSA and SMS tables under Detection and Deployment.

    Released 02/12/08 UPdated 4/16/08

    MS08-011 Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)

    Maximum Severity Rating: Important

    Office Suite and Affected Software:
    • Microsoft Office 2003 Service Pack 2
      • Microsoft Works 6 File Converter
    • Microsoft Office 2003 Service Pack 3
      • Microsoft Works 6 File Converter
    • Microsoft Works 8.0
      • Microsoft Works 6 File Converter
    • Microsoft Works Suite 2005
      • Microsoft Works 6 File Converter

      Non-Affected Software / Office Suite
      • Microsoft Works 8.5
      • Microsoft Works 9.0
      • Microsoft Works Suite 2006
      • 2007 Microsoft Office System
      • Microsoft Office 2000
      • Microsoft Office XP
      Revisions
      • V1.0 (February 12, 2008): Bulletin published.
      • V1.1 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

      Released 02/12/08 Updated 4/16/08

      MS08-010 Cumulative Security Update for Internet Explorer (944533)

      Maximum Severity Rating: Critical

      Affected Software / Operating System:
      • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
        • Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Internet Explorer 7
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      Non-Affected Software / Operating System:
      • Internet Explorer 7 on Windows Vista Service Pack 1 (all editions)
      • Internet Explorer 7 on Windows Server 2008 (all editions)

      Revisions
      • V1.0 (February 12, 2008): Bulletin published.
      • V1.1 (February 13, 2008): Bulletin revised to include Vista Service Pack 1 and Windows Server 2008 to the Non-Affected Software section. Known issues corrected.
      • V1.2 (February 27, 2008): Corrected the registry key verification path for Internet Explorer 6 for all supported x64-based editions of Windows Server 2003.
      • V1.3 (April 16, 2008): Corrected the uninstall utility path for Internet Explorer 6 for Windows XP.

      Released 02/12/08 Updated 4/16/08

      MS08-009 Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)

      Maximum Severity Rating: Critical

      Affected Office Suite / Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000 Service Pack 3
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002 Service Pack 3
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Word 2003 Service Pack 2
      • Microsoft Office Word Viewer 2003

    Non-Affected Software / Office Suite
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Office Word Viewer 2003 Service Pack 3
    • 2007 Microsoft Office System
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Office 2004 for Mac
    • Microsoft Office 2008 for Mac
    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (April 16, 2008): Bulletin updated: Added entry to Update FAQ to describe additional security features included for Microsoft Office 2003 Service Pack 2.

    Released 02/12/08 Updated 2/20/08

    MS08-008
    Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

    Maximum Severity Rating: Critical

    Affected Software / Operating System:
    • Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition
    • Microsoft Office 2004 for Mac
    • Microsoft Visual Basic 6.0 Service Pack 6

    Non-Affected Software / Operating System:
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    • Microsoft Office 2008 for Mac

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated: The security update for Visual Basic 6.0 Service Pack 6 (KB946235) now lists MS07-043 as a previous Bulletin that this update replaces.
    • V1.2 (February 20, 2008): Bulletin updated: Corrected the file timestamps for the security update for all supported 32-bit editions of Windows XP.

    Released 02/12/08 Updated 2/13/08

    MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)

    Maximum Severity Rating: Critical

    Affected Software / Operating System:
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Non-Affected Software / Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Revised the FAQ to emphasize the role of user interaction in how an attacker could exploit the vulnerability.

    Released 02/12/08 Updated 2/20/08

    MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

    Maximum Severity Rating: Important

    Affected Component / Operating System:
    • Microsoft Internet Information Services 5.1
      • Windows XP Professional Service Pack 2
    • Microsoft Internet Information Services 6.0
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

    Non-Affected Software / Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows Vista
    • Windows Vista x64 Edition
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)
    Revisions
    • V1.0 (February 12, 2008) Bulletin published.
    • V1.1 (February 20, 2008) Bulletin updated: update filenames changed in the file information table for all supported 32-bit editions of Windows XP.

    Released 02/12/08 Updated 2/13/08

    MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

    Maximum Severity Rating: Important

    Affected Component / Operating System:
    • Microsoft Internet Information Services 5.0
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Internet Information Services 5.1
      • Windows XP Professional Service Pack 2
    • Microsoft Internet Information Services 6.0
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Microsoft Internet Information Services 7.0
      • Windows Vista
      • Windows Vista x64 Edition
    Non-Affected Software / Operating System
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)

    Revisions
    • V1.0 (February 12, 2008) Bulletin published.
    • V1.1 (February 13, 2008) Bulletin updated: Corrected the download link reference for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 to reference Internet Information Services 6.0. The download link correctly directed customers to the IIS 6.0 update but the reference link incorrectly stated IIS 5.1.

    Released 02/12/08

    MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)

    Maximum Severity Rating: Important

    Affected Software / Operating System:
    • Windows Vista
    • Windows Vista x64 Edition

    Non-Affected Software / Operating System
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    • Windows Vista Service Pack 1 (all editions)
    • Windows Server 2008 (all editions)

    Released 02/12/08 Updated 2/13/08

    MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)

    Maximum Severity Rating: Important

    Affected Component / Operating System:
    • Active Directory
      • Microsoft Windows 2000 Server Service Pack 4
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • ADAM
      • Windows XP Professional Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

    Non-Affected Software / Operating System:
    • Windows Vista
    • Windows Vista Service Pack 1 (all editions)
    • Windows Vista x64 Edition
    • Windows Server 2008 (all editions)
    • Windows XP Home Service Pack 2
    • Windows XP Tablet Edition Service Pack 2
    • Windows XP Media Center Edition Service Pack 2
    • Windows 2000 Professional Service Pack 4

    Revisions
    • V1.0 (February 12, 2008): Bulletin published.
    • V1.1 (February 13, 2008): Bulletin updated to reflect the correct KB number in the Registry Key Verification section for all supported x64-based editions of Windows XP Professional with ADAM installed.

    Released 01/08/08

    MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
    Non-Affected Software/Operating System
    • Windows Vista
    • Windows Vista x64 Edition

    Released 01/08/08 Updated 1/25/08

    MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition
    Revisions
    • V1.0 (January 8, 2008): Bulletin published.
    • V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.
    • V3.0 (January 25 2008): This bulletin was revised to clarify the impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (CVE-2007-0069) on supported editions of Windows Small Business Server 2003 and Windows Home Server. Also included is an explanation and clarification that current Microsoft detection and deployment tools already correctly offer the update to systems running Windows Small Business Server 2003 and Windows Home Server.



    by MSeng See Profile
    last modified: 2008-04-22 21:17:19

    Although these ideas/concepts may seem second nature to many users, more and more newcomers make mistakes that are costing them time and aggravation. This guideline of simple practices might help save headaches in the future.

    • Always close as many running applications as possible before you install any software. One way is to right click icons that are listed on the task bar (lower right is default) and choose exit/close or disable. To be extra careful, clean boot the system and then close startup application before you install anything.
    • When installing or re-installing an operating system. Disconnect all peripherals except for the keyboard, mouse and Internet connection. Having peripherals connected can cause an install to hang or fail. Once you have installed the operating system and verified it is working correctly, add each peripheral one by one, verify they are working correctly and reboot in between each peripheral installation.
    • Never install software while your virus program is running. Disable your virus program using the method above. Don't worry, when you restart it will be enabled.
    • Whether it asks you to or not, always restart your computer (start-->shutdown or start-->restart) after you install something. In other words, if you install three things, restart after each one.
    • If you do not consider yourself an intermediate or advanced user, avoid installing Beta software.
    • Backup your registry and anything else you may need/want or desire before installing any software or drivers. If your software supports it, set a system restore point or image your drive. If the software you are going to install is not the original CD or floppy, be wary.
    • Always run virus protection for general use and keep it updated. ALWAYS have it set to scan downloads and do NOT trust any attachments even from people you know. Self propagating viruses will come from people who have you in their address book, therefore, they know you and you probably know them.
    • Keep your startup programs limited to the ones you use. Although you can use MSCONFIG to determine what is starting up at logon (and disabled using the tool), the correct method is to disable it through the program itself.
    • Make backups! Although you may have no problems with anything on your computer, a hard drive crash can happen without warning. A hard drive is a mechanical device and mechanical devices break.
    • Never unplug or plug a keyboard or mouse (ps2) when the system is turned on. Some even prefer to power down for any plugging and unplugging (except the occasional USB)
    • Use a good surge protector or battery backup. It makes no sense to spend $2,000 dollars on a computer and plug it into a $3 dollar surge protector. You also need to protect your Cable or DSL connection.
    • Even if you have a surge or battery backup, shutdown during thunder and lightening storms. Why take the chance? If you really want to be safe, unplug everything connected to power, telephone and cable.
    • Be careful when running Windows update. Windows may tell you a driver update is needed that is older than the driver installed. You may want to create a restore point or registry backup prior to downloading driver updates. Reboot after they are installed and check to make sure they are installed properly. Different OS's require different measures. In XP you can choose to just "roll back the driver" Other OS's may not be as forgiving. If you're not sure what to do and your machine is working fine, don't do it. In other words, "if it ain't broke . . . "
    • Check for errors and defragment your hard drive. If you are not running specific software that does this, go to my computer right click your hard drive and click tools. Disable virus software before you do it!
    • Keep the vent/fan opening clean. The more airflow, the cooler the system. Cool is good. Maintain your equipment by keeping it clean. This includes monitors, keyboards, CPU, and peripherals.
    • Clear the cache files in your browser.If you have a broadband connection, then set the maximum amount to a lower value and check for a new version EVERY visit to the page. You may want to set this amount according to your downloads. If you download very large files, you may want to set it higher.
    • Clear your temp files. Do a search for *.tmp and delete everything that is more than one day old.
    • Keep important disks in a common place and in good/clean condition. Nothing is worse than not finding the disk you need when you need it, or finding it and it is badly scratched.
    • Keep floppy disks away from cordless telephones, cell phones and any magnetic devices including your monitor!
    • Save work in progress as you go along. Either set your programs to autosave work after a few minutes or do a manual save. There is nothing worse than spending a few hours working on a spreadsheet or a document or any kind of file and then have a system crash right before you finish.
    • Be careful who you take advice from. Everyone has a friend who is a computer genius. Most of those computer geniuses are the people who keep the real computer geniuses in business.
    • Use the Add/Remove programs feature in Control Panel to remove unwanted programs. Do not delete a folder with the program in it as a way of uninstalling. If you don't know what it is, DO NOT delete it. You may not even want to touch it :-)
    • Some people using a Wireless connection 802.11B (2.4GHZ) and a 2.4GHZ cordless phone could experience intermittent losses of connection.
    • Use a registry cleaning program to keep your registry clean. Always backup it up first:-)
    • Make rescue disks for your antivirus (sans XP), partition programs, etc.Rescue disks can save you on many occasions
    • Keep a Windows 98 or ME startup/boot disk handy.
    • Do not enable the guest account in WINNT, WIN2K, or WINXP
    • When connected to the net, use of a firewall is very highly recommended, either hardware, software or both. Keep in mind that Internet and network problems can occur if a firewall is not configured properly or if it malfunctions.
    • Avoid editing work from floppy disks. Copying the file to your drive will enable you to work faster and will also keep the original copy intact if something happens.
    • If you install a lot of programs, organize them by folders, e.g., Games, Utilities, Security, etc. It will help you find them easier and improve ease of maintenance. If you have the knowledge, putting games, music, pictures, etc. on a separate drive from the operating system is good practice. If you decide to do it, pay close attention to how you name and use your folders. For a more advanced approach you can install programs that do no make registry entries (dlls and the like) on a separate drive or partition. This way if you have a system crash on your main drive/partition, they will still be intact after a reinstall.
    • Keep your CPU steady, don't move it around or shove it into place. The hard drive read heads sit a couple of microns away from the disk. A good shove can crash your drive. Also, moving your CPU often can loosen connections and cause intermittent problems.
    • Turn off screen savers before installing large programs, burning CDs or defragmenting. Better yet, defrag in safe mode.
    • Be careful using disk compression utilities, they can cause trouble as well as take a VERY long time to uncompress.
    • Finally if all else fails: READ THE MANUAL.


    FYI, you can view the thread where these tips originated by clicking this link:Rules of thumb so we don't look dumb. :-).



    by eineyANDasia See Profile edited by MSeng See Profile
    last modified: 2003-02-11 20:36:35

    Microsoft has accumulated links to additional web pages for keyboard shortcuts in all of their major products at the following site:

    Keyboard Assistance

    by MSeng See Profile
    last modified: 2004-09-15 18:15:53

    What's it for? Ever had a "component not found" error come up when attempting to use an application? That's one of the things it is for - to help fix that.

    Available at »support.microsoft.com/default.as···s;290301
    Works on: Windows 95, 98, ME, 2000, XP, 2003 Server and NT/SP4 or later.

    Microsoft says:
    You can use the Windows Installer Clean Up Utility to remove Windows Installer
    settings from your computer if a problem occurs. Although Windows Installer is
    designed to be very robust, Windows Installer can become damaged if any of the
    following issues occurs:

    - Your computer's registry becomes corrupted.

    - You or someone else inadvertently changes a registry setting that is
    used by Windows Installer and that causes a problem.

    - The installation of a program that uses Windows Installer (for
    example, Microsoft Office 2000) is interrupted.

    - There are multiple instances of Setup running at the same time, or
    an instance of Setup is "blocked."

    I discovered an additional situation that was repaired using this Utility. After a mirroring of a drive from a smaller to larger drive, I encountered major problems with Microsoft Office 2003, which is detailed in this thread »511735.MAINSP1op.msp Not Found

    Apparently others have had the same problem under similar circumstances after using both Maxtor's MaxBlast and Western Digital's DataLife tools during the installation of a replacement hard drive.

    Typically you attempt a repair installation of the application but sometimes that doesn't help. The problem can be that the registry and other installation information is telling the installer that nothing is wrong.

    The program is only usable with programs that were installed using the Windows Installer. That pretty much covers the entire Microsoft line of applications.

    After using the Cleanup Utility you will most likely have to reinstall the application because while the files are still on your hard drive, all of the installation and registry information about it will have been deleted.

    HOW TO USE IT:
    Download and install the utility to your hard drive (it will not run properly from a floppy disk). Run the program and it will display a list of applications that can be cleaned up with it. Choose the application that has given you troubles and then reinstall that application from source to the same folder that it was originally installed to. This will prevent wasting disk space with two copies of the same application - one of which would be totally unused.

    After reinstalling the application be sure and check with the Microsoft site for updates to the application, as any you've applied in the past will most likely be lost during the reinstallation of the application. When I used this tool to fix Office 2003 Professional, I did not have to re-activate the application.

    by 2kmaro See Profile edited by MSeng See Profile
    last modified: 2005-12-19 19:35:03

    Yes. The Windows Update site includes the Windows Catalog tool. From this site you can select the OS of your choice and search the entire catalog for all updates, patches, service packs that have been released to date.

    Information on the procedure, along with helpful hints and tips can be found from the Microsoft Help Forum thread link below. Note - although the thread originated because of a question on the Windows 98 system, the procedures will apply for any OS.

    How to Download & Save Updates

    by Ugly See Profile edited by MSeng See Profile
    last modified: 2002-12-11 19:39:03

    These can be found at either the DirectX Downloads page or MSDN (DirectX).

    Feedback received on this FAQ entry:
    • Links don't work.

      2007-10-28 12:31:05 (Alcohol See Profile)



    by MSeng See Profile
    last modified: 2007-10-28 13:01:11

    Go to THIS THREAD.

    Download the file REST2514.zip. This free tool will allow you to undelete files in DOS, Windows 95, 98, 98SE, ME, 2000, and XP even if they have been emptied from the recycle bin.

    To use it, simply enter a partial filename or extension. The program will search the entire hard drive for a match to your search request.

    This utility is not guaranteed to work successfully every time. See technical explanation below for further information.

    Technical Explanation:
    The reason this utility works is that Windows only removes the entry in the File Allocation Table (FAT) when you request that the file be deleted. Windows does not actually delete the file data from the hard drive. However, once the FAT entry has been removed, other files can be placed in the physical location on the disk where old files once were designated to be. Therefore, the ability to recover any given file is dependent on many factors, including the amount of disk activity since the accidental deletion, the physical location of the file on the disk, disk fragmentation, and other factors.

    Good luck in recovering your file(s)!

    by MacGyver See Profile edited by MSeng See Profile
    last modified: 2003-08-26 20:11:24

    Have you ever had one of them "can't find something.dll" messages?

    You know how frustrating tracking down the right DLL may be then, this is a Microsoft Database that allows you to enter a Microsoft DLL name, it will give you a complete description of the DLL as well as to where on the CD it's located to get a new copy.

    DLL Help Database

    by fire100_old See Profile edited by MSeng See Profile
    last modified: 2003-02-01 17:58:27

    A: Yes. The Microsoft Product Support Services site has a page that lists the Service packs for Windows(9X,NT,2000,XP), Internet Explorer, Office....etc. To obtain info or download particular service packs, click the following link:

    Service Packs

    by Bubba See Profile edited by MSeng See Profile
    last modified: 2003-08-15 22:57:29

    Q1. What is virtual memory?
    Contrary to what some people might tell you, virtual memory doesnt mean disk. Its a bit more subtle than that. Programs see nothing but virtual memory. Sometimes pieces of the virtual memory are held in real memory, sometimes theyre held on the disk, and sometimes theyre nowhere, because no-ones looked at them yet, even though theyre virtually there. The point is that the program does not know the difference; its just memory. Or at least, it behaves as if it were memory, which is why its called virtual memory.

    Q2. Why have virtual memory?
    Virtual memory removes the limitations imposed by a fixed-size RAM. Adding more RAM is no longer a way to allow you to run bigger programs; theres no such limit. Adding RAM has become a way to make your system run faster (up to a point), because there will be less shuffling between disk and RAM.

    Q3. Where is the virtual memory stored on disk?
    Which is to say, where is the content of a piece of virtual memory stored when its not held in RAM? It has to be kept somewhere; the system cant just forget about it. Some data (e.g., program instructions) came into memory from the program .exe file, and wont have been changed. So, theres already a copy on disk (in the .exe file) and we dont need any other copy. Other data (e.g., working results) must be written out to a file called the page file that exists for exactly this purpose. Its called the page file, by the way, since virtual memory is considered to be divided into pages (4096 bytes on Intel PCs). In Windows XP, there can be more than one page file, on different disks. Each one is called pagefile.sys.

    Q4. How big should my page file be?
    I dont know. It depends. What it actually depends on is how many programs you run at the same time, how large those programs are, and things like that. What it doesnt depend on is the size of your RAM. Remember how I said the memory contents were either held in RAM or in the page file (approximately speaking)? It follows that if more RAM is added, youll have more room in RAM, so youll need less space in the page file, and not more.

    Many people, including Microsoft, tell you something like one and a half times the size of RAM in answer to this question. Theyre wrong. Perhaps this was a good rule of thumb when memory was expensive, but it no longer is, but the old rule is being repeated with no reasoning behind it.

    On the other hand, theres no need to spend a lot of time worrying about this. Theres no real penalty for having too large a page file; disk space is so cheap. And if you make it too small, then eventually youll get a message telling you youre running low on virtual memory, at which time you can make the page file larger. Either way, nothing really bad happens.

    My advice would be to allocate a 500 or 600MB page file, fixed size (minimum = maximum). I do it that way because I dont see any benefit in giving Windows the ability to extend the page file; its easy enough to just make the file larger in the first place.

    Q5. Who invented this idea, anyway?
    Tom Kilburn and his team at Manchester University (link), somewhere around 1959 or 1960.

    Q6. Where else can I read about virtual memory in Windows XP?
    This is a good page: Virtual Memory in Windows XP
    and another: RAM, Virtual Memory, Pagefile and all that stuff

    Feedback received on this FAQ entry:
    • Hi, two links on this page are dead: the "Virtual Memory in Windows XP" link and the "RAM, Virtual Memory, Pagefile and all that stuff" link. Thanks for sharing this page, which I found useful.

      2013-11-13 15:21:28



    by dave See Profile edited by Kramer See Profile
    last modified: 2005-10-31 08:47:04

    Visit this Microsoft Link for details.

    by acehyde See Profile edited by MSeng See Profile
    last modified: 2006-02-07 15:13:49

    If you inadvertently removed the Show Desktop tab from your Quick Launch bar and want to get it back, open Notepad and copy\paste the following text:

    [Shell]
    Command=2
    IconFile=explorer.exe,3
    [Taskbar]
    Command=ToggleDesktop

    Save the new file as Show Desktop.scf then drag and drop the icon on the Quick Launch bar.
    If you are generally a lazy person, then MS MVP Kelly Theriot has a fix which will restore the Show Desktop icon. This should work for all Windows versions.

    Kelly's Korner - Restore/Add Show Desktop to Quick Launch Bar. (Line 61 - Right-Hand Column).

    by trinity0 See Profile edited by MSeng See Profile
    last modified: 2003-08-29 21:22:29

    Some of the most common fixes related to Windows Update problems are caused by the following:
    Any time you visit WU, a log file is appended with details. If you run into problems, then find the Windows Update.log file (use the search function of your OS to locate the file, usually found under the Windows directory) and find the Error Code referenced. Note! - additional information on the Log file contents can be found in this MSKB article: How to read the Windowsupdate.log file. Then use the Windows Update Troubleshooter specific to the version you are using to help you find the solution.Often times, people have trouble getting to the Update site by using the link built into the browser (Tools-->Windows Update). Before you panic, try the site by using this link - Version 4, Version 5 or Version 6.

    by Bubba See Profile edited by MSeng See Profile
    last modified: 2005-07-14 21:38:53

    There is probably nothing wrong. Imagine a world where a "foot" was 12 inches to one person and 11 to another. The only thing common to the two people with yard sticks would be the size of the inch. Their yard sticks placed side to side would be different. There are two gigabytes, two megabytes, and two kilobytes, each meaning something slightly different then its counterpart. It so happens that 2 ^10th power is almost 1000 (it's 1024) and 2 ^20th power is almost 1 million (it's 1,048,576) and 2 ^30th power is almost 1 billion ( it's 1,073,741,824). A kilobyte is 1000 bytes to person counting in decimal and 1024 bytes to a person using the binary representations. The only thing common to the two measurement systems is the size of a byte.

    Your operating system uses both binary and decimal representations of hard drive space depending on where you look. The hard drive manufacturers use the decimal representation. I've seen people complain that HD manufacturers are using the most beneficial numbers to rate their products, but I don't agree with this. If you use the decimal system you know exactly how many bytes your hard drive will hold without having to think about it. If you use the binary representation, you have to do a calculation to figure the exact number of bytes your hard drive will hold.

    Lets use the example of an 80 gigabyte hard drive. A typical 80 gig will have 80,048,390,144, but Windows will report that as 74.5GB in some places. If we calculate 80,048,390,144/1,048,576 we get roughly 74.55, (binary) gigabytes. A 160 GB drive would be 160,000,000,000/1,073,741,824 or 149.0116119 (binary) gigabytes. To get the values in (binary) megabytes simply divide by 1,048,576.

    Check out VKRs faq on the same subject in the hardware forum... »Hardware Forum FAQ »Why does my 15g drive get reported as 13.9g?

    by Kramer See Profile
    last modified: 2004-05-24 00:47:37

    This FAQ will be updated as bulletins are released throughout the year.

    Notes:
    Released 12/11/07

    MS07-069 Cumulative Security Update for Internet Explorer (942615)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
      • Windows 2000 Service Pack 4

    • Internet Explorer 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Internet Explorer 7
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition

    Released 12/11/07

    MS07-068 Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Windows Media Format Runtime 7.1
      • Microsoft Windows 2000 Service Pack 4
    • Windows Media Format Runtime 9
      • Windows 2000 Service Pack 4
      • Windows Media Format Runtime 9 (KB941569)
      • Windows XP Service Pack 2
    • Windows Media Format Runtime 9.5
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Media Format Runtime 9.5 x64 Edition
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Media Format Runtime 11
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition
    • Windows Media Services 9.1
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    Non-Affected Software
  • Windows Media Player 6.4 when installed on Microsoft Windows 2000
  • Windows Media Player 6.4 when installed on Windows XP
  • Windows Media Player 6.4 when installed on Windows Server 2003
  • Windows Media Services 4.1 when installed on Microsoft Windows 2000
  • Microsoft Windows 2003 For Itanium-Based Systems and Windows Server 2003 with SP1 for Itanium-based Systems

Released 12/11/07

MS07-067 Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

Maximum Severity Rating: Important

Affected Software/Operating System:
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Non-Affected Software
  • Microsoft Windows 2000 Service Pack 4
  • Windows Server 2003 for Itanium-based Systems
  • Windows Vista
  • Windows Vista x64 Edition

Released 12/11/07

MS07-066 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

Maximum Severity Rating: Important

Affected Software/Operating System:
  • Windows Vista
  • Windows Vista x64 Edition
Non-Affected Software
  • Microsoft Windows 2000 Service Pack 4
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based systems
  • Windows Server 2003 x64 Edition and Windows Server x64 Edition Service Pack 2

Released 12/11/07

MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)

Maximum Severity Rating: Important

Affected Software/Operating System:
  • Microsoft Windows 2000 Server Service Pack 4 and Microsoft Windows 2000 Professional Service Pack 4
  • Windows XP Service Pack 2
Non Affected Software
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista
  • Windows Vista x64 Edition

Released 12/11/07

MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

Maximum Severity Rating: Critical

Affected Software/Operating System:
  • DirectX 7.0 and DirectX 8.1
    • Microsoft Windows 2000 Service Pack 4
  • DirectX 9.0c
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
  • DirectX 10.0
    • Windows Vista
    • Windows Vista x64 Edition

Released 12/11/07

MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

Maximum Severity Rating: Important

Affected Software/Operating System:
  • Windows Vista
  • Windows Vista x64 Edition
Non-Affected Software
  • Microsoft Windows 2000 Service Pack 4
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

Released 11/13/07

MS07-062 Vulnerability in DNS Could Allow Spoofing (941672)

Maximum Severity Rating: Important

Affected Software/Operating System:
  • Microsoft Windows 2000 Server Service Pack 4
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

Non-Affected Software
  • Microsoft Windows 2000 Professional Service Pack 4
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Vista
  • Windows Vista x64

Released 11/13/07

MS07-061 Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

Maximum Severity Rating: Critical

Affected Software/Operating System:
  • Windows XP Service Pack 2
  • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows 2003 Server x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems
Non-Affected Software
  • Microsoft Windows 2000 Service Pack 4
  • Windows Vista
  • Windows Vista x64
    Released 10/9/07 Updated 10/17/07

    MS07-060 Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Microsoft Word 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2004 for Mac

    Non-Affected Software
    • Microsoft Office 2003 Service Pack 2
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office system

    Revisions
    • V1.0 (October 9, 2007): Bulletin published.
    • V1.1 (October 10, 2007): Bulletin updated: Hyperlink updated for the Microsoft Mactopia Web site to the correct download location of the 11.3.8 Update in the "Deployment Information" section.
    • V1.2 (October 17, 2007): Bulletin updated: Vulnerability FAQ updated to explain the nature of the update and plans for addressing similar stability issues.

    Released 10/9/07

    MS07-059 Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows SharePoint Services 3.0
      • Windows Server 2003 Service Pack 1
      • Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Office SharePoint Server 2007
    • Microsoft Office SharePoint Server 2007 x64 Edition

    Released 10/9/07 Updated 10/10/07

    MS07-058 Vulnerability in RPC Could Allow Denial of Service (933729)

    Maximum Severity Rating: Important

    Affected Software/Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Revisions
    • V1.0 (October 9, 2007): Bulletin published.
    • V1.1 (October 10, 2007): Updating bulletin to show XP professional x64 Edition Service Pack 2 as affected software.

    Released 10/9/07 Updated 10/10.07

    MS07-057 Cumulative Security Update for Internet Explorer (939653)

    Maximum Severity Rating: Critical

    Affected Software/Operating System:
    • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Internet Explorer 7
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition
    Revisions
    • V1.0 (October 9, 2007): Bulletin published.
    • V1.1 (October 10, 2007): Bulletin revised to correct the "What does the update do?" section for CVE-2007-3893.

    Released 10/9/07 Updated 10/10.07

    MS07-056 Security Update for Outlook Express and Windows Mail (941202)

    Maximum Severity Rating: Critical

    Affected Component/Operating System:
    • Outlook Express 5.5 Service Pack 2
      • Microsoft Windows 2000 Service Pack 4
    • Outlook Express 6 Service Pack 1
      • Microsoft Windows 2000 Service Pack 4
    • Microsoft Outlook Express 6
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1
      • Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Mail
      • Windows Vista
      • Windows Vista x64 Edition
    Revisions
    • V1.0 (October 09, 2007): Bulletin published.
    • V2.0 (October 10, 2007): Bulletin revised to include Windows XP Professional x64 Edition in the "Affected Software" section; Known Issues set to none; Corrected missing file information to the bulletin text for Outlook Express 6.0 Service Pack 1 on Windows 2000 Service pack 4 and Outlook Express 5.5 Service Pack 2 on Windows 2000 Service pack 4.

    Released 10/9/07

    MS07-055 Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

    Maximum Severity Rating: Critical

    Affected Operating System:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    Non-Affected Operating System
    • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista
    • Windows Vista x64 Edition

    Released 09/11/07 Updated 9/12/07

    MS07-054 Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)

    Maximum Severity Rating: Important

    Affected Operating System/Software:
    • Microsoft Windows 2000 Service Pack 4
      • MSN Messenger 6.2
      • MSN Messenger 7.0
    • Windows XP Service Pack 2
      • MSN Messenger 6.2
      • MSN Messenger 7.0
      • MSN Messenger 7.5
      • Windows Live Messenger 8.0
    • Windows XP Professional x64 Edition
      • MSN Messenger 6.2
      • MSN Messenger 7.0
      • MSN Messenger 7.5
      • Windows Live Messenger 8.0
    • Windows XP Professional x64 Edition Service Pack 2
      • MSN Messenger 6.2
      • MSN Messenger 7.0
      • MSN Messenger 7.5
      • Windows Live Messenger 8.0
    • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5W
    • Windows Live Messenger 8.0
  • Windows Server 2003 x64 Edition
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
  • Windows Server 2003 x64 Edition Service Pack 2
    • MSN M
      Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
  • Windows Vista
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
  • Windows Vista x64 Edition
    • MSN Messenger 6.2
    • MSN Messenger 7.0
    • MSN Messenger 7.5
    • Windows Live Messenger 8.0
    Non-Affected Software/Operating System:
    • MSN Messenger 7.0.0820
      • Microsoft Windows 2000 Service Pack 4
    • Windows Live Messenger 8.1
      • Windows XP Service Pack 2
      • Windows Live Messenger 8.1
      • Windows XP Professional x64 Edition
      • Windows Live Messenger 8.1
      • Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition
    Revisions
    • V1.0 (September 11, 2007): Bulletin published
    • V1.1 (September 12, 2007): Download center links added to Affected Software table for upgrading to Windows Live Messenger 8.1.

    Released 09/11/07 Updated 9/19/07

    MS07-053 Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

    Maximum Severity Rating: Important

    Affected Component/Operating System:
    • Windows Services for UNIX 3.0
      • Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Windows Services for UNIX 3.5
      • Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    • Subsystem for UNIX-based Applications
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Window Vista
      • Windows Vista x64 Edition
      Non-affected Software
      • Windows Services for UNIX 1.0
      • Windows Services for UNIX 2.0
      • Windows Services for UNIX 2.1
      • Windows Services for UNIX 2.2
      Revisions
      • V1.0 (September 11, 2007): Bulletin published.
      • V1.1 (September 19, 2007): Bulletin revised to correct table information for the SMS detection and deployment summary for this security update. SMS 2003 Software Update Services (SUS) can detect this security update with EST. If a previous version of the Extended Security Update Inventory Tool has been installed on SMS, it will need to be upgraded with the current version of the tool to enable detection of this security update.

      Released 09/11/07 Updated 9/19/07

      MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)

      Maximum Severity Rating: Critical

      Affected Software/Edition:
      • Visual Studio .NET 2002 Service Pack 1
        • Microsoft Visual Studio .NET Enterprise Architect
        • Microsoft Visual Studio .NET Enterprise Developer
        • Microsoft Visual Studio .NET Professional
      • Visual Studio .NET 2003
        • Microsoft Visual Studio .NET Enterprise Architect 2003
        • Microsoft Visual Studio .NET Enterprise Developer 2003
        • Microsoft Visual Studio .NET Professional 2003
      • Visual Studio .NET 2003 Service Pack 1
        • Microsoft Visual Studio .NET Enterprise Architect 2003
        • Microsoft Visual Studio .NET Enterprise Developer 2003
        • Microsoft Visual Studio .NET Professional 2003
      • Visual Studio 2005
        • Microsoft Visual Studio 2005 Professional Edition
        • Microsoft Visual Studio 2005 Team Edition for Software Architects
        • Microsoft Visual Studio 2005 Team Edition for Software Developers
        • Microsoft Visual Studio 2005 Team Suite
        • Microsoft Visual Studio 2005 Team Edition for Software Testers
      • Visual Studio 2005 Service Pack 1
        • Microsoft Visual Studio 2005 Professional Edition
        • Microsoft Visual Studio 2005 Team Edition for Software Architects
        • Microsoft Visual Studio 2005 Team Edition for Software Developers
        • Microsoft Visual Studio 2005 Team Suite
        • Microsoft Visual Studio 2005 Team Edition for Software Testers
      Non-Affected Software
      • Microsoft Office Outlook 2003 with Business Contact Manager
      • Microsoft Office Outlook 2007 with Business Contact Manager
      Revisions
      • V1.0 (September 11, 2007): Bulletin published.
      • V1.1 (September 19, 2007): Bulletin updated: The executable filename for Visual Studio 2003 Service Pack 1 has been correctly updated to VS7.1sp1-KB937059-x86-INTL in the corresponding Reference Table under Security Update Deployment.

      Released 09/11/07 Updated 9/12/07

      MS07-051 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)

      Maximum Severity Rating: Critical

      Affected Operating System:
      • Microsoft Windows 2000 Service Pack 4
      Non-Affected Software
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition
      Revisions
      • V1.0 (September 11, 2007): Bulletin published.
      • V1.1 (September 12, 2007): Bulletin updated to include FAQ as to why up-level platforms are not affected by the vulnerability addressed by this bulletin.

      Released 08/14/07 Updated 8/22/07

      MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

      Maximum Severity Rating: Critical

      Affected Software/Operating System:
      • Microsoft Internet Explorer 5.01 Service Pack 4
        • Microsoft Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 Service Pack 1
        • Microsoft Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Internet Explorer 7
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      Revisions
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 15, 2007): Bulletin revised to correct file information for Microsoft Internet Explorer 7 for Windows 2003.
      • V1.2 (August 22, 2007): Bulletin revised to correct Registry Key Verification for Internet Explorer 7 for all supported 32-bit editions, 64-bit editions, and Itanium-based editions of Windows Server 2003.

      Released 08/14/07

      MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Virtual PC 2004
      • Microsoft Virtual PC 2004 Service Pack 1
      • Microsoft Virtual Server 2005 Standard Edition
      • Microsoft Virtual Server 2005 Enterprise Edition
      • Microsoft Virtual Server 2005 R2 Standard Edition
      • Microsoft Virtual Server 2005 R2 Enterprise Edition
      • Microsoft Virtual PC for Mac Version 6.1
      • Microsoft Virtual PC for Mac Version 7
      Non-Affected Software:
      • Microsoft Virtual PC 2007
      • Microsoft Virtual Server 2005 R2 Service Pack 1

      Released 08/14/07

      MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

      Maximum Severity Rating: Important

      Affected Operating Systems:
      • Windows Vista
      • Windows Vista x64 Edition

      Released 08/14/07 Updated 9/19/07

      MS07-047 Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

      Maximum Severity Rating: Important

      Affected Component/Operating Systems:
      • Windows Media Player 7.1
        • Windows 2000 Service Pack 4
      • Windows Media Player 9
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
      • Windows Media Player 10
        • Windows XP Service Pack 2<
        • Windows XP Professional X64 Edition
        • Windows XP Professional X64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1
        • Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition
        • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Media Player 11
        • Windows XP Service Pack 2
        • Windows XP Professional X64 Edition
        • Windows XP Professional X64 Edition Service Pack 2
        • Windows Vista
        • Windows Vista x64 Edition
      Revisions
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 29, 2007): Bulletin revised to correct Registry Key Verification for Windows Media Player 7.1, 9, 10, and 11 on supported editions of Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows XP Service Pack 2 and x64 Editions.
      • V1.2 (September 19, 2007): Bulletin revised to correct file information when installing without user intervention, installing without restarting, and removal Information for Windows Media Player 7.1, 9, 10, and 11 on supported editions of Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows XP Service Pack 2 and x64 Editions.

      Released 08/14/07 Updated 8/29/07

      MS07-046 Vulnerability in GDI Could Allow Remote Code Execution (938829)

      Maximum Severity Rating: Critical

      Affected Software/Operating Systems:
      • Microsoft Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition
      • Windows Server 2003 Service Pack 1
      • Windows Server 2003 x64 Edition
      • Windows Server 2003 with SP1 for Itanium-based Systems
      Non-Affected Software
      • Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition
      Revisions
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 29, 2007): Bulletin Updated: Additional information has been added to include workarounds for this vulnerability.

      Released 08/14/07 Updated 10/10/07

      MS07-045 Cumulative Security Update for Internet Explorer (937143)

      Maximum Severity Rating: Critical

      Affected Software/Operating Systems:
      • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
        • Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Internet Explorer 7
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      Revisions:
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 22, 2007): Bulletin revised to correct Registry Key Verification for Internet Explorer 7 for all supported 32-bit editions, 64-bit editions, and Itanium-based editions of Windows Server 2003.
      • V1.2 (August 29, 2007): Bulletin revised to document the functionality change of increasing the limit on cookies from 20 to 50.
      • V1.3 (October 10, 2007): Bulletin revised to correct the name of an affected file in the bulletin text only.

      Released 08/14/07 Updated 8/29/07

      MS07-044 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

      Maximum Severity Rating: Critical

      Office Suite and other Affected Software:
      • Microsoft Office 2000 Service Pack 3
      • Microsoft Office XP Service Pack 3
      • Microsoft Office 2003 Service Pack 2
      • Microsoft Office 2004 for Mac
      Revisions:
      • V1.0 (August 14, 2007): Bulletin published.
      • V1.1 (August 29, 2007): Bulletin updated to change the download link display text for Office components in the Affected Software table.

      Released 08/14/07

      MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

      Maximum Severity Rating: Critical

      Affected Software/Component:
      • Windows 2000 Service Pack 4
      • Windows XP Service Pack 2
      • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
      • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
      • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
      • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Office 2004 for Mac
      • Microsoft Visual Basic 6.0 Service Pack 6 (KB924053)
      Non-Affected Software
    • Windows Vista
    • Windows Vista x64 Edition
      Released 08/14/07 Updated 9/27/07

      MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

      Maximum Severity Rating: Critical

      Affected Software/Component:
      • Microsoft XML Core Services 3.0
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1
        • Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition
        • Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems
        • Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      • Microsoft XML Core Services 4.0
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      • Microsoft XML Core Services 5.0
        • Microsoft Office 2003 Service Pack 2
        • 2007 Microsoft Office System
        • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
        • Microsoft Expression Web
        • Microsoft Office SharePoint Server
        • Microsoft Office Groove Server 2007
      • Microsoft XML Core Services 6.0
        • Windows 2000 Service Pack 4
        • Windows XP Service Pack 2
        • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
        • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
        • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
        • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
        • Windows Vista
        • Windows Vista x64 Edition
      • Microsoft XML Core Services 5.0
          <
          Revisions:
          • V1.0 (August 14, 2007): Bulletin published.
          • V1.1 (August 15, 2007): Bulletin updated: Corrected file manifest information for Microsoft XML Core Services 4.0.
          • V2.0 (September 27, 2007): Bulletin updated: Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Expression Web as affected products. The Bulletin has also been updated to inform customers that a potential reliability issue exists in applications that have installed Microsoft XML Core Services 4.0 on Windows Vista, which can be addressed by applying the download available in Microsoft Knowledge Base Article 941833.

          Released 07/10/07

          MS07-041 Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)

          Maximum Severity Rating: Important

          Affected Software/Component:
          • Windows XP Professional Service Pack 2/Microsoft Internet Information Services (IIS) 5.1

          Non-Affected Software:
          • Windows 2000 Service Pack 4
          • Windows XP Home Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Windows Vista
          • Windows Vista x64 Edition

          Released 07/10/07

          MS07-040 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)

          Maximum Severity Rating: Critical

          Affected Software/Component:
          • Microsoft .NET Framework 1.0
            • Windows 2000 Service Pack 4
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
            • Windows Vista
          • Microsoft .NET Framework 1.1
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
            • Windows Vista
            • Windows Vista x64 Edition
          • Microsoft .NET Framework 2.0
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows XP Tablet PC Edition 2005 and Windows XP Media Center Edition 2005
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
            • Windows Vista
            • Windows Vista x64 Edition

          Non-Affected Software/Component:
          • Microsoft .NET Framework 3.0
            • Windows XP Service Pack 2
            • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
            • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
            • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2,li>Windows Vista
            • Windows Vista x64 Edition

          Released 07/10/07

          MS07-039 Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Windows 2000 Server Service Pack 4
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

          Non-Affected Software
          • Windows 2000 Professional Service Pack 4
          • Windows XP Service Pack 2,li>Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Vista
          • Windows Vista x64 Edition

          Released 07/10/07

          MS07-038 Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)

          Maximum Severity Rating: Moderate

          Affected Software:
          • Windows Vista
          • Windows Vista x64 Edition

          Released 07/10/07

          MS07-037 Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)

          Maximum Severity Rating: Important

          Office Suite and Other Affected Software:
          • 2007 Microsoft Office System/Microsoft Office Publisher 2007

          Non-Affected Office Suite Application
          • Microsoft Office 2000 Service Pack 3/Microsoft Publisher 2000
          • Microsoft Office XP Service Pack 3/Microsoft Publisher 2002,li>Microsoft Office 2003 Service Pack 2/Microsoft Publisher 2003

          Released 07/10/07

          MS07-036 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)

          Maximum Severity Rating: Critical

          Office Suite and Other Affected Software:
          • Microsoft Office 2000 Service Pack 3/Microsoft Excel 2000 Service Pack 3
          • Microsoft Office XP Service Pack 3/Microsoft Excel 2002 Service Pack 3
          • Microsoft Office 2003 Service Pack 2/Microsoft Excel 2003 Service Pack 2, Microsoft Excel 2003 Viewer
          • 2007 Microsoft Office System/Microsoft Office Excel 2007
          • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

          Released 06/12/07

          MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)

          Maximum Severity Rating: Critical

          Affected Software:
          • Windows 2000 Service Pack 4
          • Windows XP Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          Non-Affected Software
          • Windows Vista
          • Windows Vista x64 Edition

          Released 06/12/07 Updated 7/6/07

          MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123)

          Maximum Severity Rating: Critical

          Affected Software/Component:
          • Windows XP Service Pack 2/ Microsoft Outlook Express 6
          • Windows XP Professional x64 Edition/Microsoft Outlook Express 6
          • Windows XP Professional x64 Edition Service Pack 2/Microsoft Outlook Express 6
          • Windows Server 2003 Service Pack 1/Microsoft Outlook Express 6
          • Windows Server 2003 Service Pack 2/Microsoft Outlook Express 6
          • Windows Server 2003 x64 Edition/Microsoft Outlook Express 6
          • Windows Server 2003 x64 Edition Service Pack 2/Microsoft Outlook Express 6
          • Windows Server 2003 with SP1 for Itanium-based Systems/Microsoft Outlook Express 6
          • Windows Server 2003 with SP2 for Itanium-based Systems/Microsoft Outlook Express 6
          • Windows Vista/Windows Mail
          • Windows Vista x64 Edition/Windows Mail

          Non-Affected Software
          • Windows 2000 Service Pack 4/Outlook Express 5.5 Service Pack 2
          • Windows 2000 Service Pack 4/Outlook Express 6 Service Pack 1
          Revisions
          • V1.0 (June 12, 2007): Bulletin published.
          • V1.1 (June 12, 2007): Updated Affected Software section to remove Bulletins Replaced by This Update on Windows XP Professional x64 Edition Service Pack 2.
          • V1.2 (June 12, 2007): Updated registry key verification information for Outlook Express 6 in the Security Update Deployment section.
          • V1.3 (June 13, 2007): Updated the Microsoft Knowledge Base Article to reference KB Article 929123 in the Known Issues section.

          Released 06/12/07 Updated 6/13/07

          MS07-033 Cumulative Security Update for Internet Explorer (933566)

          Maximum Severity Rating: Critical

          Affected Software/Component:
          • Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1/Microsoft Windows 2000 Service Pack 4
          • Internet Explorer 6/Windows XP Service Pack 2, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Internet Explorer 7/Windows XP Service Pack 2, Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista x64 Edition
          Revisions
          • V1.0 (June 12, 2007): Bulletin published.
          • V1.1 (June 12, 2007): Bulletin Revised: CVE number corrected for Navigation Cancel Page Spoofing Vulnerability - CVE-2007-1499.
          • V1.2 (June 13, 2007): Bulletin Revised: Registry Key Verification corrected for Internet Explorer 6 Service Pack 1 on all supported editions of Microsoft Windows 2000 Service Pack 4; Removed duplicate text in Workarounds for COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0218 and Workarounds for Uninitialized Memory Corruption Vulnerability - CVE-2007-1751

          Released 06/12/07

          MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213)

          Maximum Severity Rating: Moderate

          Affected Software:
          • Windows Vista
          • Windows Vista x64 Edition

          Non-Affected Software
          • Windows 2000 Service Pack 4
          • Windows XP Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

          Released 06/12/07

          MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)

          Maximum Severity Rating: Critical

          Affected Software:
          • Windows 2000 Service Pack 4
          • Windows XP Service Pack 2
          • Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

          Non-Affected Software
          • Windows Vista
          • Windows Vista x64 Edition

          Released 06/12/07

          MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)

          Maximum Severity Rating: Important

          Affected Software:
          • Microsoft Visio 2002 Service Pack 2
          • Microsoft Office 2003
            • Microsoft Visio 2003 Service Pack 2

          Non-Affected Software:
          • 2007 Microsoft Office System
            • Microsoft Office Visio 2007

          Released 05/08/07 Updated 6/6/07

          MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Windows 2000 Server Service Pack 4
          • Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
          • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
          • Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2

          Non-Affected Software:
          • Microsoft Windows 2000 Professional Service Pack 4
          • Microsoft Windows XP Service Pack 2
          • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
          • Windows Vista
          • Windows Vista x64 Edition
          Revisions:
          • V1.0 (May 8, 2007): Bulletin published.
          • V1.1 (May 31, 2007): Bulletin revised. File Information updated for Windows Server 2003. Clarification added throughout the bulletin for server configurations that may require the installation of DNS functionality as a prerequisite for the security update installation.
          • V1.2 (June 6, 2007): Bulletin revised. Removed the literal Service Pack 1 from all instances of Windows Server 2003 x64 Edition Service Pack 1 throughout the bulletin.

          Released 05/08/07

          MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)

          Maximum Severity Rating: Critical

          Affected Software:
          • CAPICOM
          • Platform SDK Redistributable: CAPICOM
          • BizTalk Server 2004 Service Pack 1
          • BizTalk Server 2004 Service Pack 2

          Non-Affected Software:
          • BizTalk Server 2000
          • BizTalk Server 2002
          • BizTalk Server 2006

          Released 05/08/07

          MS07-027 Cumulative Security Update for Internet Explorer (931768)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Windows 2000 Service Pack 4
          • Microsoft Windows XP Service Pack 2
          • Microsoft Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
          • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
          • Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2
          • Windows Vista
          • Windows Vista x64 Edition

          Affected Components:
          • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
          • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
          • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
          • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Microsoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Microsoft Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Internet Explorer 7 for Windows XP Service Pack 2
          • Windows Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
          • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
          • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
          • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2
          • Windows Internet Explorer 7 in Windows Vista
          • Windows Internet Explorer 7 in Windows Vista x64 Edition

          Released 05/08/07

          MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
          • Microsoft Exchange Server 2003 Service Pack 1
          • Microsoft Exchange Server 2003 Service Pack 2
          • Microsoft Exchange Server 2007

          Released 05/08/07 Updated 5/17/07

          MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)

          Maximum Severity Rating: Critical

          Affected Software:
          • Microsoft Office 2000 Service Pack 3
            • Microsoft Excel 2000
            • Microsoft FrontPage 2000
            • Microsoft Publisher 2000
          • Microsoft Office XP Service Pack 3
            • Microsoft Excel 2002
            • Microsoft FrontPage 2002
            • Microsoft Publisher 2002
          • Microsoft Office 2003 Service Pack 2
          • Microsoft Excel 2003
          • Microsoft FrontPage 2003
          • Microsoft Publisher 2003
          • Microsoft Excel 2003 Viewer
        • 2007 Microsoft Office System
          • Microsoft Office Excel 2007
          • Microsoft Office Publisher 2007
          • Microsoft Office SharePoint Designer 2007Microsoft Expression Web
        • Microsoft Office 2004 for Mac
        Non-Affected Software:
        • Microsoft Works Suites:
          • Microsoft Works Suite 2004
          • Microsoft Works Suite 2005
          • Microsoft Works Suite 2006
        • Microsoft Office 2000 Service Pack 3
          • Microsoft Access 2000
          • Microsoft Outlook 2000
          • Microsoft PowerPoint 2000
          • Microsoft Project 2000 Service Release 1
          • Microsoft Word 2000
        • Microsoft Office XP Service Pack 3
          • Microsoft Access 2002
          • Microsoft Outlook 2002
          • Microsoft PowerPoint 2002
          • Microsoft Project 2002 Service Pack 1
          • Microsoft Visio 2002
          • Microsoft Word 2002
        • Microsoft Office 2003 Service Pack 2:
          • Microsoft Access 2003
          • Microsoft InfoPath 2003
          • Microsoft OneNote 2003
          • Microsoft Outlook 2003
          • Microsoft Project 2003
          • Microsoft PowerPoint 2003
          • Microsoft PowerPoint 2003 Viewer
          • Microsoft Visio 2003
          • Microsoft Word 2003
          • Microsoft Word 2003 Viewer
        • 2007 Microsoft Office System
          • Microsoft Office Access 2007
          • Microsoft Office PowerPoint 2007
          • Microsoft Office Project 2007
          • Microsoft Office Visio 2007
          • Microsoft Office Word 2007
        Revisions:
        • V1.0 (May 8, 2007): Bulletin published.
        • V1.1 (May 16, 2007): Bulletin workarounds section updated, with the removal of the Use Microsoft Word Viewer 2003 to open and view files workaround. This workaround is not valid for the vulnerability discussed in this security bulletin.
        • V1.2 (May 17, 2007): This Bulletin has been revised due to new issues discovered with the security update as reflected in Microsoft Knowledge Base Article 934873.

        Released 05/08/07

        MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Office 2000 Service Pack 3
          • Microsoft Word 2000
        • Microsoft Office XP Service Pack 3
          • Microsoft Word 2002
        • Microsoft Office 2003 Service Pack 2
          • Microsoft Word 2003
          • Microsoft Word Viewer 2003
        • Microsoft Office 2004 for Mac
        • Microsoft Works Suites:
          • Microsoft Works Suite 2004
          • Microsoft Works Suite 2005
          • Microsoft Works Suite 2006

        Non-Affected Software:
        • 2007 Microsoft Office System
          • Microsoft Word 2007

        Released 05/08/07 Updated 5/17/07

        MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Office 2000 Service Pack 3
          • Microsoft Excel 2000
        • Microsoft Office XP Service Pack 3
          • Microsoft Excel 2002
        • Microsoft Office 2003 Service Pack 2
          • Microsoft Excel 2003
          • Microsoft Excel 2003 Viewer
        • 2007 Microsoft Office System
          • Microsoft Office Excel 2007
          • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
        • Microsoft Office 2004 for Mac

      Non-Affected Software:
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      Revisions:
      • V1.0 (May 8, 2007): Bulletin published.
      • V1.1 (May 16, 2007): Bulletin Installation File Information section updated with the correct file name for the Office 2007 Compatibility Pack.
      • V1.2 (May 17, 2007): This Bulletin has been revised due to new issues discovered with the security update as reflected in Microsoft Knowledge Base Article 934233.

      Released 04/10/07

      MS07-022 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2
      Non-Affected Software:
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 and SP2 for Itanium-based Systems
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 and Microsoft Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 x64 Edition with Service Pack 1 and Microsoft Windows Server 2003 x64 Edition with Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      Non-Affected Software:
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition

      Released 04/10/07

      MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Content Management Server 2001 Service Pack 1
      • Microsoft Content Management Server 2002 Service Pack 2

      Released 04/03/07

      MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
      • Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
      • Windows Vista
      • Windows Vista x64 Edition

      Released 02/13/07 Updated 2/21/07

      MS07-016 Cumulative Security Update for Internet Explorer (928090)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista
      Affected Components:
      • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
      • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
      • Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition
      • Windows Internet Explorer 7 for Windows XP Service Pack 2
      • Windows Internet Explorer 7 for Windows XP Professional x64 Edition
      • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
      • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
      Non-Affected Components:
      • Windows Internet Explorer 7 in Windows Vista
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 21, 2007): Bulletin revised to correct installation verification keys for Windows Internet Explorer 7. Removal information for Windows Server 2003 updated with correct folder.

      Released 02/13/07 Updated 2/28/07

      MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Access 2000
        • Microsoft Excel 2000
        • Microsoft FrontPage 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Publisher 2000
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Access 2002
        • Microsoft Excel 2002
        • Microsoft FrontPage 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Publisher 2002
        • Microsoft Visio 2002
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Access 2003
        • Microsoft Excel 2003
        • Microsoft Excel 2003 Viewer
        • Microsoft FrontPage 2003
        • Microsoft InfoPath 2003
        • Microsoft OneNote 2003
        • Microsoft Outlook 2003
        • Microsoft PowerPoint 2003
        • Microsoft Project 2003
        • Microsoft Publisher 2003
        • Microsoft Visio 2003
        • Microsoft Word 2003
        • Microsoft Excel 2003 Viewer
        • Microsoft Word 2003 Viewer
      • Microsoft Project 2000 Service Release 1
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Office 2004 for Mac
      Non-Affected Software:
      • 2007 Microsoft Office System
      • Microsoft Office 2003 Service Pack 2
        • Microsoft PowerPoint 2003 Viewer
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 28, 2007) Bulletin updated: Prerequisites and Additional Update for Office 2003 in the Security Update Information section.

      Released 02/13/07

      MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002
        Microsoft Office 2003 Service Pack 2
        • Microsoft Word 2003
        • Microsoft Word Viewer 2003
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      • Microsoft Office 2004 for Mac
      Non-Affected Software:
      • 2007 Microsoft Office System
        • Microsoft Office Word 2007

      Released 02/13/07 Updated 2/28/07

      MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

      Maximum Severity Rating: Important

      Affected Software:

      Windows Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Office Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Access 2000
        • Microsoft Excel 2000
        • Microsoft FrontPage 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Publisher 2000
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Access 2002
        • Microsoft Excel 2002
        • Microsoft FrontPage 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Publisher 2002
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Access 2003
        • Microsoft Excel 2003
        • Microsoft FrontPage 2003
        • Microsoft InfoPath 2003
        • Microsoft OneNote 2003
        • Microsoft Outlook 2003
        • Microsoft PowerPoint 2003
        • Microsoft Project 2003
        • Microsoft Publisher 2003
        • Microsoft Visio 2003
        • Microsoft Word 2003
        • Microsoft Word 2003 Viewer
      • Microsoft Project 2000 Service Release 1
      • Microsoft Office 2000 Multilanguage Packs
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Learning Essentials 1.0, 1.1, and 1.5 for Microsoft Office
      • Microsoft Global Input Method Editor for Office 2000 (Japanese)
      • Microsoft Office 2004 for Mac
      Non-Affected Software:
      • Windows Vista
      • 2007 Microsoft Office System
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Excel 2003 Viewer
        • Microsoft PowerPoint 2003 Viewer
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 21, 2007) Bulletin updated: additional clarification has been added to the e-mail attack vector. An attacker could also attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text e-mail message.
      • V1.2 (February 28, 2007) Bulletin updated: Prerequisites and Additional Update for Office 2003 in the Security Update Information section.

      Released 02/13/07 Update 2/21/07

      MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Visual Studio .NET 2002
      • Microsoft Visual Studio .NET 2002 Service Pack 1
      • Microsoft Visual Studio .NET 2003
      • Microsoft Visual Studio .NET 2003 Service Pack 1
      Non-Affected Software:
      • Windows Vista
      • Microsoft Visual Studio 2005
      Revisions:

      V1.0 (February 13, 2007): Bulletin published.

      V1.1 (February 21, 2007) Bulletin updated: additional clarification has been added to the e-mail attack vector. An attacker could also attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text e-mail message. This Bulletin has also been revised due to new issues discovered with the security update as reflected in Microsoft Knowledge Base Article 924667.

      Released 02/13/07 Updated 2/21/07

      MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista
      Revisions:
      • V1.0 (February 13, 2007) Bulletin published.
      • V1.1 (February 21, 2007) Bulletin updated: additional clarification has been added to the e-mail attack vector. An attacker could also attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text e-mail message.

      Released 02/13/07 Updated 2/22/07

      MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

      Maximum Severity Rating: Critical

      Affected Software:
      • Windows Live OneCare
      • Microsoft Antigen for Exchange 9.x
      • Microsoft Antigen for SMTP Gateway 9.x
      • Microsoft Windows Defender
      • Microsoft Windows Defender x64 Edition
      • Microsoft Windows Defender in Windows Vista
      • Microsoft Forefront Security for Exchange Server
      • Microsoft Forefront Security for SharePoint
      Affected Components:
      • Microsoft Malware Protection Engine
      Revisions:
      • V1.0 (February 13, 2007): Bulletin published.
      • V1.1 (February 22, 2007): Bulletin updated: "Frequently Asked Questions (FAQ) Related to This Security Update" section in "Executive Summary" for WSUS Windows Defender update process.

      Released 02/13/07

      MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Data Access Components 2.5 Service Pack 3 on Microsoft Windows 2000 Service Pack 4
      • Microsoft Data Access Components 2.8 Service Pack 1 on Microsoft Windows XP Service Pack 2
      • Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003
      • Microsoft Data Access Components 2.8 on Microsoft Windows Server 2003 for Itanium-based Systems
      Non-Affected Software:
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows XP Professional x64 Edition
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Data Access Components 2.8 Service Pack 2 on Microsoft Windows Server 2003 x64 Edition
      • Windows Data Access Components 6.0 on Windows Vista
      Affected Components:
      • Microsoft Data Access Components 2.7 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
      • Microsoft Data Access Components 2.8 when installed on Microsoft Windows 2000 Service Pack 4
      • Microsoft Data Access Components 2.8 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4

      Released 02/13/07

      MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista

      Released 02/13/07

      MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista

      Released 02/13/07 Updated 2/15/07

      MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows Vista
      Revisions:
      • V1.0 (February, 13 2007): Bulletin published.
      • V1.1 (February, 15 2007): Bulletin updated to reflect the appropriate registry key to use on Windows Server 2003 (all versions) to verify the files that this security update has installed. Also clarified the recommendation in the impact of the Disable the Shell Hardware Detection service workaround.

      Released 02/13/07

      MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

      Maximum Severity Rating: Important

      Affected Software:
      • Step-by-Step Interactive Training when installed on Microsoft Windows 2000 Service Pack 4
      • Step-by-Step Interactive Training when installed on Microsoft Windows XP Service Pack 2
      • Step-by-Step Interactive Training when installed on Microsoft Windows XP Professional x64 Edition
      • Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 x64 Edition

      Released 01/09/07 Updated 1/10/07

      MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Windows Vista
      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 7 on Microsoft Windows XP Service Pack 2
      • Internet Explorer 7 on Microsoft Windows XP Professional x64 Edition
      • Internet Explorer 7 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Internet Explorer 7 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Internet Explorer 7 on Microsoft Windows Server 2003 x64 Edition
      Revisions:
      • V1.0 (January 9, 2007): Bulletin published.
      • V1.1 (January 10, 2007): Bulletin updated: Restart Requirement updated for each update to properly reflect that restarts are not required if the affected file, vgx.dll, is not in use.

      Released 01/09/07 Updated 1/24/07

      MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Outlook 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Outlook 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Outlook 2003
      Non-Affected Software:
      • Microsoft Office 2007
      • Microsoft Office Outlook 2007
      Revisions:
      • V1.0 (January 9, 2007): Bulletin published.
      • V1.1 (January 24, 2007): Bulletin updated to add You receive an error message "Microsoft Office Outlook has encountered a problem and needs to close. We are sorry for the inconvenience." when you use Microsoft CRM client for Microsoft Outlook (931270) under What are the known issues that customers may experience when they install this security update? in the Frequently Asked Questions (FAQ) Related to This Security Update section.

      Released 01/09/07 Updated 1/18/07

      MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Excel 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Excel 2002
      • Microsoft Office 2003 Service Pack 2
        • Microsoft Excel 2003
        • Microsoft Office Excel Viewer 2003
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
      • Microsoft Office 2004 for Mac
      • Microsoft Office v. X for Mac
      Non-Affected Software:
      • 2007 Microsoft Office system
        • Microsoft Office Excel 2007
      • Microsoft Works Suites:
        • Microsoft Works Suite 2006
      Revisions:
      • V1.0 (January 9, 2007): Bulletin published.
      • V1.1 (January 12, 2007): Bulletin updated Caveats and What are the known issues that customers may experience when they install this security update? under the Frequently Asked Questions (FAQ) Related to This Security Update section.
      • V2.0 (January 18, 2007): Bulletin updated: This bulletin has been re-released to re-offer the security update to customers with Microsoft Excel 2000. The security update previously did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode. For additional information see Microsoft Knowledge Base Article 931183.

      Released 01/09/07

      MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Office 2003 Service Pack 2 (Brazilian Portuguese Version)
        • Microsoft Word 2003
        • Microsoft Excel 2003
        • Microsoft Outlook 2003
        • Microsoft Access 2003
        • Microsoft OneNote 2003
        • Microsoft PowerPoint 2003
        • Microsoft Publisher 2003
        • Microsoft Access 2003
        • Microsoft InfoPath 2003
        • Microsoft FrontPage 2003
        • Microsoft Visio 2003
        • Microsoft Visio Enterprise Architects 2003
      • Microsoft Office Multilingual User Interface 2003 Service Pack 2 - Download the update (KB921585)
      • Microsoft Project Multilingual User Interface 2003 Service Pack 2
      • Microsoft Visio Multilingual User Interface 2003 Service Pack 2
      • Microsoft Office Proofing Tools 2003 Service Pack 2
      Non-Affected Software:
      • Microsoft Office 2000
      • Microsoft Office XP
      • Microsoft Office 2007
      • Microsoft Office v.X for Mac
      • Microsoft Office 2004 for Mac



      by MSeng See Profile
      last modified: 2007-12-11 20:37:11

      This FAQ will be updated as bulletins are released throughout the year.

      Notes:
      Released 12/12/06 Updated 12/19/06

      MS06-78 Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions:
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows Media Player 6.4
        • Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Windows Vista
      • Microsoft Windows 2003 For Itanium-Based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Media Format 11 Series when installed on all Microsoft Operating Systems
      Revisions:
      • V1.0 (December 12, 2006): Bulletin published.
      • V2.0 (December 19, 2006): Bulletin updated has been revised and re-released for the Korean only package on Microsoft Windows Media Runtime Format 7.1 and 9.0 Series Runtime on Windows 2000 Service Pack 4 to address the issues identified in Microsoft Knowledge Base Article 923689. Additional clarity around file versions in the Ive installed the Windows Media Format Runtime security update. What version of Windows Media Format Runtime should I have installed? in the Frequently Asked Questions (FAQ) Related to this Security Update section.

      Released 12/12/06

      MS06-77 Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4

      Non-Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista

      Released 12/12/06 Updated 12/20/06

      MS06-76 Cumulative Security Update for Outlook Express (923694)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Windows Vista

      Affected Components:
      • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4
      • Outlook Express 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
      • Outlook Express 6 on Microsoft Windows XP Service Pack 2
      • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
      • Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
      • Outlook Express 6 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      Revisions:
      • V1.0 (December 12, 2006): Bulletin published.
      • V1.1 (December 20, 2006): Bulletin updated to modify the File Information for Windows Server 2003 in the Security Update Information section.

      Released 12/12/06

      MS06-75 Vulnerability in Windows Could Allow Elevation of Privilege (926255)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows Server 2003
      • Microsoft Windows Server 2003 for Itanium-based Systems

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista

      Released 12/12/06

      MS06-74 Vulnerability in SNMP Could Allow Remote Code Execution (926247)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Windows Vista

      Released 12/12/06

      MS06-73 Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Visual Studio 2005
        • Visual Studio 2005 Standard Edition
        • Visual Studio 2005 Professional Edition
        • Visual Studio 2005 Team Suite
        • Visual Studio 2005 Team Edition for Developers
        • Visual Studio 2005 Team Edition for Architects
        • Visual Studio 2005 Team Edition for Testers

      Non-Affected Software:
      • Microsoft Visual Studio 2005
        • Visual Basic 2005 Express Edition
        • Visual C++ 2005 Express Edition
        • Visual C# Express Edition
        • Visual J# Express Edition
        • Visual Web Developer Express Edition
        • Visual Studio 2005 Tools For Office
        • Visual Studio 2005 Team Explorer
        • Visual Studio 2005 Team Foundation Dual-Server
        • Visual Studio 2005 Team Foundation Single Server
        • Visual Studio 2005 Team Foundation Proxy
        • Visual Studio 2005 Team Foundation Build
        • Visual Studio 2005 Premier Partner Edition
      • Microsoft Visual Studio 6.0 Service Pack 6
      • Microsoft Visual Studio .NET 2002 Service Pack 1
      • Microsoft Visual Studio .NET 2003 Service Pack 1

      Released 12/12/06

      MS06-72 Cumulative Security Update for Internet Explorer (925454)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Windows Vista

      Affected Components:
      • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
      • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
      • Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition

      Non-Affected Components:
      • Windows Internet Explorer 7 for Windows XP Service Pack 2
      • Windows Internet Explorer 7 for Windows XP Professional x64 Edition
      • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
      • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
      • Windows Internet Explorer 7 in Windows Vista

      Released 11/14/06 Updated 11/15/06

      MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft XML Core Services 4.0 when installed on Windows
      • Microsoft XML Core Services 6.0 when installed on Windows (all versions)

      Non-Affected Software:
      • Microsoft XML Core Services 3.0
      • Microsoft XML Core Services 5.0
      Revisions:
      • V1.0 (November 14, 2006): Bulletin published.
      • V1.1 (November 15, 2006): Bulletin updated: executable name for msxml6 has been updated with correct name and log file has been updated with correct KB number. Additional clarification has also been added to clarify which components of the previous Bulletin this update replaces.

      Released 11/14/06

      MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2

      Non-Affected Software:
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista

      Released 11/14/06 Updated 11/15/06

      MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista
      Revisions:
      • V1.0 (November 14, 2006): Bulletin published.
      • V1.1 (November 15, 2006): Bulletin revised to clarify that this security update installs Flash6.ocx version 6.0.88.0 and removes the version of Flash.ocx it is replacing.

      Released 11/14/06

      MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Windows Vista

      Released 11/14/06

      MS06-067 Cumulative Security Update for Internet Explorer (922760)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Windows Vista

      Affected Components:
      • Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4
      • Microsoft Internet Explorer 6 for Windows XP Service Pack 2
      • Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
      • Microsoft Internet Explorer 6 for Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems and Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition

      Non-Affected Components:
      • Windows Internet Explorer 7 for Windows XP Service Pack 2
      • Windows Internet Explorer 7 for Windows XP Professional x64 Edition
      • Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
      • Windows Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems
      • Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
      • Windows Internet Explorer 7 in Windows Vista

      Released 11/14/06

      MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

      Non-Affected Software:
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows Vista

      Released 10/10/06

      MS06-065 Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)

      Maximum Severity Rating: Moderate

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4

      Released 10/10/06

      MS06-064 Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)

      Maximum Severity Rating: Low

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4

      Released 10/10/06

      MS06-063 Vulnerability in Server Service Could Allow Denial of Service (923414)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 10/10/06

      MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Access 2000
        • Microsoft Excel 2000
        • Microsoft FrontPage 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Publisher 2000
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Access 2002
        • Microsoft Excel 2002
        • Microsoft FrontPage 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Publisher 2002
        • Microsoft Visio 2002
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Access 2003
        • Microsoft Excel 2003
        • Microsoft Excel 2003 Viewer
        • Microsoft FrontPage 2003
        • Microsoft InfoPath 2003
        • Microsoft OneNote 2003
        • Microsoft Outlook 2003
        • Microsoft PowerPoint 2003
        • Microsoft Project 2003
        • Microsoft Publisher 2003
        • Microsoft Visio 2003
        • Microsoft Word 2003
        • Microsoft Word 2003 Viewer
      • Microsoft Project 2000 Service Release 1
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Office 2004 for Mac
      • Microsoft Office v. X for Mac

      Non-Affected Software:
      • Microsoft PowerPoint 2003 Viewer
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006

      Released 10/10/06 Updated 10/19/06

      MS06-061 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Windows 2000 Service Pack 4
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 1
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Service Pack 2
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows XP Professional x64 Edition
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 Service Pack 1
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft XML Parser 2.6 (all versions) and Microsoft XML Core Services 3.0 (all versions) on Microsoft Windows Server 2003 x64 Edition
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2 with Microsoft XML Core Services 5.0 Service Pack 1

      Non-Affected Software:
      • Windows 2000 Service Pack 4 running Microsoft XML Core Services 2.5
      • Microsoft Windows XP Service Pack 1 running Microsoft XML Core Services 2.5
      • Microsoft Windows XP Service Pack 2 running Microsoft XML Core Services 2.5
      • Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5
      • Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core Services 2.5

      Affected Components:
      • Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4
      • Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft XML Core Services 6.0 when installed on Windows 2000 Service Pack 4
      • Microsoft XML Core Services 6.0 when installed on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft XML Core Services 6.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

      Revisions:
      • V1.0 (October 10, 2006): Bulletin published.
      • V1.1 (October 11, 2006): Bulletin updated: removed erroneous Security Update Replacement information. This update does not replace a prior security update.
      • V2.0 (October 19, 2006): Bulletin updated: This bulletin has been re-released to re-offer the security update to customers with Windows 2000 Service Pack 4. The security update previously did not correctly set the kill bit for Microsoft XML Parser 2.6. Additional information has also been included for customers wishing to remove the security update for Microsoft XML Core Services 4.0 and Microsoft XML Core Services 6.0.

      Released 10/10/06

      MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Office Word 2003
        • Microsoft Office Word 2003 Viewer
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      • Microsoft Office 2004 for Mac
      • Microsoft Office v. X for Mac

      Released 10/10/06

      MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Excel 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Excel 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Office Excel 2003
        • Microsoft Office Excel Viewer 2003
      • Microsoft Office 2004 for Mac
        • Microsoft Excel 2004 for Mac
      • Microsoft Office v. X for Mac
        • Microsoft Excel v. X for Mac
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006

      Released 10/10/06

      MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft PowerPoint 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft PowerPoint 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Office PowerPoint 2003
      • Microsoft Office 2004 for Mac
        • Microsoft PowerPoint 2004 for Mac
      • Microsoft Office v. X for Mac
        • Microsoft PowerPoint v. X for Mac

      Released 10/10/06

      MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 10/10/06

      MS06-056 Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)

      Maximum Severity Rating: Moderate

      Affected Software:
      • Microsoft .NET Framework 2.0 for the following operating system versions:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows XP Tablet PC Edition
        • Microsoft Windows XP Media Center Edition
        • Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems or Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
      Affected Components:
      • Microsoft .NET Framework 2.0

      Non-Affected Components:
      • Microsoft .NET Framework 1.0
      • Microsoft .NET Framework 1.1

      Released 9/26/06

      MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 1
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

      Released 9/12/06 Updated 9/13/06

      MS06-054 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Office Publisher 2000
      • Microsoft Office XP Service Pack 3
        • Office Publisher 2002
      • Microsoft Office 2003 Service Pack 1 and Service Pack 2
        • Office Publisher 2003

      Revisions:
      • V1.0 (September 12, 2006): Bulletin published.
      • V1.1 (September 13, 2006): Bulletin updated to provide additional clarity around Does this update contain any changes to functionality? under the FAQ for Microsoft Publisher Vulnerability section for Office 2003.

      Released 9/12/06 Updated 9/13/06

      MS06-053 Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

      Maximum Severity Rating: Moderate

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Affected Components:
      • Indexing Service

      Revisions
      • V1.0 (September 12, 2006): Bulletin published.
      • V1.1 (September 13, 2006): Bulletin updated the What updates does this release replace? regarding MS05-003 for Office XP Service Pack 2.

      Released 9/12/06

      MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition


      Released 8/8/06

      MS06-051 Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-049 Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-048 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft PowerPoint 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft PowerPoint 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Office PowerPoint 2003
      • Microsoft Office 2004 for Mac
        • PowerPoint 2004 for Mac
      • Microsoft Office v. X for Mac
        • PowerPoint 2004 v. X for Mac

      Non-Affected Software:
      • Microsoft PowerPoint 2003 Viewer
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006

      Released 8/8/06

      MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
      • Microsoft Project 2000 Service Release 1
      • Microsoft Access 2000 Runtime Service Pack 3
      • Microsoft Office XP Service Pack 3
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004 Download the update (KB920821) (same as the Microsoft Office XP update)
        • Microsoft Works Suite 2005 Download the update (KB920821) (same as the Microsoft Office XP update)
        • Microsoft Works Suite 2006 Download the update (KB920821) (same as the Microsoft Office XP update)
      • Microsoft Visual Basic for Applications SDK 6.0 Download the update (KB923167)
      • Microsoft Visual Basic for Applications SDK 6.2 Download the update (KB923167)
      • Microsoft Visual Basic for Applications SDK 6.3 Download the update (KB923167)
      • Microsoft Visual Basic for Applications SDK 6.4 Download the update (KB923167)

      Non-Affected Software:
      • Microsoft Office 2003 Service Pack 1 and Microsoft Office 2003 Service Pack 2

      Released 8/8/06

      MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (922616)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4

      Non-Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-043 Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Affected Components:
      • Outlook Express 6 on Microsoft Windows XP Service Pack 2
      • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
      • Outlook Express 6 on Microsoft Windows Server 2003 Service Pack 1
      • Outlook Express 6 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1
      • Microsoft Windows Server 2003
      • Microsoft Windows Server 2003 for Itanium-based Systems

      Released 8/8/06 Updated 8/24/06

      MS06-042 Cumulative Security Update for Internet Explorer (918899)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
      • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
      • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
      • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
      Revisions:
      • V1.0 (August 8, 2006): Bulletin published.
      • V1.1 (August 15, 2006): Bulletin caveats updated with additional information affecting some Internet Explorer 6 Service Pack 1 customers. See Knowledge Base Article 923762 for more information.
      • V1.2 (August 22, 2006): Bulletin caveats updated with additional information regarding the release status of revised Internet Explorer 6 Service Pack 1 updates, as well as the release of Security Advisory 923762.
      • V2.0 (August 24, 2006): Bulletin reissued and updated with additional information and vulnerability details affecting Internet Explorer 6 Service Pack 1 customers.


      Released 8/8/06

      MS06-041 Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 8/8/06

      MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 7/11/06

      MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Access 2003
        • Microsoft Excel 2003
        • Microsoft Excel 2003 Viewer
        • Microsoft FrontPage 2003
        • Microsoft InfoPath 2003
        • Microsoft OneNote 2003
        • Microsoft Outlook 2003
        • Microsoft PowerPoint 2003
        • Microsoft Project 2003
        • Microsoft Publisher 2003
        • Microsoft Visio 2003
        • Microsoft Word 2003
        • Microsoft Word 2003 Viewer
      • Microsoft Office XP Service Pack 3 - Download the update (KB917150)
        • Microsoft Access 2002
        • Microsoft Excel 2002
        • Microsoft FrontPage 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Publisher 2002
        • Microsoft Visio 2002
        • Microsoft Word 2002
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Access 2000
        • Microsoft Excel 2000
        • Microsoft FrontPage 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Publisher 2000
        • Microsoft Word 2000
      • Microsoft Project 2002 Service Pack 1
      • Microsoft Visio 2002 Service Pack 2
      • Microsoft Project 2000 Service Release 1
      • Microsoft Office 2004 for Mac
      • Microsoft Office v. X for Mac

      Non-Affected Software:
      • Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006

      Released 7/11/06

      MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Project 2003
        • OneNote 2003
      • Microsoft Office XP Service Pack 3
      • Microsoft Office 2000 Service Pack 3
      • Microsoft Project 2002• Microsoft Works Suites:
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006

      Non- Affected Software:
      • Microsoft Office Viewers
      • Microsoft Office 2004 for Mac
      • Microsoft Office v. X for Mac

      Released 7/11/06

      MS06-037 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Excel 2003
        • Microsoft Excel Viewer 2003
      • Microsoft Office XP Service Pack 3
        • Microsoft Excel 2002
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Excel 2000
      • Microsoft Office 2004 for Mac
        • Microsoft Excel 2004 for Mac
      • Microsoft Office v. X for Mac
        • Microsoft Excel v. X for Mac

      Released 7/11/06

      MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

      Released 7/11/06

      MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

      Released 7/11/06

      MS06-034 Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Professional Service Pack 1 and Microsoft Windows XP Professional Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition family

      Affected Components:
      • Microsoft Internet Information Services (IIS) 6.0
      • Microsoft Internet Information Services (IIS) 5.1
      • Microsoft Internet Information Services (IIS) 5.0

      Non-Affected Software:
      • Microsoft Windows XP Home Service Pack 1 and Microsoft Windows XP Home Service Pack 2

      Released 7/11/06

      MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

      Maximum Severity Rating: Important

      Affected Software:
      • NET Framework 2.0 for the following operating system versions:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows XP Tablet PC Edition
        • Microsoft Windows XP Media Center Edition
        • Microsoft Windows Server 2003 or Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based systems and Microsoft Windows Server with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft .NET Framework 1.0
      • Microsoft .NET Framework 1.1
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

      Affected Components:
      • ASP.NET



      Released 6/13/06 Updated 6/21/06

      MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
      Revisions:
      • V1.0 (June 13, 2006): Bulletin published.
      • V1.1 (June 21, 2006): FAQ Related to This Security Update section updated to clarify MS05-019 bulletin replacement. Vulnerability Details section of the bulletin was also updated to provide additional information on Disable IP Source Routing.

      Released 6/13/06

      MS06-031 Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)

      Maximum Severity Rating: Moderate

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4

      Non-Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

      Released 6/13/06 Updated 6/14/06

      MS06-030 Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
      Revisions:
      • V1.0 (June 13, 2006): Bulletin published.
      • V1.1 (June 14, 2006): Acknowledgments section updated to reflect Rubn Santamartas cooperation with iDefense for reporting the associated vulnerabilities.

      Released 6/13/06

      MS06-029 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Exchange 2000 Server Pack 3 with the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
      • Microsoft Exchange Server 2003 Service Pack 1
      • Microsoft Exchange Server 2003 Service Pack 2

      Released 6/13/06 Updated 6/21/06

      MS06-028 Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft PowerPoint 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft PowerPoint 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft PowerPoint 2003
      • Microsoft Office 2004 for Mac
        • Microsoft PowerPoint 2004 for Mac
      • Microsoft Office v. X for Mac
        • Microsoft PowerPoint v. X for Mac
      Revisions:
      • V1.0 June 13, 2006: Bulletin published.
      • V1.1 June 14, 2006: Bulletin revised the Client Installation File Information and Administrative Installation File Information under PowerPoint 2003.
      • V1.2 June 21, 2006: Bulletin revised the What updates does this release replace? under the Frequently Asked Questions (FAQ) Related to this Security Update section.

      Released 6/13/06 Updated 6/21/06

      MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Word 2003
        • Microsoft Word Viewer 2003
      • Microsoft Works Suites:
        • Microsoft Works Suite 2000
        • Microsoft Works Suite 2001
        • Microsoft Works Suite 2002
        • Microsoft Works Suite 2003
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006

      Non-Affected Software:
      • Microsoft Word v. X for Mac
      • Microsoft Word 2004 for Mac
      Revisions:
      • V1.0 (June 13, 2006): Bulletin published.
      • V1.1 (June 14, 2006): Bulletin revised: Bulletin revised: Updated the Acknowledgments section for CVE-2006-2492.
      • V1.2 (June 21, 2006): Bulletin revised: Updated the What updates does this release replace? for Word 2003.

      Released 6/13/06

      MS06-026 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) See FAQ Related to This Security Update

      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Released 6/13/06 Updated 6/27/06

      MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      Non-Affected Software:
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
      Revisions:
      • V1.0 (June 13, 2006): Bulletin published
      • V1.1 (June 19, 2006): FAQ and Vulnerability Details sections updated to provide clarification on affected RASMAN component. Caveats section updated to include known issues.
      • V1.2 (June 21, 2006): Bulletin updated to provide additional differentiation between RRAS, RAS, and RASMAN components.
      • V2.0 (June 27, 2006): Microsoft updated this bulletin and the associated security updates to address the issues affecting customers identified in Microsoft Knowledge Base Article 911280.

      Released 6/13/06 Updated 6/21/06

      MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

      Maximum Severity Rating: Critical

      Affected Software:
      • Windows Media Player for XP on Microsoft Windows XP Service Pack 1
      • Windows Media Player 9 on Microsoft Windows XP Service Pack 2
      • Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition
      • Windows Media Player 9 on Microsoft Windows Server 2003
      • Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1
      • Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

      Affected Components:
      • Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4
      • Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1
      • Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2

      Non-Affected Software:
      • Windows Media Player 6.4 on all Microsoft Windows operating systems
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

      Revisions:
      • V1.0 (June 13, 2006): Bulletin published.
      • V1.1 (June 21, 2006): Bulletin revised Registry Key Verification for Windows Media Player 9 on Windows 2000.

      Released 6/13/06

      MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

      Affected Components:
      • Microsoft JScript 5.1 on Microsoft Windows 2000 Service Pack 4
      • Microsoft JScript 5.6 and 5.5 when installed on Windows 2000 Service Pack 4
      • Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition
      • Microsoft JScript 5.6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft JScript 5.6 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition
      • Microsoft JScript 5.6 on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

      Released 6/13/06

      MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 1
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

      Affected Components:
      • Windows 2000 with the Windows 2000 AOL Image Support Update installed:
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4

      Released 6/13/06

      MS06-021 Cumulative Security Update for Internet Explorer (916281)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.

      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
      • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
      • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
      • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

      Released 5/9/06

      MS06-020 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Windows XP Professional x64 Edition

      Released 5/9/06

      MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004(870540)
      • Microsoft Exchange Server 2003 Service Pack 1
      • Microsoft Exchange Server 2003 Service Pack 2

      Released 5/9/06

      MS06-018 Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)

      Maximum Severity Rating: Moderate

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows Server 2003
      • Microsoft Windows Server 2003 for Itanium-based Systems
      Non-Affected Software:
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

      Released 4/11/06

      MS06-017 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

      Maximum Severity Rating: Moderate

      Affected Software:
      • Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows XP Professional x64 Edition
      • Microsoft FrontPage Server Extensions 2002 (x86 Editions) downloaded and installed on Microsoft Windows Server 2000 Service Pack 4, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
      • Microsoft SharePoint Team Services

      Non-Affected Software:
      • Microsoft Windows SharePoint Services
      • Microsoft FrontPage 2002
      • Microsoft FrontPage Server Extensions 2000
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

      Released 4/11/06 Updated 4/15/06

      MS06-016 Cumulative Security Update for Outlook Express (911567)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Windows Me) Review the FAQ section of this bulletin for details about these operating systems.

      Affected Components:
      • Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
      • Outlook Express 6 Microsoft Windows Server 2003 on Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Outlook Express 6 on Microsoft Windows XP Service Pack 2
      • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
      • Outlook Express 6 Service Pack 1 on Microsoft Windows XP Service Pack 1 or when installed on Microsoft Windows 2000 Service Pack 4
      • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4
      Revisions:
      • V1.0 (April 11, 2006): Bulletin published.
      • V1.1 (April 15, 2006): Bulletin updated to discuss a privacy related change included in this update for Outlook Express 6 on Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Outlook Express 6 for Windows XP Service Pack 2 to ignore the X-Unsent field in email headers.

      Released 4/11/06 Updated 4/25/06

      MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
      Revisions:
      • V1.0 (April 11, 2006): Bulletin published.
      • V1.1 (April 15, 2006): Bulletin revised: Caveats section updated due to new issues discovered with the security update. Users may experience issues in Windows Explorer or the Windows shell after installing the update. Security Update Information revised to reflect correct file version information for Microsoft Windows XP and Microsoft Windows 2000.
      • V1.2 (April 20, 2006): Bulletin revised: FAQ Section updated to include information about an upcoming re-release of the security update.
      • V2.0 (April 25, 2006): Bulletin revised: This bulletin has been re-released to advise customers that revised versions of the security update are available for all products listed in the Affected Software section. Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action. For additional information, see Why did Microsoft reissue this bulletin on April 25, 2006. in "Frequently asked questions (FAQ) related to this security update" section.

      Released 4/11/06

      MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows XP Service Pack 1 running Microsoft Data Access Components 2.7 Service Pack 1
      • Microsoft Windows XP Service Pack 2 running Microsoft Data Access Components 2.8 Service Pack 1
      • Microsoft Windows XP Professional x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
      • Microsoft Windows Server 2003 running Microsoft Data Access Components 2.8
      • Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data Access Components 2.8 Service Pack 2
      • Microsoft Windows Server 2003 for Itanium-based Systems running Microsoft Data Access Components 2.8
      • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems running Microsoft Data Access Components 2.8 Service Pack 2
      • Microsoft Windows Server 2003 x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

      Affected Components:
      • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5 Service Pack 3 installed
      • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7 Service Pack 1 installed
      • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 installed
      • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 Service Pack 1 installed
      • Windows XP Service Pack 1 with Microsoft Data Access Components 2.8 installed

      Released 4/11/06

      MS06-013 Cumulative Security Update for Internet Explorer (912812)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition family
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

      Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.

      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
      • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
      • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
      • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
      • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

      Released 03/14/06 Updated 3/17/06

      MS06-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • Microsoft Word 2000
        • Microsoft Excel 2000
        • Microsoft Outlook 2000
        • Microsoft PowerPoint 2000
        • Microsoft Office 2000 MultiLanguage Packs
      • Microsoft Office XP Service Pack 3
        • Microsoft Word 2002
        • Microsoft Excel 2002
        • Microsoft Outlook 2002
        • Microsoft PowerPoint 2002
        • Microsoft Office XP Multilingual User Interface Packs
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • Microsoft Excel 2003
        • Microsoft Excel 2003 Viewer
      • Microsoft Works Suites:
        • Microsoft Works Suite 2000
        • Microsoft Works Suite 2001
        • Microsoft Works Suite 2002
        • Microsoft Works Suite 2003
        • Microsoft Works Suite 2004
        • Microsoft Works Suite 2005
        • Microsoft Works Suite 2006
      • Microsoft Office X for Mac
        • Microsoft Excel X for Mac
      • Microsoft Office 2004 for Mac
        • Microsoft Excel 2004 for Mac
      Non-Affected Software:
      • Microsoft Office Excel 2000 Viewer
      • Microsoft Office Excel 2002 Viewer
      • Microsoft Word 2003
      • Microsoft Outlook 2003
      • Microsoft PowerPoint 2003

      Revisions:
      • V1.0 (March 14, 2006): Bulletin published.
      • V1.2 (March 17, 2006): Bulletin revised: Removed MS05-012 and MS06-010 from What updates does this release replace? in the Frequently asked questions (FAQ) related to this security update section. Updated the Mitigations and Work Around section for all vulnerabilities to provide additional clarity around Office 2000 in addition updated the Acknowledgments section for CVE-2006-0028.

      Released 03/14/06 Updated 3/17/06

      MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 1
      • Microsoft Windows Server 2003,li>Microsoft Windows Server 2003 for Itanium-based Systems
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
      • Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

      REVISIONS
      • V1.0 March 14, 2006: Bulletin published.
      • V1.1 March 17, 2006: For Windows Server 2003 the File verification section updated to reflect the appropriate registry key for file detection.

      Released 02/14/06

      MS06-010 Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Office 2000 Service Pack 3
        • PowerPoint 2000
      Non-Affected Software:
      • Microsoft Office XP Service Pack 3
        • PowerPoint 2002
      • Microsoft Office 2003 Service Pack 1 or Service Pack 2
        • PowerPoint 2003

      Released 02/14/06 Updated 3/8/06

      MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Office 2003 Software:
        • Microsoft Office 2003 Service Pack 1 and Service Pack 2
        • Microsoft Office 2003 Multilingual User Interface Packs
        • Microsoft Office Visio 2003 Multilingual User Interface Packs
        • Microsoft Office Project 2003 Multilingual User Interface Packs
        • Microsoft Office 2003 Proofing Tools
        • Microsoft Office Visio 2003
        • Microsoft Office OneNote 2003
        • Microsoft Office Project 2003

        Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.

        Note Only the Korean language versions of Windows are by default affected by this vulnerability. Customers running East Asian language versions of Windows have the affected component present on the system, but are only vulnerable if the Korean language IME is enabled. Customers running any other language version of Windows only need to take action if they have installed and enabled the Korean language IME.

        Note Only the Korean language versions of the listed Office 2003 products are affected, with the exception of Office 2003 Proofing Tools. Customers who have installed the Microsoft Office 2003 Proofing Tools product will need to install this security update even if they did not specifically install the Korean Proofing Tools component. When this security bulletin was issued, the most recent update for non-Korean versions of Microsoft Office 2003 Multilingual User Interface Pack was Microsoft Security Bulletin MS06-003.
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
      • Microsoft Office XP Service Pack Microsoft Office 2000 Service Pack 3
      Revisions:
      • V1.0 (February 14, 2006): Bulletin published.
      • V1.1 (March 8, 2006): Bulletin revised: Executive Summary updated to clarify the criteria for a successful attack, updated the workarounds section to provide clarity for TCP port 4125.

      Released 02/14/06

      MS06-008 Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

        Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

      Released 02/14/06

      MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

        Note The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
      Non-Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

      Released 02/14/06

      MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

      Maximum Severity Rating: Important

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 x64 Edition
      Non-Affected Software:
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Note The security update for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also applies to Microsoft Windows Server R2.

      Released 02/14/06 Updated 3/8/06

      MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

      Maximum Severity Rating: Critical

      Affected Software:
      • Windows Media Player for XP on Microsoft Windows XP Service Pack 1
      • Windows Media Player 9 on Microsoft Windows XP Service Pack 2
      • Windows Media Player 9 on Microsoft Windows Server 2003
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
      Affected Components:
      • Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4
      • Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1
      • Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2
      Non-Affected Software:
      • Windows Media Player 6.4 on all Microsoft Windows operating systems
      • Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition

        Note The Affected Software section applies to Windows Media Player that shipped with a Microsoft Windows operating system. The Affected Components section applies to Windows Media Player that was downloaded and installed onto a Microsoft Windows operating system.

        Note The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2 severity.
      Revisions:
      • V1.0 (February 14, 2006): Bulletin published
      • V1.1 (February 17, 2006): Bulletin updated for the following: What updates does this release replace? and Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by this vulnerability? within the Frequently asked questions (FAQ) related to this security update section. Updated operating systems within Severity Ratings and Vulnerability Identifiers in the Executive Summary section; Revised malicious file name (.wmp to .bmp) under the Vulnerability Details section; Revised finder details in the Acknowledgments section; and additional clarity around the workaround Un-register Quartz.dll in the Workarounds for Windows Media Player section.
      • V1.2 (March 8, 2006): Bulletin revised: Caveats section updated due to new issues discovered with the security update. Users may experience issues when they try to seek, fast rewind, or fast forward in Windows Media Player 10.

      Released 02/14/06

      MS06-004 Cumulative Security Update for Internet Explorer (910620)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      Non-Affected Software:
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition family
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

        Note The bullet points for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
      Affected Components:
      • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4

      Released 01/10/06 Updated: 1/18/06

      MS06-003 Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Office 2000 Service Pack 3

        Microsoft Office 2000 Software:
        • Microsoft Outlook 2000
        • Microsoft Office 2000 MultiLanguage Packs
        • Microsoft Outlook 2000 English MultiLanguage Packs
      • Microsoft Office XP Service Pack 3

        Microsoft Office XP Software:
        • Microsoft Outlook 2002
        • Microsoft Office XP Multilingual User Interface Packs
            Note Multilingual User Interface Packs are for non- English packages.
      • Microsoft Office 2003 Service Pack 1 and Service Pack 2

        Microsoft Office 2003 Software:
        • Microsoft Outlook 2003
        • Microsoft Office 2003 Multilingual User Interface Packs
        • Microsoft Office 2003 Language Interface Packs
            Note Multilingual User Interface Packs are for non- English packages
      • Microsoft Exchange Server
        • Microsoft Exchange Server 5.0 Service Pack 2
        • Microsoft Exchange Server 5.5 Service Pack 4
        • Microsoft Exchange 2000 Server Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
      Non-Affected Software:
      • Microsoft Exchange Server 2003 Service Pack 1
      • Microsoft Exchange Server 2003 Service Pack 2
      Revisions:
      • V1.0 (January 10, 2006): Bulletin published.
      • V1.2 (January 18, 2006): Bulletin revised for the following: Outlook 2003 and Office 2003 Multilingual Packs section under Prerequisites and Additional Update Details section; Office 2003 Service Pack 1 must be installed to install the update. Removed Microsoft Outlook 2000 English MultiLanguage Packs under Affected Software section as this is a duplicate of Microsoft Office 2000 MultiLanguage Packs. Revised Administrative Installation File Information under Outlook 2000 and Office 2000 MultiLanguage Packs, Outlook 2002 and Office XP MultiLanguage Packs and Outlook 2003 and Office 2003 Multilingual User Interface Packs section to provide additional clarity. Added Manual Client Installation Information to the Outlook 2003 and Office 2003 Multilingual User Interface Packs section to provide additional clarification.

      Released 01/10/06

      MS06-002 Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

      Released 01/05/06

      MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

      Maximum Severity Rating: Critical

      Affected Software:
      • Microsoft Windows 2000 Service Pack 4
      • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
      • Microsoft Windows XP Professional x64 Edition
      • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
      • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
      • Microsoft Windows Server 2003 x64 Edition
      • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.



      by MSeng See Profile
      last modified: 2006-12-20 18:14:26

      Notes:
      • All Security Bulletins can be found at the Microsoft Security Bulletin Search.
      • A summary of all Bulletins documented in 2004 can be found in this archived thread - /forum/remark,9068977~mode=flat
        Released 12/13/05

        MS05-055 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        Non-Affected Software:
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 12/13/05

        MS05-054 Cumulative Security Update for Internet Explorer (905915)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows Server 2003 x64 Edition family
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Affected Components:
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
        • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
        • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

        Released 11/8/05

        MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 10/11/05 Updated 11/2/05

        MS05-052 Cumulative Security Update for Internet Explorer (896688)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems,lI>Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Tested Microsoft Windows Components:

        Affected Components:
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
        • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
        • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

        Revisions:
        • V1.0 (October 11, 2005): Bulletin published
        • V1.1 (October 12, 2005): Bulletin updated to revise the log file name, uninstall directory name, and install registry key name for the Internet Explorer Service Pack 1 security update.
        • V1.2 (October 19, 2005): Bulletin updated to revise the install registry key name for the Windows Server 2003 security update.
        • V1.3 (November 2, 2005): Bulletin revised due to new issues discovered with the security update: Microsoft Knowledge Base Article 909889: ActiveX controls may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052) and Microsoft Knowledge Base Article 909738: A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052).

        Released 10/11/05 Updated 10/25/05

        MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Revisions:
        • V1.0 (October 11, 2005): Bulletin published.
        • V1.1 (October 14, 2005): Bulletin revised to advise customers of the availability of Microsoft Knowledge Base Article 909444 which describes a potential issue which may be encountered after installing this update.
        • V1.2 October 25, 2005): Security update replacement revised for MS04-012 on Microsoft Windows 2000. Additionally, mitigating factors for MSDTC Vulnerability (CAN-2005-2119) have been updated to advise customers that that the Microsoft Distributed Transaction Coordinator is not started by default on Windows 2000 Professional.

        Released 10/11/05 Updated 12/13/05

        MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft DirectX 7.0 on Microsoft Windows 2000 with Service Pack 4
        • Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and on Microsoft Windows XP with Service Pack 2
        • Microsoft DirectX 8.1 on Microsoft Windows XP Professional x64 Edition
        • Microsoft DirectX 8.1 on Microsoft Windows Server 2003 and on Microsoft Windows Server 2003 with Service Pack 1
        • Microsoft DirectX 8.1 on Microsoft Windows Server 2003 for Itanium-based Systems and on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft DirectX 8.1 on Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Tested Microsoft Windows Components:

        Affected Components:
        • Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, 8.1b, and 8.2 when installed on Windows 2000 Service Pack 4
        • Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 2000 Service Pack 4
        • Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows XP Service Pack 1,li>Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows Server 2003

        Revisions:
        • V1.0 (October 11, 2005): Bulletin published.
        • V1.1 (October 12, 2005): Bulletin updated to provide additional clarity around DirectX versions in the Affected Software section.
        • V1.2 (October 19, 2005): Bulletin updated for the following: Caveats and FAQ were updated to reflect the available Microsoft Knowledge Base Article 909596 and to clarify a known issue that affected Windows 2000 SP4 customers who were running DirectX. In the "Frequently asked questions (FAQ) related to this security update" section, updated the "What updates does this release replace" question to make it clearer with regards to DirectX and Windows 2000. Added information about Windows XP Professional x64 Edition to the "File Information" section under "Windows XP (all versions)". Revised the "DirectX Standalone" "Registry Key Verification" for all versions.
        • V1.3 (October 21, 2005): Bulletin updated to revise file version under the "Frequently asked questions (FAQ) related to this security update" section for Ive installed the DirectX (KB904706) security update, what version of quartz.dll should I have installed? DirectX Windows 2000 Service Pack 4 versions 7.0 and 9.0.
        • V1.4 (November 8, 2005): Bulletin updated the following: Microsoft has also been made aware that when installing the "Security Update for DirectX 8.1 for Windows XP Service Pack 1 or "Security Update for DirectX 8.1 for Windows 2003" package on a computer that has DirectX 9; the install completes successfully without giving any indication that the computer was not updated. Users running DirectX 9 will still be vulnerable to the issue discussed within MS05-050 until they apply the appropriate package for their DirectX version. In "Frequently asked questions (FAQ) related to this security update" section, updated the "How can I determine whether I am running an updated version of DirectX on my system?" for Windows 2000 SP4 Multi-User Interface (MUI) users.
        • V2.0 (December 13, 2005): Bulletin updated to advise customers that a revised version of the security update is available for Windows 2000 SP4, Windows XP SP1 and Windows 2003, listed in the Affected Software section. Customers that have applied the appropriate version of DirectX on the appropriate version of Windows need not take any action. Customers that may have installed the incorrect DirectX package manually are encouraged to evaluate their systems and re-deploy the correct update to ensure that the correct version of DirectX has been updated. For additional information, see Why did Microsoft update this bulletin on November 9, 2005. in "Frequently asked questions (FAQ) related to this security update" section.

        Released 10/11/05

        MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 10/11/05

        MS05-048 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        • Microsoft Exchange Server 5.5
        • Microsoft Exchange Server 2003
        • Microsoft Exchange Server 2003 Service Pack 1

        Released 10/11/05

        MS05-047 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        Non-Affected Software:
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 10/11/05

        MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        Non-Affected Software:
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        • Windows Services for Netware

        Released 10/11/05 Updated 10/21/05

        MS05-045 Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        Non-Affected Software:
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Revisions:
        • V1.0 (October 11, 2005): Bulletin published.
        • V1.1 (October 21, 2005): Bulletin updated to revise the install registry key name for the Windows Server 2003 security update.

        Released 10/11/05 Updated 10/26/05

        MS05-044 Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Windows XP Service Pack 1
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems

        Affected Components:
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
        Non-Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Non-Affected Components:
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        Revisions:
        • V1.0 (October 11, 2005): Bulletin published
        • V1.1 (October 26, 2005): Bulletin updated to revise the mitigating factors section

        Released 8/9/05 Updated 8/17/05

        MS05-043 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems

        Non-Affected Software:
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Revisions:
        • V1.0 (August 9, 2005): Bulletin published
        • V1.1 (August 17, 2005): Bulletin updated to clarify text provided in the Workarounds section.

        Released 8/9/05

        MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 8/9/05

        MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Windows 2000 Server Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

        Non-Affected Software:
        • Microsoft Windows 2000 Professional Service Pack 4
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 8/9/05

        MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

        Released 8/9/05

        MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 8/9/05

        MS05-038 Cumulative Security Update for Internet Explorer (896727)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

        Affected Components:
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
        • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
        • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

        Released 7/12/05 Updated 7/20/05

        MS05-037 Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Affected Components:
        • JView Profiler
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
        • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
        • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about these operating systems.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about these operating systems.

        Revisions:
        • V1.0 (July 12, 2005): Bulletin published
        • V1.1 (July 20, 2005): Added section in JView Profiler FAQ about how to detect if Javaprxy.dll is on a computer. Updated title in Security Update section to reflect all supported versions of Windows 2000.

        Released 7/12/05 Updated 7/20/05

        MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

        Revisions:
        • V1.0 (July 12, 2005): Bulletin published
        • V1.1 (July 20, 2005): Restart requirement information updated.

        Released 7/12/05

        MS05-035 Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Office 2000 Software Service Pack 3
          • Word 2000
        • Microsoft Office XP Software Service Pack 3
          • Word 2002
        • Microsoft Works Suites:
          • Microsoft Works Suite 2000
          • Microsoft Works Suite 2001
          • Microsoft Works Suite 2002
          • Microsoft Works Suite 2003
          • Microsoft Works Suite 2004
        Non-Affected Software:
        • Microsoft Office 2003 Word
        • Microsoft Office Word 2003 Viewer

        Released 6/14/05

        MS05-034 Cumulative Security Update for ISA Server 2000 (899753)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2

          Note The following software programs include ISA Server 2000. Customers who use these software programs should install the provided ISA Server 2000 security update.
        • Microsoft Small Business Server 2000
        • Microsoft Small Business Server 2003 Premium Edition

        Released 6/14/05 Updated 7/12

        MS05-033 Vulnerability in Telnet Client Could Allow Information Disclosure (896428)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows Services for UNIX 3.5 when running on Windows 2000
        • Microsoft Windows Services for UNIX 3.0 when running on Windows 2000
        • Microsoft Windows Services for UNIX 2.2 when running on Windows 2000
        Non-Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Revisions:
        • V1.0 (June 14, 2005): Bulletin published
        • V1.1 (June 15, 2005): Bulletin Acknowledgments section revised with additional details.
        • V1.2 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.
        • V2.0 (July 12, 2005): Bulletin revised to communicate the availability of security updates for Services for UNIX 2.0 and Services for UNIX 2.1. The Security Update Information section has also be revised with updated information related to the additional security updates.

        Released 6/14/05 Updated 6/29

        MS05-032 Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Revisions:
        • V1.0 (June 14, 2005): Bulletin published
        • V1.1 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.

        Released 6/14/05 Updated 6/15

        MS05-031 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Affected Components:
        • Step-by-Step Interactive Training
        • Step-by-Step Interactive Training when it is running on Itanium-based systems
        • Step-by-Step Interactive Training when it is running on x64-based systems
        Revisions:
        • V1.0 (June 14, 2005): Bulletin published
        • V1.1 (June 15, 2005): Bulletin Acknowledgments section revised with additional details.

        Released 6/14/05

        MS05-030 Cumulative Security Update in Outlook Express (897715)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows Server 2003
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Affected Components:
        • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 3 and on Microsoft Windows 2000 Service Pack 4
        • Outlook Express 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
        • Outlook Express 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Outlook Express 6 for Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Outlook Express 6 for Microsoft Windows Server 2003 for Itanium-based Systems
        • Outlook Express 6 for Microsoft Windows Server 2003
        Non-Affected Software:
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows XP Professional x64 Edition

        • Microsoft Windows XP Service Pack 2

        Released 6/14/05 Updated 7/6

        MS05-029 Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Exchange Server 5.5 Service Pack 4
        Non-Affected Software:
        • Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004.
        • Microsoft Exchange Server 2003
        • Microsoft Exchange Server 2003 Service Pack 1
        Revisions:
        • V1.0 (June 14, 2005): Bulletin published
        • V1.1 (July 6, 2005): Bulletin updated to add /s for the security update without any user intervention command for Exchange Server 5.5 Service Pack 4

        Released 6/14/05

        MS05-028 Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows XP Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        Non-Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 6/14/05 Updated 6/29

        MS05-027 Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        Non-Affected Software:

        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Revisions:
        • V1.0 (June 14, 2005): Bulletin published
        • V1.1 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.

        Released 6/14/05 Updated 6/29

        MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Revisions:
        • V1.0 (June 14, 2005): Bulletin published
        • V1.1 (June 29, 2005): Bulletin Security Update Information section revised with updated details for the Windows XP x64 Professional Edition registry key verification information.

        Released 6/14/05

        MS05-025 Cumulative Security Update for Internet Explorer (883939)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Affected Components:
        • Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
        • Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Internet Explorer 6 for Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and Microsoft Windows XP Professional x64 Edition
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.

        Released 5/10/05

        MS05-024 Vulnerability in Web View Could Allow Remote Code Execution (894320)

        Maximum Severity Rating: Important

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows XP Professional x64 Edition
        • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition

        Released 4/12/05 Updated 4/14

        MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Word 2000 and Microsoft Works Suite 2001
        • Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004
        • Microsoft Office Word 2003
        Revisions:
        • (V1.0 April 12, 2005): Bulletin published
        • (V1.1 April 14, 2005): Bulletin updated to reflect a revised Security Update Information section for the Word 2003 security update

        Released 4/12/05

        MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)

        Maximum Severity Rating: Critical

        Affected Software
        • Affected Software:
        • MSN Messenger 6.2
        Non-Affected Software:
        • MSN Messenger 7.0

        Released 4/12/05 Updated 4/14

        MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Exchange 2000 Server Service Pack 3
        • Microsoft Exchange Server 2003
        • Microsoft Exchange Server 2003 Service Pack 1
        Non-Affected Software:
        • Microsoft Exchange Server 5.5 Service Pack 4
        • Microsoft Exchange Server 5.0 Service Pack 2
        Revisions:
        • V1.0 (April 12, 2005): Bulletin published
        • V1.1 (April 14, 2005): Bulletin updated to point to the correct Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and caveats of workaround Unregister xlsasink.dll and fallback to Active Directory for distribution of route information.

        Released 4/12/05

        MS05-020 Cumulative Security Update for Internet Explorer (890923)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Affected Components:
        • Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
        • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Internet Explorer 6 for Microsoft Windows Server 2003
        • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
        Non-Affected Software:
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows XP Professional x64 Edition

        Released 4/12/05 Updated 6/14

        MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows XP Professional x64 Edition
        Revisions:
        • V1.0 (April 12, 2005): Bulletin published
        • V1.1 (May 11, 2005): Microsoft updated this bulletin today to advise customers that we plan to re-release the MS05-019 security update in June, 2005. Until the re-release of this security update is available, customers experiencing the symptoms described in Microsoft Knowledge Base Article 898060 should follow the documented instructions to address this issue. If you are not experiencing this network connectivity issue we recommend that you install the currently available security update to help protect against the vulnerabilities described in this security bulletin.
        • V2.0 (June 14, 2005): Microsoft updated this bulletin today to advise customers that a revised version of the security update is available. We recommend installing this revised security update even if you have installed the previous version. The revised security update will be available through Windows Update, Software Update Services (SUS), and will be recommended by the Microsoft Baseline Security Analyzer (MBSA).

        Released 4/12/05

        MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

        • Microsoft Windows Server 2003,li>Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows XP Professional x64 Edition

        Released 4/12/05 Updated 4/14

        MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944)

        Maximum Severity Rating: Important

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
        • Microsoft Windows Server 2003 x64 Edition
        • Microsoft Windows XP Professional x64 Edition
        Revisions:
        • V1.0 (April 12, 2005): Bulletin published
        • V1.1 (April 14, 2005): Bulletin updated to reflect an updated Registry Key Verification section for the Windows XP Service Pack 1 security update

        Released 4/12/05

        MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)

        Maximum Severity Rating: Important

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE) Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows Millennium Edition (ME)

        Released 2/8/05 Updated 3/8/05

        MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Revisions:
        • V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 15, 2005): Mitigating factor for ISA 2004 updated.
        • V1.2 (March 8, 2005): Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.

        Released 2/8/05

        MS05-014 Cumulative Security Update for Internet Explorer (867282)

        Maximum Severity Rating: Critical

        Affected Software
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Affected Components:
        • Internet Explorer 5.01 Service Pack 3 (SP3) on Windows 2000 Service Pack 3
        • Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
        • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition: Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
        • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition: Review the FAQ section of this bulletin for details about this version.
        • Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
        • Internet Explorer 6 for Windows Server 2003
        • Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
        • Internet Explorer 6 for Windows XP Service Pack 2

        Released 2/8/05 Updated 2/15/05

        MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        Revisions:
        • V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 15, 2005): Updated the Caveats section to reflect None as there are no caveats associated with this update.

        Released 2/8/05

        MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Exchange 2000 Server Service Pack 3 (uses the Windows OLE component)
        • Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 Service Pack 1 (uses the Windows OLE component)
        • Microsoft Exchange Server 5.0 Service Pack 2 (uses the Windows OLE component)
        • Microsoft Exchange Server 5.5 Service Pack 4 (uses the Windows OLE component)
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.
        • Microsoft Office XP Service Pack 3 (uses the Windows OLE component)

          Microsoft Office XP Service Pack 2 (uses the Windows OLE component)

          Microsoft Office XP Software:
          • Outlook 2002
          • Word 2002
          • Excel 2002
          • PowerPoint 2002
          • FrontPage 2002
          • Publisher 2002
          • Access 2002
        • Microsoft Office 2003 Service Pack 1 (Uses the Windows OLE component)

          Microsoft Office 2003 (Uses the Windows OLE component)

          Microsoft Office 2003 Software:
          • Outlook 2003
          • Word 2003
          • Excel 2003
          • PowerPoint 2003
          • FrontPage 2003
          • Publisher 2003
          • Access 2003
          • InfoPath 2003
          • OneNote 2003

        Released 2/8/05

        MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        Non-Affected Software:
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 2/8/05 Updated 2/23/05

        MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution (885834)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows NT Server 4.0 Service Pack 6a
        • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
        • Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        Non-Affected Software:
        • Microsoft Windows 2000 Professional Service Pack 3 and Microsoft Windows 2000 Professional Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Revisions:
          V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 23, 2005): Bulletin updated to reflect a revised Security Update Information section for Windows Server 2003

        Released 2/8/05 Updated 4/12

        MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP Service Pack 1 and Windows Server 2003)
        • Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems)
        • Microsoft MSN Messenger 6.1
        • Microsoft MSN Messenger 6.2
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

        Non-Affected Software:
        • Windows Media Player 6.4
        • Windows Media Player 7.1
        • Windows Media Player for Windows XP (8.0)
        • Windows Media Player 9 Series for Windows XP Service Pack 2
        • Windows Media Player 10
        • MSN Messenger for Mac
        Affected Components:
        • Microsoft Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1)
        • Microsoft Windows Messenger version 4.7.0.3000 (when running on Windows XP Service Pack 2)
        Revisions:
        • V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 11, 2005): Bulletin updated with information on the mandatory upgrade of vulnerable MSN Messenger clients in the caveat section, as well as changes to the Workarounds for PNG Processing Vulnerability in MSN Messenger CAN-2004-0597
        • V1.2 (February 15, 2005): Bulletin updated with correct file version information for Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to Non-Affected Software list.
        • V2.0 (April 12, 2005): Bulletin updated to announce the availability of an updated package for Microsoft Windows Messenger version 4.7.0.2009 (when running on Windows XP Service Pack 1)

        Released 2/8/05

        MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Review the FAQ section of this bulletin for details about these operating systems.

        Released 2/8/05

        MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)

        Non-Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

        Released 2/8/05 Updated 3/2/05

        MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

        Maximum Severity Rating: Moderate

        Affected Software:
        • Windows SharePoint Services for Windows Server 2003
        • SharePoint Team Services from Microsoft

        Non-Affected Software:
        • Microsoft Windows Server 2003 for Itanium-based Systems
        • SharePoint Portal Server 2003 (all versions)
        • SharePoint Portal Server 2001 (all versions)
        Revisions:
        • V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 15, 2005): Bulletin updated to document information about other software that may include the affected software. SharePoint Portal Server 2003 and Small Business Server 2003 (all versions) include Windows SharePoint Services for Windows Server 2003. Customers using this software should install the available Windows SharePoint Services for Windows Server 2003 security update.

        Released 2/8/05 Updated 3/3/05

        MS05-005 Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Office XP Software Service Pack 3
        • Microsoft Office XP Software Service Pack 2
        • Microsoft Office XP Software:
          • Word 2002
          • PowerPoint 2002
        • Microsoft Project 2002
        • Microsoft Visio 2002
        • Microsoft Works Suite 2002
        • Microsoft Works Suite 2003
        • Microsoft Works Suite 2004
        Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section.

        Non-Affected Software:
        • Microsoft Office 2000
        • Microsoft Office 2003
        Revisions:
        • V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 15, 2005): Bulletin updated to clarify prerequisites under Visio 2002 Update Information.
        • V1.2 (February 23, 2005): Bulletin updated to add an additional FAQ as well as clarify install steps under Update Information.
        • V1.3 (March 3, 2005): Bulletin updated to add a feature list for all products under the Update Information section, Administrative Installation details.

        Released 2/8/05 Updated 6/14/05

        MS05-004 ASP.NET Path Validation Vulnerability (887219)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft .NET Framework 1.0
        • Microsoft .NET Framework 1.1
        Affected Components:
        • ASP.NET
        Revisions:
        • V1.0 (February 8, 2005): Bulletin published
        • V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
        • V1.2 (March 16, 2005): Bulletin Caveats section has been updated to document known issues that customers may experience when installing the available security updates.
        • V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.

        Released 1/11/05

        MS05-003 Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)

        Maximum Severity Rating: Important

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Version 2003
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 64-Bit Edition
        Non-Affected Software:
        • Microsoft Windows NT Server 4.0 Service Pack 6a
        • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
        • Microsoft Windows XP Service Pack 2
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
        Affected Components:
        • Indexing Service

        Released 1/11/05 Updated 4/12

        MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows NT Server 4.0 Service Pack 6a
        • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Version 2003
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 64-Bit Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows XP Service Pack 2
        Revisions:

        • V1.0 (January 11, 2005): Bulletin published
        • V1.1 (January 20, 2005): Updated CAN reference and added acknowledgment to finder for CAN-2004-1305.
        • V1.2 (March 8, 2005): Frequently Asked Questions updated to reflect Windows 98, 98SE and ME security update availability.
        • V2.0 (April 12, 2005): Bulletin updated to advise on the availability of revised security updates for Windows 98, 98SE and ME.

        Released 1/11/05

        MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175)

        Maximum Severity Rating: Critical

        Affected Software:
        • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        • Microsoft Windows XP 64-Bit Edition Service Pack 1
        • Microsoft Windows XP 64-Bit Edition Version 2003
        • Microsoft Windows Server 2003
        • Microsoft Windows Server 2003 64-Bit Edition
        • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) Review the FAQ section of this bulletin for details about these operating systems.
        Non-Affected Software:
        • Microsoft Windows NT Server 4.0 Service Pack 6a
        • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
        Affected Components:
        • Internet Explorer 6.0 Service Pack 1 when installed on Microsoft Windows NT Server 4.0 Service Pack 6a or Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6



        by MSeng See Profile
        last modified: 2006-01-05 18:11:51