Windows XP Security Updates

On this page:

[1] Windows XP

[1.1] Windows XP Security Updates (information since June 2004)

 

 

Windows XP Security Updates

Viruses, Worms and security patch information:

W32.Blaster.Worm and its variants: see RPC
Sasser Worm and its variants: see Microsoft security article
These two security patches are included in Windows XP SP2.
 

Recent Windows XP critical updates:

This is a list of the Microsoft Windows XP updates since June 2004 and is not necessarily exhaustive. The list includes all the critical and high priority/moderate/important updates. Some updates that only apply to Windows XP Gold or SP1 and other versions of Windows may not be included. The updates can be updated via Windows AutoUpdate (WAU), manual update at Windows Update/Microsoft Update website, or individually downloaded to your computer first.

July 2005: Note that Windows Update page is now v6 and a new Microsoft Update has just been released.

You will find that many updates replace previous ones as bugs are found in them. So if you're doing an unattended Windows XP CD, you won't need all the ones listed. There are lists at MSFN website (stickies the Unattended Windows and HFSLIP forums) and RyanVM's website with more details. The individual KB articles and Security Bulletins would also tell you what updates they replace.

Search the KB article number or MS Security Bulletin number to find it. You can also find them in Windows Update under "catalog" search.

Microsoft Security Bulletin Search

Microsoft list of links to Security bulletins

Post-SP1 (pre-SP2) updates June-July 2004:

KB 839643 (Direct X), 8 Jun 2004
KB 870669 (ADOB Stream) 2 Jul 2004
KB 823353 (OE6 Cumulative Patch) 13 Jul 2004
KB 841873 (MS04-022) 13 Jul 2004
KB 840315 (IE6 SP1, MS04-023) 13 Jul 2004
KB 839645 (MS04-024) 13 Jul 2004
KB 842773 (BITS2/HTTP 5.1) 13 Jul 2004
KB 867801 (IE6 Cumulative Patch, MS04-025) 30 Jul 2004

Windows XP SP2 English RTM (build 2180) is available for download for network installations and deployment (KB835935, 266MB, 9 Aug 2004). This can be installed in Home and Professional retail, OEM and Volume License editions and is suitable for slipstreaming (integration). Other language versions are available.

A smaller file download (c.80 MB) via Windows update and Automatic Update for Windows XP Home Edition and Windows XP Professional is now available. Despite many problems reported with applications (but often it can be resolved by a product update) there is now little reason not to upgrade.

Post-SP2 updates (note: some additional updates are available if you have not installed SP1 or SP2 but I have not included them here).

Windows XP/Server 2003/Office XP/2003 JPEG Processing (GDI+) (MS04-028)

KB 890830 Microsoft� Windows� Malicious Software Removal Tool 1.x: this is a monthly update scan. You can just let it run if you use automatic update or manually download the exe file to the computer first and run the scan.

KB834707 Cumulative Security Update for Internet Explorer 12 Oct 2004 (MS04-038): IE6 SP1, IE6 SP2

KB 886185 (Critical Update for Windows XP SP2) 14 Dec 2004
KB 885836 (MS04-041 WordPad vulnerability) 14 Dec 2004
KB 873339 (MS04-043 Hyperterminal Vulnerbility) 14 Dec 2004
KB 885835 (MS04-044 Kernel and LSASS Vulnerability) 14 Dec 2004

Updates released in January 2005:
KB 890175 (MS05-001 HTML Help vulnerability) 11 Jan 2005
KB 891711 (MS05-002 cursor and icon format handling vulnerability) 11 Jan 2005
KB 871250 (MS05-003 Indexing service vulnerability) 11 Jan 2005
KB890830 Microsoft� Windows� Malicious Software Removal Tool 10 Jan 2005 (will be updated monthly)

Updates released on 8 February 2005:
KB 887219 (MS05-004 Asp.net path validation vulnerability in .NET Framework 1.0/1.1)
KB 888302 (MS05-007 object library information disclosure vulnerability)
KB 890047 (MS05-008 Windows Shell vulnerability)
KB 885492 (MS05-009 PNG processing vulnerability affecting Windows Media Player 9 in Windows XP SP1)
KB 887472 (MS05-009 PNG processing vulnerability affecting Windows Messenger 4.7/5, MSN Messenger 6.1/6.2)
KB 885250 (MS05-011 Server message block vulnerability)
KB 873333 (MS05-012 OLE and COM vulnerability) This has been subsequently updated in July 2005, and appears in WAU in August 2005; see KB 894391)
KB 891781 (MS05-013  DHTML editing component ActiveX control vulnerability)
KB 867282 (MS05-014 Cumulative Security Update for Internet Explorer)
KB 888113 (MS05-015 hyperlink vulnerability)
KB 887742 (Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT) for Windows XP SP2, non-critical update, 23 Feb 2005)
KB890830 Microsoft� Windows� Malicious Software Removal Tool 1.1 (monthly update)

Update released on 8 Mar 2005:
KB890830 Microsoft� Windows� Malicious Software Removal Tool 1.2 (monthly update)

Note: The Toolkit to Temporarily Block Delivery of Windows XP SP2 to a PC Through Automatic Updates and Windows Update has expired (240 days from 16 August)!

Updates released on 12 Apr 2005:
KB 890923 (MS05-020 Cumulative Security Update for Internet Explorer 6)
KB 893086 (MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution)
KB 890859 (MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service)
KB 893066 (MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service)
KB890830 Microsoft� Windows� Malicious Software Removal Tool 1.3 (monthly update scan)
KB 893803 (Windows Installer 3.1, non-critical)

Update released on 10 May 2005:
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.4 (monthly update scan)

Updates released on 14 Jun 2005 (*critical updates):
*KB 883939 (MS05-025 Cumulative Security for Internet Explorer)
*KB 898458 (MS05-031 Vulnerability in Microsoft Windows Interactive Training Could Allow Remote Code Execution)
KB 890046 (MS05-032 Vulnerability in Microsoft Agent Could Allow Spoofing)
KB 893066 (MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service, v.2 (originally released in April))
KB 896358 (MS05-026 Vulnerability in HTML Help Could Allow Remote Code Execution)
*KB 896422 (MS05-027 Vulnerability in SMB Could Allow Remote Code Execution)
KB 896428 (MS05-033 Vulnerability in Telnet Client Could Allow Information Disclosure)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.5 (monthly update scan)
KB 896426 (MS05-028 Vulnerability in Web Client Service Could Allow Remote Code Execution - Windows XP SP1 only)
KB 897715 (MS05-030 Cumulative Security Update for Outlook Express - Windows XP SP1 only)

Updates released on 12 July 2005 (*critical updates):
*KB 901214 (MS05-036 Vulnerability in Microsoft Color Management Module)
*KB 903235 (MS05-037 Vulnerability in JView Profiler)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.6 (monthly update scan)

Microsoft has introduced Windows Genuine Advantage Program (KB 892130). Those who do not install the WGA ActiveX control in Internet Explorer will not be able to manually download some updates but this does not affect critical updates. (At least that is the official position.)

Updates released on 9 Aug 2005 (*critical updates):
KB 894391 (MS05-012: Vulnerability in OLE and COM could allow remote code execution) This is a fix for MS05-012, as described in KB 894391: FIX: DBCS attachment file names are not displayed in Rich Text e-mail messages and you may receive a "Generic Host Process" error message after you install security update MS05-012, originally released in Feb 2005 as KB 873333)
*KB 896727 (MS05-038: Cumulative security update for Internet Explorer)
*KB 899588 (MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege)
*KB 896423 ( MS05-043 Vulnerability in Print Spooler Service)
KB 893756 (MS05-040 Vulnerability in Telephony Service)
KB 899591 (MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service)
KB 899587 (MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.7 (monthly update scan)

Updates released on 13 Oct 2005:
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.8 (monthly update scan)

Updates released on 11 Oct 2005 (* critical, � intermediate, � moderate risk level updates):
*KB 896688 (MS05-052: IE Cumulative Update)
*KB 902400 (MS05-051 MSDTC and Comt Vulnerability)
*KB 904706 (MS05-050: DirectShow vulnerability)
�KB 901017 (KB907245; MS05-048 Microsoft Collaborative Data Object Vulnerability)
�KB 899589 ( MS05-046)
�KB 900725 (MS05-048 Windows Shell Vulnerability)
�KB 905749 (MS05-047 PnP Vulnerability)
�KB 905414 (MS05-045 Network Vulnerability)
�KB 905495 (MS05-044 FTP Vulnerability; XP SP1 only)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.9 (monthly update scan)

Updates released on 8 Nov 2005 (* critical):
*KB 896424 (MS05-053: Vulnerabilities in Graphics Rendering Engine)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.10 (monthly update scan)

Updates released on 13 Dec 2005 (* critical):
*KB 905915 (MS05-054: IE Cumulative Update)
KB 908523 (MS05-055 Windows 2000 SP4 only, important)
KB 910437 (fixes access violation update error)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.11 (monthly update scan)

Updates released on 10 Jan 2006 (* critical):
*KB 912919 (MS06-001: WMF vulnerability)
*KB 908519 (MS06-002: embedded web fonts vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.12 (monthly update scan)

Updates released on 14 Feb 2006 (* critical, � important):
*KB910620 (MS06-004: IE Cumulative Update, IE 5.01 SP4 in Win 2000 SP4 only)
*KB 911565 (MS06-005: WMP 7.1-10)
�KB 911564 (MS06-006 WMP plug-in)
�KB 901190 (MS06-009: Korean IME in Windows and separately KB 905645 for Office 2003)
�KB 911927 (MS06-008: Web Client Service)
�KB 913446 (MS06-007: TCP/IP)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.13 (monthly update scan)

No Updates release in Mar 2006 except KB890830

Updates released on 11 Apr 2006 (* critical, � important):
*KB912812 (MS06-013: IE Cumulative Update)
KB 911567 (MS06-016: OE update)
�KB 908531 (MS06-015 Explorer vulnerability)
�KB 911562 (MS06-014: MDAC vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.15 (monthly update scan)

Updates released on 9 May 2006 (* critical, � moderate):
*KB913433 (MS06-020: Flash player vulnerability - only required for older versions of Macromedia Flash player; update to the latest Flash player instead is recommended)
�KB 913580 (MS06-018 MDTC vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.16 (monthly update scan)

Updates released on 13 June 2006 (* critical, � important):
*KB916281 (MS06-021: IE Cumulative Update)
*KB 917734 (MS06-024: WMP9&10)
*KB 911280 (MS06-025: routing and remote access vulnerability)
�KB 914389 (MS06-030: server message block vulnerability)
*KB 917344 (MS06-023: Microsoft JScript vulnerability)
�KB 917953 (MS06-032: YCP/IP vulnerability)
*KB 918439 (MS06-022: ART image rendering vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool 1.17 (monthly update scan)
There are additional updates for Windows 2000 and Office XP/2003 (Word and Powerpoint)

 

 

 

Go to TOP of the page.

 

Copyright � 2003-2006 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author. All the products mentioned are trademarks of their respective companies.

Created 12 Apr 2005; last updated 17 June 2006