Recent Windows XP critical updates:
This is a list of the Microsoft Windows XP updates since
June 2004 and is not necessarily exhaustive. The list
includes all the critical and high priority/moderate/important updates. Some
updates that only apply to Windows XP Gold or SP1 and other
versions of Windows may not be included. The updates can be
updated via Windows AutoUpdate (WAU), manual update at Windows
Update/Microsoft Update website, or individually downloaded to your computer
first. July 2005: Note that Windows Update page is now v6
and a new Microsoft Update has just been released. You
will find that many updates replace previous ones as bugs
are found in them. So if you're doing an unattended Windows
XP CD, you won't need all the ones listed. There are lists
at
MSFN website
(stickies the Unattended Windows and HFSLIP forums) and RyanVM's
website with more details. The individual KB articles and
Security Bulletins would also tell you what updates they
replace. Search the KB article number or MS Security Bulletin
number to find it. You can also find them in Windows Update
under "catalog" search.
Microsoft Security Bulletin Search
Microsoft list of links to Security bulletins
Post-SP1 (pre-SP2) updates
June-July 2004: KB 839643
(Direct X), 8 Jun 2004
KB 870669 (ADOB Stream) 2 Jul 2004
KB 823353 (OE6 Cumulative Patch) 13 Jul 2004
KB 841873 (MS04-022) 13 Jul 2004
KB 840315 (IE6 SP1, MS04-023) 13 Jul 2004
KB 839645 (MS04-024) 13 Jul 2004
KB 842773 (BITS2/HTTP 5.1) 13 Jul 2004
KB 867801 (IE6 Cumulative Patch, MS04-025) 30 Jul 2004
Windows XP SP2
English RTM (build 2180)
is available for download for network
installations and deployment (KB835935, 266MB, 9 Aug 2004).
This can be installed in Home and Professional retail, OEM
and Volume License editions and is suitable for
slipstreaming (integration). Other language versions are
available. A smaller file download (c.80
MB) via
Windows update and Automatic Update for
Windows XP Home Edition and Windows XP Professional is now
available. Despite
many problems reported with applications (but often it can
be resolved by a product update) there is now little reason
not to upgrade. Post-SP2 updates (note: some
additional updates are available if you have not installed
SP1 or SP2 but I have not included them here).
Windows XP/Server 2003/Office XP/2003 JPEG Processing (GDI+)
(MS04-028)
KB 890830 Microsoft� Windows� Malicious Software Removal Tool
1.x: this is a monthly update scan. You can just let it run
if you use automatic update or manually download the exe
file to the computer first and run the scan.
KB834707 Cumulative Security Update for Internet
Explorer 12 Oct 2004 (MS04-038):
IE6 SP1,
IE6 SP2
KB 886185 (Critical Update for Windows XP SP2) 14 Dec 2004
KB 885836 (MS04-041 WordPad vulnerability) 14 Dec 2004
KB 873339 (MS04-043 Hyperterminal Vulnerbility) 14 Dec 2004
KB 885835 (MS04-044 Kernel and LSASS Vulnerability) 14 Dec
2004
Updates released in January 2005:
KB 890175 (MS05-001 HTML Help vulnerability) 11 Jan 2005
KB 891711 (MS05-002 cursor and icon format handling
vulnerability) 11 Jan 2005
KB 871250 (MS05-003 Indexing service vulnerability) 11 Jan
2005
KB890830 Microsoft� Windows� Malicious Software Removal Tool 10 Jan 2005 (will be updated monthly)
Updates released on 8 February 2005:
KB 887219 (MS05-004 Asp.net path validation
vulnerability in .NET Framework 1.0/1.1)
KB 888302 (MS05-007 object library information
disclosure vulnerability)
KB 890047 (MS05-008 Windows Shell vulnerability)
KB 885492 (MS05-009 PNG processing vulnerability
affecting Windows Media Player 9 in Windows XP SP1)
KB 887472 (MS05-009 PNG processing vulnerability
affecting Windows Messenger 4.7/5, MSN Messenger 6.1/6.2)
KB 885250 (MS05-011 Server message block
vulnerability)
KB 873333 (MS05-012 OLE and COM vulnerability) This
has been subsequently updated in July 2005, and appears in
WAU in August 2005; see KB 894391)
KB 891781 (MS05-013 DHTML editing component
ActiveX control vulnerability)
KB 867282 (MS05-014 Cumulative Security Update for
Internet Explorer)
KB 888113 (MS05-015 hyperlink vulnerability)
KB 887742 (Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)
for Windows XP SP2, non-critical update, 23 Feb 2005)
KB890830 Microsoft� Windows� Malicious Software Removal Tool 1.1 (monthly update)
Update released on 8 Mar 2005:
KB890830 Microsoft� Windows� Malicious Software Removal Tool
1.2 (monthly update)
Note: The
Toolkit to Temporarily Block Delivery of Windows XP SP2 to a
PC Through Automatic Updates and Windows Update has
expired (240 days from 16 August)!
Updates released on 12 Apr 2005:
KB 890923 (MS05-020 Cumulative Security Update for
Internet Explorer 6)
KB 893086 (MS05-016 Vulnerability in Windows Shell that
Could Allow Remote Code Execution)
KB 890859 (MS05-018 Vulnerabilities in Windows Kernel
Could Allow Elevation of Privilege and Denial of Service)
KB 893066 (MS05-019 Vulnerabilities in TCP/IP Could
Allow Remote Code Execution and Denial of Service)
KB890830 Microsoft� Windows� Malicious Software Removal Tool
1.3 (monthly update scan)
KB 893803 (Windows Installer 3.1, non-critical)
Update released on 10 May 2005:
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.4 (monthly update scan)
Updates released on 14 Jun 2005 (*critical updates):
*KB 883939 (MS05-025 Cumulative Security for Internet
Explorer)
*KB 898458 (MS05-031 Vulnerability in Microsoft
Windows Interactive Training Could Allow Remote Code
Execution)
KB 890046 (MS05-032 Vulnerability in Microsoft Agent
Could Allow Spoofing)
KB 893066 (MS05-019 Vulnerabilities in TCP/IP Could
Allow Remote Code Execution and Denial of Service, v.2
(originally released in April))
KB 896358 (MS05-026 Vulnerability in HTML Help Could
Allow Remote Code Execution)
*KB 896422 (MS05-027 Vulnerability in SMB Could Allow
Remote Code Execution)
KB 896428 (MS05-033 Vulnerability in Telnet Client
Could Allow Information Disclosure)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.5 (monthly update scan)
KB 896426 (MS05-028 Vulnerability in Web Client
Service Could Allow Remote Code Execution - Windows XP SP1
only)
KB 897715 (MS05-030 Cumulative Security Update for
Outlook Express - Windows XP SP1 only)
Updates released on 12 July 2005 (*critical updates):
*KB 901214 (MS05-036 Vulnerability in Microsoft Color
Management Module)
*KB 903235 (MS05-037 Vulnerability in JView Profiler)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.6 (monthly update scan)
Microsoft has introduced Windows Genuine Advantage
Program (KB 892130). Those who do not install the WGA
ActiveX control in Internet Explorer will not be able to
manually download some updates but this does not affect
critical updates. (At least that is the official position.)
Updates released on 9 Aug 2005 (*critical updates):
KB 894391 (MS05-012: Vulnerability in OLE and COM
could allow remote code execution) This is a fix for
MS05-012, as described in KB 894391: FIX: DBCS attachment
file names are not displayed in Rich Text e-mail messages
and you may receive a "Generic Host Process" error message
after you install security update MS05-012, originally
released in Feb 2005 as KB 873333)
*KB 896727 (MS05-038: Cumulative security update for
Internet Explorer)
*KB 899588 (MS05-039 Vulnerability in Plug and Play
Could Allow Remote Code Execution and Elevation of
Privilege)
*KB 896423 ( MS05-043 Vulnerability in Print Spooler
Service)
KB 893756 (MS05-040 Vulnerability in Telephony
Service)
KB 899591 (MS05-041 Vulnerability in Remote Desktop
Protocol Could Allow Denial of Service)
KB 899587 (MS05-042 Vulnerabilities in Kerberos Could
Allow Denial of Service, Information Disclosure, and
Spoofing)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.7 (monthly update scan)
Updates released on 13 Oct 2005:
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.8 (monthly update scan)
Updates released on 11 Oct 2005 (* critical, �
intermediate, � moderate risk level updates):
*KB 896688 (MS05-052: IE Cumulative Update)
*KB 902400 (MS05-051 MSDTC and Comt Vulnerability)
*KB 904706 (MS05-050: DirectShow vulnerability)
�KB 901017 (KB907245; MS05-048 Microsoft
Collaborative Data Object Vulnerability)
�KB 899589 ( MS05-046)
�KB 900725 (MS05-048 Windows Shell Vulnerability)
�KB 905749 (MS05-047 PnP Vulnerability)
�KB 905414 (MS05-045 Network Vulnerability)
�KB 905495 (MS05-044 FTP Vulnerability; XP SP1 only)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.9 (monthly update scan)
Updates released on 8 Nov 2005 (* critical):
*KB 896424 (MS05-053: Vulnerabilities in Graphics
Rendering Engine)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.10 (monthly update scan)
Updates released on 13 Dec 2005 (* critical):
*KB 905915 (MS05-054: IE Cumulative Update)
KB 908523 (MS05-055 Windows 2000 SP4 only, important)
KB 910437 (fixes access violation update error)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.11 (monthly update scan)
Updates released on 10 Jan 2006 (* critical):
*KB 912919 (MS06-001: WMF vulnerability)
*KB 908519 (MS06-002: embedded web fonts
vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.12 (monthly update scan)
Updates released on 14 Feb 2006 (* critical, �
important):
*KB910620 (MS06-004: IE Cumulative Update, IE 5.01
SP4 in Win 2000 SP4 only)
*KB 911565 (MS06-005: WMP 7.1-10)
�KB 911564 (MS06-006 WMP plug-in)
�KB 901190 (MS06-009: Korean IME in Windows and
separately KB 905645 for Office 2003)
�KB 911927 (MS06-008: Web Client Service)
�KB 913446 (MS06-007: TCP/IP)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.13 (monthly update scan)
No Updates release in Mar 2006 except KB890830
Updates released on 11 Apr 2006 (* critical, �
important):
*KB912812 (MS06-013: IE Cumulative Update)
KB 911567 (MS06-016: OE update)
�KB 908531 (MS06-015 Explorer vulnerability)
�KB 911562 (MS06-014: MDAC vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.15 (monthly update scan)
Updates released on 9 May 2006 (* critical, �
moderate):
*KB913433 (MS06-020: Flash player vulnerability -
only required for older versions of Macromedia Flash player;
update to the latest Flash player instead is recommended)
�KB 913580 (MS06-018 MDTC vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.16 (monthly update scan)
Updates released on 13 June 2006 (* critical, �
important):
*KB916281 (MS06-021: IE Cumulative Update)
*KB 917734 (MS06-024: WMP9&10)
*KB 911280 (MS06-025: routing and remote access
vulnerability)
�KB 914389 (MS06-030: server message block vulnerability)
*KB 917344 (MS06-023: Microsoft JScript vulnerability)
�KB 917953 (MS06-032: YCP/IP vulnerability)
*KB 918439 (MS06-022: ART image rendering vulnerability)
KB 890930 Microsoft� Windows� Malicious Software Removal Tool
1.17 (monthly update scan)
There are additional updates for Windows 2000 and Office
XP/2003 (Word and Powerpoint) |