 | ||||
Post-SP2 Critical Updates for WindowsXP
Note that the files available in the "Download Now" links on this page are for the | ||||
| ||||
Service Pack 2 For Windows XP Download Now or Order A Free Service Pack 2 Update CD | ||||
| ||||
1.) | A coding error in the Http.sys file causes stack corruption | |||
| ||||
2.) | The way that some dialing software configures routing tables, Windows Firewall in Windows XP SP2 can sometimes interpret the whole Internet to be a local subnet After you set up Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that anyone on the Internet can access resources on your computer when you use a dial-up connection to connect to the Internet (886185) | |||
| ||||
3.) | Security Bulletin MS04-041 | |||
| ||||
4.) | Security Bulletin MS04-043 Vulnerability in HyperTerminal Could Allow Code Execution (873339) | |||
| ||||
| 5.) | Security Bulletin MS04-044 Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) | |||
| ||||
| 6.) | Cumulative Update for Outlook Express for Windows XP* This non-security update helps resolve various issues found in Outlook Express (KB887797) [This isn't a Critical Security Update, but if you use Outlook Express it is recommended] * - 5 of the 7 Resolutions must be manually enabled, follow the link above for more information. (HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Outlook Express does not exist in Windows XP Home Edition so the steps involving this key don't need to be done if running XPHE.) [Courtesy of Robear Dyer MS-MVP (PA Bear)] | |||
| ||||
| 7.) | Security Bulletin MS05-004 ASP.NET Path Validation Vulnerability (887219) Check to see if the .NET Framework is installed. If not and you want it, or you are running a version older than 1.1, then download the .NET Framework Version 1.1 Redistributable Package, and then download the MS05-004/KB886903 Patch, OR you could just download and install the .NET Framework Version 2.0 Redistributable Package and skip the MS05-004/KB886903 Patch totally. | |||
| ||||
| 8.) | Security Bulletin MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302) | |||
| 9.) | Security Bulletin MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) This only affects those that have not removed Windows Messenger and are running a Windows Messenger version prior to 5.1, and/or have downloaded MSN Messenger prior to version 7. The fix for these vulnerabilities is to download the latest versions of Windows and/or MSN Messenger. Previous versions of Windows Media Player are also vulnerable to PNG processing error, however not the Version 9 that is installed with SP2, but there is a version 10 which is also unaffected by this vulnerability. This is an optional download. | |||
| ||||
10.) | Security Bulletin MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) | |||
| ||||
11.) | Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) | |||
| ||||
12.) | Security Bulletin MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) | |||
| ||||
| Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) | |||
| ||||
14.) | Windows Installer 3.1 (v2) is available (893803) Windows Installer 3.1 is a minor update to Windows Installer 3.0 that was released in September 2004. Windows Installer 3.1 contains new and enhanced functionality. Additionally, Windows Installer 3.1 addresses some issues that were found in Windows Installer 3.0. | |||
| ||||
15.) | Security Advisory (892313) Default Setting in Windows Media Player versions 9 & 10 Digital Rights Management Could Allow a User to Open a Web Page Without Requesting Permission [MS does not rate this as a security vulnerability] Windows Media Player 9 Patch Download Windows Media Player 10 Patch Download | |||
| ||||
16.) | Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) | |||
| ||||
17.) | Security Bulletin MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution (896358) | |||
| ||||
18.) | Security Bulletin MS05-027 Vulnerability in Server Message Block Could Allow Remote Code Execution (896422) | |||
| ||||
19.) | Security Bulletin MS05-031 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) | |||
| ||||
20.) |
Security Bulletin MS05-032 Vulnerability in Microsoft Agent Could Allow Spoofing (890046) | |||
| ||||
21.) | Security Bulletin MS05-033 Vulnerability in Telnet Client Could Allow Information Disclosure (896428) | |||
| ||||
22.) | Package Installer for Windows version 6.1.22.4 The Package Installer for Windows is used to install software updates for Microsoft Windows operating systems and for other Microsoft products. Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4 on the computer so that subsequent software updates can have a significantly smaller download size. (898461) | |||
| ||||
23.) | Security Bulletin MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) | |||
| ||||
24.) | Multiple Outlook Express Issues In Windows XP SP2 This update addresses an issue in which messages are incorrectly handled if the Subject line in an e-mail message contains the word "begin." This update also addresses an issue in which the default news server account is displayed when users reply to "watched" conversation threads from multiple computers. Additionally, this update addresses two issues in which Outlook Express stops responding. This is not a critical security update, but it is recommended for those that use Outlook Express. (900930) | |||
| ||||
25.) | Security Bulletin MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution (893756) | |||
| ||||
26.) | Security Bulletin MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591) | |||
| ||||
27.) | Security Bulletin MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587) | |||
| ||||
28.) | Security Bulletin MS05-043 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) | |||
| ||||
29.) |
Security Bulletin MS05-045 Vulnerability in Network Connection Manager Could Allow Denial of Service (905414) | |||
| ||||
30.) |
Security Bulletin MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) | |||
| ||||
31.) |
Security Bulletin MS05-047 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749) | |||
| ||||
32.) |
Security Bulletin MS05-048 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245) | |||
| ||||
33.) |
Security Bulletin MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) | |||
| ||||
34.) |
Security Bulletin MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706) | |||
|
||||
35.) |
Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) |
|||
|
||||
36.) |
Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) |
|||
|
||||
37.) |
Security Bulletin MS05-053 Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) |
|||
|
||||
38.) |
Monthly Malicious Software Removal Tool Malicious Software Removal Tool checks Windows XP computers for and helps remove infections by specific, prevalent malicious software - including Blaster, Sasser, and Mydoom (890830) |
|||
| ||||
| ||||