Windows 2003 Service Pack 2 Hotfixes compiled by the_guy (April '07 - Aug '08) and FDV (Sept '08 - forward)
Windows 2003 comes with version IE 6. Be careful not to mismatch IE version and hotfixes.
Windows 2003 Service Pack 2 Hotfixes compiled by the_guy (April '07 - Aug '08) and FDV (Sept '08 - forward)
Windows 2003 comes with version IE 6. Be careful not to mismatch IE version and hotfixes.
No, I'm not linking IE 7, IE 8, or whatever other train wrecks Microsoft is releasing. A server OS shouldn't even have a browser in it, never mind an HTML engine. It's a SERVER!
Start here:
Service Pack 2 for Windows Server 2003
April 2007:
925902: Vulnerabilities in GDI Could Allow Remote Code Execution
932168: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
930178: Vulnerabilities in CSRSS Could Allow Remote Code Execution
931784 - OBSOLETE. Vulnerability in Windows Kernel Could Allow Elevation of Privilege
June 2007:
924667: Vulnerability in Microsoft Foundation Classes could allow for remote code execution
935840 - OBSOLETE. Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution
929123: Cumulative Security Update for Outlook Express and Windows Mail
935839: Vulnerability in Win 32 API Could Allow Remote Code Execution. POSSIBLY made obsolete by 959426 (see below at April 2009). KB article says 935839 is replaced, but the file manifests don't match.
July 2007:
933854: Description of the security update for the .NET Framework 1.1 for Windows Server 2003
936357: A microcode reliability update is available that improves the reliability of systems that use Intel processors
August 2007:
936227 - OBSOLETE. Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
October 2007:
933729: Vulnerability in RPC Could Allow Denial of Service
November 2007:
943460: Vulnerability in Windows URL Handling Could Allow Remote Code Execution
December 2007:
944653: Vulnerability in Macrovision driver could allow local elevation of privilege
January 2008:
943485 - OBSOLETE. Vulnerability in LSASS Could Allow Local Elevation of Privilege
February 2008:
942831: Vulnerability in Internet Information Services could allow elevation of privileges
942830: Vulnerability in Internet Information Services could allow remote code execution
946026: Vulnerability in WebDAV Mini-Redirector could allow remote code execution
947890: A vulnerability in OLE Automation could allow remote code execution
April 2008:
945553: Vulnerability in DNS Client Could Allow Spoofing
948590 - OBSOLETE. Vulnerabilities in GDI Could Allow Remote Code Execution
941693 - OBSOLETE. Vulnerability in Windows Kernel Could Allow Elevation of Privilege
June 2008:
951698 - OBSOLETE. Vulnerabilities in DirectX Could Allow Remote Code Execution
948745: Vulnerability in WINS Could Allow Elevation of Privilege
953235: This actually links to KB949014 and KB949269. Vulnerability in Active Directory Could Allow Denial of Service
950762: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
953235: Vulnerability in Active Directory Could Allow Denial of Service
July 2008:
953230: This actually links to KB951748. Vulnerabilities in DNS Could Allow Spoofing
August 2008:
952954: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
951066: Security Update for Outlook Express and Windows Mail
950974: Vulnerabilities in Event System Could Allow Remote Code Execution
953839 - OBSOLETE. Cumulative Security Update for ActiveX
938127: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
September 2008:
943729: Group Policy Preference Client Side Extensions
938464: Attacker could remotely compromise Windows system that uses GDI+ and gain control over it
October 2008:
956391: Cumulative security update for ActiveX
956803: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege
956841 - OBSOLETE. Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege
957095 - OBSOLETE. Vulnerability in SMB Could Allow Remote Code Execution
953155: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution
954211 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege. (see also 959252 below in November 2008)
958644: Vulnerability in Server Service Could Allow Remote Code Execution
340178: Windows Server 2003 Service Pack 2 Administration x86 Tools Pack - update
November 2008:
957097: Vulnerability in SMB Could Allow Remote Code Execution
955218: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
958655: Update to resolve an issue in MSI Installer 4.5
959252: Update to resolve an issue in which you receive a 0x0000008e Stop error after installing 954211
December 2008:
955839: Time Zone Updates
956802: Vulnerabilities in GDI Could Allow Remote Code Execution.
January 2009:
958687: Vulnerabilities in SMB Could Allow Remote Code Execution
February 2009:
No fixes listed
March 2009:
960225: Vulnerability in SChannel Could Allow Spoofing
967715: A new shell32.dll file correcting "disable Autorun registry key" enforcement
958690: Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
April 2009:
959454: Vulnerabilities in Windows could allow elevation of privilege. This is broken into two downloads to piss you off. Click here for the first one called "KB952004"
959454: Vulnerabilities in Windows could allow elevation of privilege. This is broken into two downloads to piss you off. Click here for the second one called "KB956572"
959426: Blended threat vulnerability in SearchPath could allow elevation of privilege
960803: Vulnerabilities in Windows HTTP services could allow remote code execution
960477: Vulnerability in WordPad and Office text converters could allow remote code execution
961373: Vulnerability in Microsoft DirectShow could allow remote code execution
May 2009:
There were no fixes for the OS in May 2009.
Other Windows Components: Internet Explorer 6
958215 - OBSOLETE. Cumulative Security Update for Internet Explorer
960714 - OBSOLETE. Out of cycle Security Update for Internet Explorer
960715: March 2009. Update Rollup for ActiveX Kill Bits
963027: April 2009 Cumulative security update for Internet Explorer
Other Windows Components: Media Player
925398: July 2007. Vulnerability in Windows Media Player 6.4 could allow remote code execution
936782: August 2007. Vulnerability in Windows Media Player Could Allow Remote Code Execution
941569: December 2007. Vulnerability in Windows Media file format could allow remote code execution
944275: December 2007. Vulnerability in Windows Media file format could allow remote code execution
954156: September 2008. Security Update for Windows Media Encoder 9 Series
954600,959807,952068,952069: December 2008. Security fixes for Media Player
959807: December 2008. Vulnerabilities in Windows Media Components Could Allow Remote Code Execution
Roots Update direct download link last updated September 25 2007
Windows Script 5.7.0.16535 direct download link
MS Server 2003 link that changes hourly and will probably be a 404 before I even finish typing this
Please post any issues with this list here.
Last update:
12/25/08 at 23:04