Windows XP Service Pack 3

Changelog:
August 15-Added 950974, 951066, 952954, 953838, and 953839. Removed 950759 and 950760.
July 10-Added 951748.
June 27-Initial Release! Added 951698, 951376, 950762, 950760, and 950759. Also added 938127 for IE7.

Legend:
Windows
Internet Explorer 6
Internet Explorer 7
Windows Media Player 9
Windows Media Player 10
Windows Media Player 11
**New Update**

June 2008:
951376 - MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
951698 - MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution
950762 - MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service

July 2008:
951748 - MS08-037: Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008

August 2008:
**952954 - MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution**
**951066 - MS08-048: Security Update for Outlook Express and Windows Mail**
**950974 - MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution**
**953839: Cumulative Security Update for ActiveX**

Internet Explorer 6
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!

[b]Internet Explorer 7
938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!

Windows Media Player 9
Nothing yet!

Windows Media Player 10
923689 - MS06-078: Vulnerability in Windows Media Player could allow remote code execution UPDATED JULY 10, 2007!
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

Windows Media Player 11
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

-----------------------------------------------------------------------------------------------------------------------------

Windows XP Service Pack 2

Changelog:
August 15-Added 950974, 951066, 952954, 953838, and 953839. Removed 941202, 950759, and 950760.
July 10-Added 951748. Removed 922819 and 941644.
June 27-Added 951698, 951376, 950762, 950760, 950759 and 950749. Removed 948881, 947864, 941568, and 919007.
April 18-Added 941693, 945553, 947864, 948590, and 948881. Removed 938829 and 944533.
March 5-Added 942830, 942831, 944533, 946026, and 947890. Removed 917537, 921503, and 942615
January 10-Added 941644 and 943485. Removed 917953. Fixed typos.
December 16-Added 937894, 941568, 941569, 942615, and 944653. Removed 904706 and 939653. Also added WMP9 updates as that's what's included in XP SP2.
November 16-Added 943460
October 27-Updated 936357 to version 2.
October 10-Added 933729, 939653, and 941202. Removed 937143. Updated Roots Certificate Update.
August 25-Fixed 937413 with correct 937143.
August 14-Added 921503, 936227, 936782, 937413, 938127, 938829, and Windows Script 5.7. Removed 917734, 924191, 929969, 933566, and Windows Script 5.6.
July 11-Added 939373 and 936357. Updated Roots Certificate Update. Removed 885626.
June 20-Added 929123, 933566, 935839, and 935840. Removed 917422, 923694, and 931768.
May 11-Added 931768. Removed 928090.
April 14 (update #2)-Added 935448. Removed 928843.
April 14-Added 925902, 931261, 932168, 930178, and 931784. Removed 896424 and 912919.
March 17-Fixed Technical issues.
February 17-Added 928255, 927802, 928843, 927779, 926436, 924667, 918118, and 928090. Removed 925454, 921398, and 922616
January 10-Added 929969. Removed 925486.
December 19-Added 925454 to IE6 updates. Added 926247, 926255, 923694, and 925398. Added 923689 to WMP10 updates. Removed 922760, 911567, and 920214.
November 17-Added 923980, 922760, 920213, 923789 and 924270. Removed 885835, 890046, 918899, 899589, 921883, 924496 and 913433.
October 10-Added 923191, 924191, 923414. Removed 917159.
September 26-Added 925486.
September 13-Added 919007, 920685, 920872, and 922582.
August 28-Added 887472, 902400, and 913433 (missing) Removed 912817 as it's not high priority.
August 9-Added 917422, 918899, 920214, 920670, 920683, 921398, 921883, and 922616. Removed 916281 and 888113.

Legend:
Windows
Internet Explorer 6
Internet Explorer 7
Windows Media Player 9
Windows Media Player 10
Windows Media Player 11
**New Update**

December 2004:
885836 - MS04-041: A vulnerability in WordPad could allow code execution
873339 - MS04-043: Vulnerability in HyperTerminal could allow code execution
886185: Description of the critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2

February 2005:
888302 - MS05-007: Vulnerability in Windows could allow information disclosure
887472 - MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution
891781 - MS05-013: Vulnerability in the DHTML editing component ActiveX control could allow code execution

April 2005:
890859 - MS05-018: Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service

May 2005:
893803: Windows Installer 3.1 (v2) is available

June 2005:
896358 - MS05-026: A vulnerability in HTML Help could allow remote code execution
896428 - MS05-033: Vulnerability in Telnet client could allow information
898461: Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4

July 2005:
901214 - MS05-036: Vulnerability in Microsoft Color Management Module could allow remote code execution

August 2005:
893756 - MS05-040: Vulnerability in Telephony service could allow remote code execution
899591 - MS05-041: Vulnerability in Remote Desktop Protocol could allow denial of service
899587 - MS05-042: Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing
896423 - MS05-043: Vulnerability in Print Spooler service could allow remote code execution

October 2005:
905414 - MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service
905749 - MS05-047: Vulnerability in Plug and Play could allow remote code execution and local elevation of privilege
901017/907245 - MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution
900725 - MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code Execution
902400 - MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution

December 2005:
910437: When Windows Automatic Updates tries to download updates on a Windows Server 2003-based or Windows XP-based computer, an access violation error may occur

January 2006:
908519 - MS06-002: Vulnerability in Embedded Web Fonts Could Allow Code Execution

February 2006:
911564 - MS06-006: Vulnerability in Windows Media plug-in with non-Microsoft Internet Browsers could allow remote code execution
911927 - MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution
901190 - MS06-009: Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege

April 2006:
911562 - MS06-014: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
908531 - MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution

May 2006:
913580 - MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service

June 2006:
918439 - MS06-022: Vulnerability in ART image rendering could allow remote code execution
911280 - MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution
914389 - MS06-030: Vulnerability in Server Message Block Could Allow Elevation of Privilege
916595: Stop error message on a Windows XP-based computer: "STOP 0x000000D1"

July 2006:
914388 - MS06-036: A vulnerability in the DHCP Client Service could allow remote code execution

August 2006:
920683 - MS06-041: Vulnerability in DNS resolution could allow remote code execution
920670 - MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library could allow remote code execution

September 2006:
920685 - MS06-053: Vulnerability in Indexing Service Could Allow Cross-Site Scripting
920872: Audio playback does not play the audio file from the correct position after you pause it, and you randomly receive a Stop error message when you try to play audio files in Windows XP Service Pack 2 (SP2)
922582: Error message when you try to update a Microsoft Windows-based computer: "0x80070002"

October 2006:
923191 - MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution
923414 - MS06-063: Vulnerability in Server Service Could Allow Denial of Service

November 2006:
923980 - MS06-066: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution
920213 - MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
923789 - MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution
924270 - MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution

December 2006:
926247 - MS06-074: Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution
926255 - MS06-075: Vulnerability in Windows could allow elevation of privilege
925398 - MS06-078: Vulnerability in Windows Media Player 6.4 could allow remote code execution

February 2007:
928255 - MS07-006: Vulnerability in Windows Shell could allow elevation of privilege
927802 - MS07-007: Vulnerability in Windows Image Acquisition Service could allow elevation of privilege
927779 - MS07-009: Vulnerability in Microsoft Data Access Components could allow remote code execution
926436 - MS07-011: Vulnerability in Microsoft OLE Dialog could allow remote code execution
924667 - MS07-012: Vulnerability in Microsoft Foundation Classes could allow for remote code execution
918118 - MS07-013: Vulnerability in Microsoft RichEdit could allow remote code execution

April 2007:
925902 - MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution
931261 - MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution
932168 - MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
930178 - MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution
931784 - MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
935448: Certain third-party applications may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation"

June 2007:
935840 - MS07-030: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution
929123 - MS07-034: Cumulative Security Update for Outlook Express and Windows Mail
935839 - MS07-035: Vulnerability in Win 32 API Could Allow Remote Code Execution

July 2007:
939373 - MS07-041: Vulnerability in Internet Information Services could allow remote code execution

August 2007:
936227 - MS07-042: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

October 2007:
933729 - MS07-058: Vulnerability in RPC Could Allow Denial of Service
936357: A microcode reliability update is available that improves the reliability of systems that use Intel processors UPDATED October 23 2007!

November 2007:
943460 - MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution

December 2007:
937894 - MS07-065: Vulnerability in Message Queuing Service could allow remote code execution in Windows XP and in Windows 2000
944653 - MS07-067: Vulnerability in Macrovision driver could allow local elevation of privilege

January 2008:
943485 – MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege

February 2008:
942831 - MS08-005: Vulnerability in Internet Information Services could allow elevation of privileges
942830 - MS08-006: Vulnerability in Internet Information Services could allow remote code execution
946026 - MS08-007: Vulnerability in WebDAV Mini-Redirector could allow remote code execution
947890 - MS08-008: A vulnerability in OLE Automation could allow remote code execution

April 2008:
945553 - MS08-020: Vulnerability in DNS Client Could Allow Spoofing
948590 - MS08-021: Vulnerabilities in GDI Could Allow Remote Code Execution
941693 - MS08-025: Vulnerability in Windows Kernel Could Allow Elevation of Privilege

May 2008:
950749 - MS08-028: Vulnerability in the Microsoft Jet Database Engine could allow remote code execution

June 2008:
951376 - MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
951698 - MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution
950762 - MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service

July 2008:
951748 - MS08-037: Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008

August 2008:
**952954 - MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution**
**951066 - MS08-048: Security Update for Outlook Express and Windows Mail**
**950974 - MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution**
**953839: Cumulative Security Update for ActiveX**

Internet Explorer 6
938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!
Windows Script 5.7.0.16535 direct download link

Internet Explorer 7
938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!
Windows Script 5.7.0.16535 direct download link

Windows Media Player 9
911564 - MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

Windows Media Player 10
923689 - MS06-078: Vulnerability in Windows Media Player could allow remote code execution UPDATED JULY 10, 2007!
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

Windows Media Player 11
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution

-----------------------------------------------------------------------------------------------------------------------------

Windows XP Service Pack 1:

 SP1.htm ( 96.67K ) Number of downloads: 191


-----------------------------------------------------------------------------------------------------------------------------

This checked as of August 15, 2008. Please tell me any inaccuracies with high priority updates ONLY.

the_guy

This post has been edited by the_guy: Aug 15 2008, 09:07 AM

I have updated this topic to include Windows XP Service Pack 1. If Anyone finds it too confusing, I will split the topics.

the_guy

Wow. Awesome job. I like the month to month breakdown. Props!

Updated with August Patches.

the_guy

In the next day or 2 I plan on updating the list. It will remove 912817 and re-add MS05-051. 894391 is replaced by 902400 (have NO idea why it still shows up on WU). 887472 and 913433 will be added in the next update (somehow missed them).

the_guy

the_guy

902400 was replaced by 912817

heisking

heisking

912817 is not a high priority update on WU/MU, so that's why it's being removed.

the_guy

It doesn't show for me. I think you misread OE's post: he was testing with a clean SP2 source. It does happen that Windows Update lists replaced updates along with the newer versions if both are newer than what's installed.

I did. That's what I was getting at.

List will be updated soon.

the_guy

I remember there was an optional update (showing on Windows Update!) which replaced a critical update but I don't remember which two updates were involved. So it's possible that Windows Update complains about a missing critical update if you don't include the optional updates from my list.

Ok. Do you know which one?

List is now updated.

the_guy

List updated with September Patches.

the_guy

Updated list to add 925486.

the_guy