Windows XP Service Pack 3
Changelog:
August 15-Added 950974, 951066, 952954, 953838, and 953839. Removed 950759 and 950760.
July 10-Added 951748.
June 27-Initial Release! Added 951698, 951376, 950762, 950760, and 950759. Also added 938127 for IE7.
Legend:
Windows
Internet Explorer 6
Internet Explorer 7
Windows Media Player 9
Windows Media Player 10
Windows Media Player 11
**New Update**
June 2008:
951376 - MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
951698 - MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution
950762 - MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
July 2008:
951748 - MS08-037: Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008
August 2008:
**952954 - MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution**
**951066 - MS08-048: Security Update for Outlook Express and Windows Mail**
**950974 - MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution**
**953839: Cumulative Security Update for ActiveX**
Internet Explorer 6
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!
[b]Internet Explorer 7
938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!
Windows Media Player 9
Nothing yet!
Windows Media Player 10
923689 - MS06-078: Vulnerability in Windows Media Player could allow remote code execution UPDATED JULY 10, 2007!
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution
Windows Media Player 11
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution
-----------------------------------------------------------------------------------------------------------------------------
Windows XP Service Pack 2
Changelog:
August 15-Added 950974, 951066, 952954, 953838, and 953839. Removed 941202, 950759, and 950760.
July 10-Added 951748. Removed 922819 and 941644.
June 27-Added 951698, 951376, 950762, 950760, 950759 and 950749. Removed 948881, 947864, 941568, and 919007.
April 18-Added 941693, 945553, 947864, 948590, and 948881. Removed 938829 and 944533.
March 5-Added 942830, 942831, 944533, 946026, and 947890. Removed 917537, 921503, and 942615
January 10-Added 941644 and 943485. Removed 917953. Fixed typos.
December 16-Added 937894, 941568, 941569, 942615, and 944653. Removed 904706 and 939653. Also added WMP9 updates as that's what's included in XP SP2.
November 16-Added 943460
October 27-Updated 936357 to version 2.
October 10-Added 933729, 939653, and 941202. Removed 937143. Updated Roots Certificate Update.
August 25-Fixed 937413 with correct 937143.
August 14-Added 921503, 936227, 936782, 937413, 938127, 938829, and Windows Script 5.7. Removed 917734, 924191, 929969, 933566, and Windows Script 5.6.
July 11-Added 939373 and 936357. Updated Roots Certificate Update. Removed 885626.
June 20-Added 929123, 933566, 935839, and 935840. Removed 917422, 923694, and 931768.
May 11-Added 931768. Removed 928090.
April 14 (update #2)-Added 935448. Removed 928843.
April 14-Added 925902, 931261, 932168, 930178, and 931784. Removed 896424 and 912919.
March 17-Fixed Technical issues.
February 17-Added 928255, 927802, 928843, 927779, 926436, 924667, 918118, and 928090. Removed 925454, 921398, and 922616
January 10-Added 929969. Removed 925486.
December 19-Added 925454 to IE6 updates. Added 926247, 926255, 923694, and 925398. Added 923689 to WMP10 updates. Removed 922760, 911567, and 920214.
November 17-Added 923980, 922760, 920213, 923789 and 924270. Removed 885835, 890046, 918899, 899589, 921883, 924496 and 913433.
October 10-Added 923191, 924191, 923414. Removed 917159.
September 26-Added 925486.
September 13-Added 919007, 920685, 920872, and 922582.
August 28-Added 887472, 902400, and 913433 (missing) Removed 912817 as it's not high priority.
August 9-Added 917422, 918899, 920214, 920670, 920683, 921398, 921883, and 922616. Removed 916281 and 888113.
Legend:
Windows
Internet Explorer 6
Internet Explorer 7
Windows Media Player 9
Windows Media Player 10
Windows Media Player 11
**New Update**
December 2004:
885836 - MS04-041: A vulnerability in WordPad could allow code execution
873339 - MS04-043: Vulnerability in HyperTerminal could allow code execution
886185: Description of the critical update for Windows Firewall "My Network (subnet) only" scoping in Windows XP Service Pack 2
February 2005:
888302 - MS05-007: Vulnerability in Windows could allow information disclosure
887472 - MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution
891781 - MS05-013: Vulnerability in the DHTML editing component ActiveX control could allow code execution
April 2005:
890859 - MS05-018: Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service
May 2005:
893803: Windows Installer 3.1 (v2) is available
June 2005:
896358 - MS05-026: A vulnerability in HTML Help could allow remote code execution
896428 - MS05-033: Vulnerability in Telnet client could allow information
898461: Software update 898461 installs a permanent copy of the Package Installer for Windows version 6.1.22.4
July 2005:
901214 - MS05-036: Vulnerability in Microsoft Color Management Module could allow remote code execution
August 2005:
893756 - MS05-040: Vulnerability in Telephony service could allow remote code execution
899591 - MS05-041: Vulnerability in Remote Desktop Protocol could allow denial of service
899587 - MS05-042: Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing
896423 - MS05-043: Vulnerability in Print Spooler service could allow remote code execution
October 2005:
905414 - MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service
905749 - MS05-047: Vulnerability in Plug and Play could allow remote code execution and local elevation of privilege
901017/907245 - MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution
900725 - MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code Execution
902400 - MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
December 2005:
910437: When Windows Automatic Updates tries to download updates on a Windows Server 2003-based or Windows XP-based computer, an access violation error may occur
January 2006:
908519 - MS06-002: Vulnerability in Embedded Web Fonts Could Allow Code Execution
February 2006:
911564 - MS06-006: Vulnerability in Windows Media plug-in with non-Microsoft Internet Browsers could allow remote code execution
911927 - MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution
901190 - MS06-009: Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
April 2006:
911562 - MS06-014: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
908531 - MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution
May 2006:
913580 - MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service
June 2006:
918439 - MS06-022: Vulnerability in ART image rendering could allow remote code execution
911280 - MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution
914389 - MS06-030: Vulnerability in Server Message Block Could Allow Elevation of Privilege
916595: Stop error message on a Windows XP-based computer: "STOP 0x000000D1"
July 2006:
914388 - MS06-036: A vulnerability in the DHCP Client Service could allow remote code execution
August 2006:
920683 - MS06-041: Vulnerability in DNS resolution could allow remote code execution
920670 - MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library could allow remote code execution
September 2006:
920685 - MS06-053: Vulnerability in Indexing Service Could Allow Cross-Site Scripting
920872: Audio playback does not play the audio file from the correct position after you pause it, and you randomly receive a Stop error message when you try to play audio files in Windows XP Service Pack 2 (SP2)
922582: Error message when you try to update a Microsoft Windows-based computer: "0x80070002"
October 2006:
923191 - MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution
923414 - MS06-063: Vulnerability in Server Service Could Allow Denial of Service
November 2006:
923980 - MS06-066: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution
920213 - MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
923789 - MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution
924270 - MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution
December 2006:
926247 - MS06-074: Vulnerability in Simple Network Management Protocol (SNMP) could allow remote code execution
926255 - MS06-075: Vulnerability in Windows could allow elevation of privilege
925398 - MS06-078: Vulnerability in Windows Media Player 6.4 could allow remote code execution
February 2007:
928255 - MS07-006: Vulnerability in Windows Shell could allow elevation of privilege
927802 - MS07-007: Vulnerability in Windows Image Acquisition Service could allow elevation of privilege
927779 - MS07-009: Vulnerability in Microsoft Data Access Components could allow remote code execution
926436 - MS07-011: Vulnerability in Microsoft OLE Dialog could allow remote code execution
924667 - MS07-012: Vulnerability in Microsoft Foundation Classes could allow for remote code execution
918118 - MS07-013: Vulnerability in Microsoft RichEdit could allow remote code execution
April 2007:
925902 - MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution
931261 - MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution
932168 - MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
930178 - MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution
931784 - MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
935448: Certain third-party applications may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation"
June 2007:
935840 - MS07-030: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution
929123 - MS07-034: Cumulative Security Update for Outlook Express and Windows Mail
935839 - MS07-035: Vulnerability in Win 32 API Could Allow Remote Code Execution
July 2007:
939373 - MS07-041: Vulnerability in Internet Information Services could allow remote code execution
August 2007:
936227 - MS07-042: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
October 2007:
933729 - MS07-058: Vulnerability in RPC Could Allow Denial of Service
936357: A microcode reliability update is available that improves the reliability of systems that use Intel processors UPDATED October 23 2007!
November 2007:
943460 - MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution
December 2007:
937894 - MS07-065: Vulnerability in Message Queuing Service could allow remote code execution in Windows XP and in Windows 2000
944653 - MS07-067: Vulnerability in Macrovision driver could allow local elevation of privilege
January 2008:
943485 – MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege
February 2008:
942831 - MS08-005: Vulnerability in Internet Information Services could allow elevation of privileges
942830 - MS08-006: Vulnerability in Internet Information Services could allow remote code execution
946026 - MS08-007: Vulnerability in WebDAV Mini-Redirector could allow remote code execution
947890 - MS08-008: A vulnerability in OLE Automation could allow remote code execution
April 2008:
945553 - MS08-020: Vulnerability in DNS Client Could Allow Spoofing
948590 - MS08-021: Vulnerabilities in GDI Could Allow Remote Code Execution
941693 - MS08-025: Vulnerability in Windows Kernel Could Allow Elevation of Privilege
May 2008:
950749 - MS08-028: Vulnerability in the Microsoft Jet Database Engine could allow remote code execution
June 2008:
951376 - MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution
951698 - MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution
950762 - MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
July 2008:
951748 - MS08-037: Description of the security update for DNS in Windows Server 2003, in Windows XP, and in Windows 2000 Server (client side): July 8, 2008
August 2008:
**952954 - MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution**
**951066 - MS08-048: Security Update for Outlook Express and Windows Mail**
**950974 - MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution**
**953839: Cumulative Security Update for ActiveX**
Internet Explorer 6
938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!
Windows Script 5.7.0.16535 direct download link
Internet Explorer 7
938127 - MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
**953838 - MS08-045: Cumulative Security Update for Internet Explorer**
This update replaces previous Cumulative security update for IE 950759
Roots Update direct download link UPDATED September 25 2007!
Windows Script 5.7.0.16535 direct download link
Windows Media Player 9
911564 - MS06-006: Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution
Windows Media Player 10
923689 - MS06-078: Vulnerability in Windows Media Player could allow remote code execution UPDATED JULY 10, 2007!
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution
Windows Media Player 11
936782 - MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569 - MS07-068: Vulnerability in Windows Media file format could allow remote code execution
-----------------------------------------------------------------------------------------------------------------------------
Windows XP Service Pack 1:
Click to view attachment
-----------------------------------------------------------------------------------------------------------------------------
This checked as of August 15, 2008. Please tell me any inaccuracies with high priority updates ONLY.
the_guy
Full Version: Windows XP (all)
I have updated this topic to include Windows XP Service Pack 1. If Anyone finds it too confusing, I will split the topics.
the_guy
the_guy
Wow. Awesome job. I like the month to month breakdown. Props!
Updated with August Patches.
the_guy
the_guy
In the next day or 2 I plan on updating the list. It will remove 912817 and re-add MS05-051. 894391 is replaced by 902400 (have NO idea why it still shows up on WU). 887472 and 913433 will be added in the next update (somehow missed them).
the_guy
the_guy
the_guy
902400 was replaced by 912817
heisking
902400 was replaced by 912817
heisking
heisking
912817 is not a high priority update on WU/MU, so that's why it's being removed.
the_guy
912817 is not a high priority update on WU/MU, so that's why it's being removed.
the_guy
QUOTE (the_guy @ Aug 27 2006, 02:27 AM) 
894391 is replaced by 902400 (have NO idea why it still shows up on WU).
It doesn't show for me. I think you misread OE's post: he was testing with a clean SP2 source. It does happen that Windows Update lists replaced updates along with the newer versions if both are newer than what's installed.
I did. That's what I was getting at.
List will be updated soon.
the_guy
List will be updated soon.
the_guy
I remember there was an optional update (showing on Windows Update!) which replaced a critical update but I don't remember which two updates were involved. So it's possible that Windows Update complains about a missing critical update if you don't include the optional updates from my list.
Ok. Do you know which one?
List is now updated.
the_guy
List is now updated.
the_guy
List updated with September Patches.
the_guy
the_guy
Updated list to add 925486.
the_guy
the_guy
Updated list with October fixes.
the_guy
the_guy
Tomcat, you are still including KB917159 in your XP list, which was replaced with KB923414 in latest updates.
Also, in my list I have KB923996v2, which neither of you two include. I'm confused by KB923996v2 because it can be downloaded from this page, but it links to Microsoft Security Bulletin MS06-042 which refers to KB918899, an IE cumulative fix.
Let me know what you guys think. Thanks.
Also, in my list I have KB923996v2, which neither of you two include. I'm confused by KB923996v2 because it can be downloaded from this page, but it links to Microsoft Security Bulletin MS06-042 which refers to KB918899, an IE cumulative fix.
Let me know what you guys think. Thanks.
Regarding KB923996-v2: Microsoft is notoriously inaccurate with many of their web pages. MS06-042 is definitely for KB918899. KB923996 was not released in any security update cycle AFAIK. Ignore it 
.
@Tomcat, saugatak is correct in regards to KB917159 (MS06-035). It was replaced by KB923414 (MS06-063).
(Unfortunately, this was posted in the wrong place so I need to move it)
.@Tomcat, saugatak is correct in regards to KB917159 (MS06-035). It was replaced by KB923414 (MS06-063).
(Unfortunately, this was posted in the wrong place so I need to move it)
Thanks
hi the_guy! i know it has been requested already before but would it be okay if all those replaced HFs by which HFs be included here (even those for WMP)? it would truly be helpful to prevent slipstreaming unnecessary HFs in HF directory. thanks a lot!
you lost me. Could you please clarify?
the_guy
the_guy
ha! ha! due to the HFs! 
if i recall it right, there was already someone who requested to kindly include those hotfixes that are no longer needed/superceded & by which hotfix overwrites it ... (even the older ones) 
thanks!
if i recall it right, there was already someone who requested to kindly include those hotfixes that are no longer needed/superceded & by which hotfix overwrites it ... (even the older ones) thanks!
I kind of know what you're talking about, but the only method would be to ensure that none of the fixes in your HF folder aren't in a list.
the_guy
the_guy
Updated list with November fixes.
the_guy
the_guy
@the_guy
Is KB925398 needed for Windows XP SP2 when WMP11 and WMF11 are installed? Automatic Updates still downloaded this hotfix when it updated my computer today.
Is KB925398 needed for Windows XP SP2 when WMP11 and WMF11 are installed? Automatic Updates still downloaded this hotfix when it updated my computer today.
Yes it is. WMP6.4 is still installed even if you install WMP9/10/11.
the_guy
the_guy
List updated with December fixes.
the_guy
the_guy
Hmmm...why is XP SP1a now "obsolete"?
I know support for it ended, but I thought HFSLIP would still support it. By that I mean Tomcat76 removed the link to SP1a on hfslip.org and stopped updating his hotfix list for it.
I know support for it ended, but I thought HFSLIP would still support it. By that I mean Tomcat76 removed the link to SP1a on hfslip.org and stopped updating his hotfix list for it.
List updated for January 2007 updates.
the_guy
the_guy
List updated with February 2007 updates.
the_guy
the_guy
Thank you, dziubek. Microsoft also released an out-of-cycle security update yesterday to patch the vulnerability in Windows Animated Cursor (.ANI) handling.
Microsoft Security Bulletin MS07-017 (KB925902)
Microsoft Security Bulletin MS07-017 (KB925902)
QUOTE (Super-Magician @ Apr 4 2007, 05:18 PM)
Thank you, dziubek. Microsoft also released an out-of-cycle security update yesterday to patch the vulnerability in Windows Animated Cursor (.ANI) handling.
Microsoft Security Bulletin MS07-017 (KB925902)
Microsoft Security Bulletin MS07-017 (KB925902)
It looks like it replaces:
KB896424 MS05-053 Vulnerabilities in graphics rendering engine
and
KB912919 MS06-001 Vulnerability in graphics rendering engine
Yes, that is true, PVU.
List updated with April fixes.
the_guy
the_guy
thanks for the update tg ... actually forgot about apr updates ... all free downloads ... no genuine check required?
Apparantly not. The Realtek Control Panel hotfix was WGA-protected, but it depended on the URL. It was strange because the only difference I could notice was uppercase vs. lowercase. Either way, both URLs are now giving you the non-WGA download.
The list is now updated to include KB935448 as I feel it's necessary.
the_guy
the_guy
Update for Windows XP (KB935843)
Install this update to resolve an issue where you receive a 0x0000007f Stop error after installing security update KB925902 (MS07-017).
Install this update to resolve an issue where you receive a 0x0000007f Stop error after installing security update KB925902 (MS07-017).
I get the feeling that Microsoft might not have fully tested KB925902 before releasing it. That KB article makes 2 fixes for the XP patch and 1 for the 2000 patch. I'll stick it in this weekend.
the_guy
the_guy
QUOTE (the_guy @ Apr 19 2007, 03:23 PM)
I get the feeling that Microsoft might not have fully tested KB925902 before releasing it. That KB article makes 2 fixes for the XP patch and 1 for the 2000 patch. I'll stick it in this weekend.
the_guy
the_guy
guy, I looked into both HF (Win2K) executables. Very similar. The article didn't indicate that KB935843 replaces KB925902 (which seems strange given the contents). Can KB935843 replace KB925902? If not, I wonder why they didn't do a KB925902 v2.
KB925902 installs 4 files, but KB935483 just installs 1.
the_guy
the_guy
Update for Windows XP (KB930916) (Validation Required)
This is a reliability update. Install this update to resolve an issue where a third-party driver installed on a computer that is running Windows XP may prevent you from opening files successfully on a NTFS file system volume.
This is a reliability update. Install this update to resolve an issue where a third-party driver installed on a computer that is running Windows XP may prevent you from opening files successfully on a NTFS file system volume.
tried several times ... this is what i got:
EDIT: got it now ... thanks!
QUOTE
The download you requested is unavailable. If you continue to see this message when trying to access this download, go to the "Search for a Download" area on the Download Center home page.
... i'll try again laterEDIT: got it now ...
thanks!
QUOTE (dziubek @ Apr 24 2007, 09:09 PM)
Update for Windows XP (KB930916) (Validation Required)
This is a reliability update. Install this update to resolve an issue where a third-party driver installed on a computer that is running Windows XP may prevent you from opening files successfully on a NTFS file system volume.
This is a reliability update. Install this update to resolve an issue where a third-party driver installed on a computer that is running Windows XP may prevent you from opening files successfully on a NTFS file system volume.
A day later, and still no KB Article.
Is there a difference between XP SP2 updates and XP SP2 Corporate ?
QUOTE (Marsianin @ May 8 2007, 01:09 AM)
Is there a difference between XP SP2 updates and XP SP2 Corporate ?
Update-wise, there are no differences. The same updates exist for XP SP2 and XP SP2 "corporate." The so-called "corporate" edition is simply volume license; however, keep in mind of course that the media (source) for both editions is different.
QUOTE (dziubek @ May 8 2007, 01:56 PM)
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Cumulative Update for Internet Explorer (KB931768)
Cumulative Update for Internet Explorer (KB931768)
KB931768 replaces KB928090. Same for Win2K Pro.
These are the only 2 May updates for XP (and 2K Pro).
I will also be adding the DNS fix for 2000, with a note that it's server-only.
the_guy
the_guy
List updated with May 2007 fixes.
the_guy
the_guy
CLEANUP
Please post only content relevant to the_guy's list in this thread. Thank you.
Please post only content relevant to the_guy's list in this thread. Thank you.
List updated with June updates.
the_guy
the_guy
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.