Updating of this page will be discontinued from now on. I am really sorry for that but this is a necessary step, for a number of reasons, including serious time constraints as I am engaged in a number of professional activities & projects.

Getting the Hotfixes, Method 3, Windows Update Catalog
How to download updates and drivers from the Windows Update Catalog

excluded from selection


not available through Windows Update Catalog


Some updates have been superseeded but not removed from download. ie, you will find in the log file many 'Cumulative Security Update for Internet Explorer'. Keep only the most recent.

Summary:
required tools:
SetEnv
Lilles Lasteprogram A/S v2.0
NirCmd v1.85

• copy SetEnv.exe LileDL.exe and NirCmd.exe to %SystemRoot%\System32 folder.
• save "Windows_Update.log" file in %SystemRoot% folder.
• Copy HFSlip dir path to clipboard (from the 'full path in the address bar' in explorer)
• Click the Start button, and then click Run.
  In the Run dialog box, in the Open box, paste the command below, and then click OK.
  
  QUOTE
  nircmd.exe exec hide setenv /v HFSlip "~$clipboard$"
• Click the Start button, and then click Run.
  In the Run dialog box, in the Open box, paste the command below, and then click OK.
  
  QUOTE
  nircmd.exe execmd for /f "tokens=1-8*" %a in ('type "%SystemRoot%\Windows_Update.log" ^|findstr /i /l /c:"Downloaded file"') do echo.%h>>%HFslip%\ws03full.txt
• Click the Start button, and then click Run.
  In the Run dialog box, in the Open box, paste the command below, and then click OK.
  
  QUOTE
  lilleDL.exe --disable_save_dialog --default_dir:"%HFSLIP%\HF" --load_queue_file:%HFslip%\ws03full.txt --minimize --start_queue

Security Releases on Windows Update Quick Details:

December 12th, 2006 new

November 20th, 2006 +3 new, +1 new for MSXML4, +1 new for MSXML6

October 10th, 2006 +5 new, +1 new for NDP20

September 27th, 2006 +1 Critical OutofCycle Security Bulletin released

September 12th, 2006 +1 new, +2 re-released

August 8th, 2006 +8 new

July 11th, 2006 +3 new, +1 re-released, +1 new for NDP20

June 13th, 2006 +7 new

May 9th, 2006 +0 new

April 11th, 2006 +5 new

March 14th, 2006 +0 new

February 14th, 2006 +3 new, +1 new for WindowsMedia

January 5th and January 10th, 2006 +2 new

November 2005
MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
Update: When Windows Automatic Updates tries to download updates on a Windows Server 2003-based or Windows XP-based computer, an access violation error may occur (910437)

October 2005
MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
MS05-048: Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
Note: 907245 MS05-048 = WindowsServer2003-KB901017-x86-ENU.exe adding more confusion...
MS05-049: Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
MS05-050: Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
MS05-052: Cumulative security update for Internet Explorer (896688)
This update replaces previous Cumulative security update for IE 896727 and includes 903235

September 2005
Non-Affected Software

August 2005
MS05-039: Vulnerability in Plug and Play could allow remote code execution and elevation of privilege (899588)
MS05-040: Vulnerability in Telephony service could allow remote code execution (893756)
MS05-041: Vulnerability in Remote Desktop Protocol could allow denial of service (899591)
MS05-042: Vulnerabilities in Kerberos could allow denial of service, information disclosure, and spoofing (899587)

July 2005
MS05-036: Vulnerability in Microsoft Color Management Module could allow remote code execution (901214)
MS05-037: Vulnerability in JView Profiler could allow remote code execution (903235) superceeded by 896727

June 2005
MS05-026: A vulnerability in HTML Help could allow remote code execution (896358)
MS05-027: Vulnerability in Server Message Block could allow remote code (896422)
MS05-032: Vulnerability in Microsoft agent could allow spoofing (890046)
MS05-033: Vulnerability in Telnet client could allow information (896428)

May 2005
An update for Windows Installer 3.1 is available for Windows Server 2003 SP1 (898715)

April 2005
Windows Server 2003 Service Pack 1 (SP1) (889101)

+--------------------------------------------------------------------------------------------------------------------------+
Recommended Updates

These updates are not critical to your computer's security or performance but they can improve how some features, programs, or devices work.

Microsoft Base Smart Card Crypto Provider Package: x86 (KB909520) - (Posted Date: November 18, 2005)
Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP.

Microsoft .NET Framework 2.0: x86 (KB829019) - (Posted Date: November 04, 2005)
The .NET Framework version 2.0 improves scalability and performance with improved caching, application deployment and updating with ClickOnce, and support for the broadest array of browsers and devices with ASP.NET 2.0 controls and services.

Update for Windows Server 2003 (KB904942) - (Posted Date: May 19, 2006)
Install this update to resolve HTTP authentication issues in Windows-based systems that do not appear until Microsoft Internet Explorer 7 is installed.

Update for Windows Server 2003 (KB912945) - (Posted Date: February 26, 2006)
This update includes minor changes to how Internet Explorer handles some web pages that use Microsoft ActiveX controls. Certain webpages will require users to manually activate Active X controls by clicking on it or using the TAB key and ENTER key. This update contains all previously released security updates.

+--------------------------------------------------------------------------------------------------------------------------+
Windows Update Agent 2.0
build: 5.8.0.2469
WUA API required for accessing Microsoft Windows Update V6
+--------------------------------------------------------------------------------------------------------------------------+

Security updates are available on ISO-9660 CD image files from the Microsoft Download Center

@Bilou_Gateux - Thanks for the post. I stickied it. Keep up the good work as always.

@Bilou_Gateaux, is there a post SP1 update to Win2kServer that has the latest NTDETECT.COM or ntldr?

thanks for the list, i'll certainly use it

Getting the Hotfixes, Method 4, HFNetChk

The Microsoft Baseline Security Analyzer (MBSA) also scans and reports common security-related misconfigurations and can help you install missing security updates for Windows-based computers.


+--------------------------------------------------------------+
Integrate and slipstream Security Updates above:
download all HFs: Windows Update Catalog
HF Integrate Phase 1 batch: HF1.cmd requires hiveupd.cmd to output hivesft.txt and hivecls.txt
extract HFs and integrate files into source
HF Slipstream Phase 2 batch: HFINT.cmd
compress updated binaries into source using Microsoft autogenerated i386\svcpack\HFINT.DAT
(not done) Phase 3 batch used to merge hivesft.txt and hivecls.txt:
all registry additions are being handled within hivesft.inf and hivecls.inf: Insert text into existing .inf with gsar and sed. Do various edit to TXTSETUP.SIF and DOSNET.INF
+--------------------------------------------------------------+

Windows Update Agent 2.0
Install Method 1: SVCPACK.INF

Install Method 2: slipstreaming into source
EDIT: integrated in HFSLIP. This method is only for educational purpose.
I have written a small batch wuagnt20.cmd which download required files and slipstream into source.
Edit the file, search ::Initialize variables section,
set variable CDROOT = correct_path,
set variable DOWNLOADER = correct_path_to_exe,
save as without .txt extension



How can I create a Windows Server 2003 bootable CD-ROM that has Service Pack 1 (SP1) slipstreamed into it?

Actually, 901017 is the Windows vulnerability. 907245 is the same thing, but it is confusing. 906780 is for Exchange. They all use MS05-048. It is the same vulnerability.

Confusing, true.

the_guy

The link to 899587 in the list actually goes to 899591... needs a quick correction on the href.

Last update August 9, 2005



Manual download from a pick list: due to lack of time, won't be updated
Step by step:

• download Two Pilots dPilot™ - friendly user interface for GNU WGet downloader.
• download attached file and owerwrite products.txt in dPilot folder.
• launch dPilot. On 3rd tab, CLICK on the "Refresh info" button: WS03 updated list will be downloaded from my web space.
• pick Microsoft updates from the list and start downloading...

In the dPilot folder, you need the following files:
wget.exe 1.8.1 (included in Two Pilots distro)
gpl.txt (included in Two Pilots distro)
help.txt (included in Two Pilots distro)
products.txt (included in Two Pilots distro)
replace original dpilot.exe with special compiled version. post #6 here. Credits to dman. or right-click here and Save
as dPilot.exe (without the .txt extension).
This one use my own web space URL to check current version.txt and download products.txt file.

Microsoft Security Response Center Blog

January, 2006
Microsoft now releases ISO-9660 CD image files that contain all the security and critical updates that are released on the Microsoft Windows Update Web site for Windows and for other Microsoft products. The ISO image files are released at the same time as security and critical updates are released on the Windows Update Web site.

The ISO image files are intended for corporate administrators who:
Manage large multinational organizations.
Must download multiple individual language versions of each security update.
Do not use an automated solution such as Microsoft Windows Server Update Services (WSUS).
By using the ISO image files, administrators can download multiple updates in all languages at the same time.

More information: Security updates available on ISO-9660 image files

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Bilou_Gateux, I will like to thank you. Two things; this this is exactly what I been looking for. I'm a no0b at networking but I am driven to excel! So I learned how to slipstream SP1 in the i386 folder so now it's for updates and SQL Server, MXE, and the whole works!

This post rocks! =)

SwiftNomad

Thanks for the great list... however:
MS06-008: Vulnerability in Web Client Service Could Allow Remote Code Execution (911127)
should point to KB911927 (not 911127)

A tip of the hat to tadc (and Tomcat76 per PM) for pointing this error out.
Correction done!

Anyone know which of these hotfixes are already included in 2003 R2? if any?

None of them are included in Server 2003 R2

Server 2003 R2 description:
CD1 software is an interim release that is built on Windows Server 2003 Service Pack 1 includes launcher CD2CHAIN.EXE
CD2 includes a variety of features and improvements

Update for Windows Server 2003 (KB927620)


Install this update to resolve performance issues experienced when using a Windows-based system to implement Winsock Direct (WSD) in a fast System Area Network (SAN) environment.



Update for Windows Server 2003 (KB924286)


This update adds support for Ethernet-based Remote Direct Memory Access (RDMA) to Windows-based systems.

Update for Windows Server 2003 (KB928388)


Installing this update enables your computer to automatically adjust the computer clock on the correct date in 2007 due to revised Daylight Saving Time laws in many countries.

927620 replaces 924286.

the_guy

De-stickied at the request of Bilou_Gateux