Windows 2003 Post Service Pack 2 Hotfixes
PLEASE NOTE:
• this list DOES remove obsolete fixes replaced by more current ones -- to my knowledge that sets this one apart from other lists
• that I am lazy and my updates come in bursts. I may do three months or more at a time. Check back if you don't see the current date at the bottom. I actually use this OS so I have an interest in keeping this list up to date.
Compiled by the_guy (April '07 - Aug '08) and FDV (Sept '08 - forward).
Windows 2003 comes with version IE 6. Be careful not to mismatch IE version and hotfixes.
No, I'm not linking IE 7, IE 8, or whatever other train wrecks Microsoft is releasing unless the v6 link happens to be the exact same (like cumulatives).
A server OS shouldn't even have a browser in it, never mind an HTML engine. It's a SERVER!
Start here:
Service Pack 2 for Windows Server 2003
April 2007:
925902 - OBSOLETE. Vulnerabilities in GDI Could Allow Remote Code Execution
932168: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
930178 - OBSOLETE. Vulnerabilities in CSRSS Could Allow Remote Code Execution
931784 - OBSOLETE. Vulnerability in Windows Kernel Could Allow Elevation of Privilege
May 2007:
927891 - Resolves an issue in the Windows Installer (MSI). Upgrade to MSI 4.5 below. Listed here for completeness, and not linking it.
June 2007:
924667 - OBSOLETE. Vulnerability in Microsoft Foundation Classes could allow for remote code execution
935840 - OBSOLETE. Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution
929123: Security Update for Outlook Express and Windows Mail
935839 - OBSOLETE. Vulnerability in Win 32 API Could Allow Remote Code Execution.
July 2007:
933854: Description of the security update for the .NET Framework 1.1 for Windows Server 2003
936357: A microcode reliability update is available that improves the reliability of systems that use Intel processors
926122 - Vuln in Active Directory Could Allow Remote Code Execution
August 2007:
936227 - OBSOLETE. Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
October 2007:
933729 - OBSOLETE. Vulnerability in RPC Could Allow Denial of Service
November 2007:
943460 - OBSOLETE: Vulnerability in Windows URL Handling Could Allow Remote Code Execution
December 2007:
944653: Vulnerability in Macrovision driver could allow local elevation of privilege
January 2008:
943485 - OBSOLETE. Vulnerability in LSASS Could Allow Local Elevation of Privilege
February 2008:
942831: Vulnerability in Internet Information Services could allow elevation of privileges
942830 - OBSOLETE. Vulnerability in Internet Information Services could allow remote code execution
946026: Vulnerability in WebDAV Mini-Redirector could allow remote code execution
947890 - OBSOLETE. A vulnerability in OLE Automation could allow remote code execution
April 2008:
945553-SEE NOTE: Vulnerability in DNS Client Could Allow Spoofing
948590 - OBSOLETE. Vulnerabilities in GDI Could Allow Remote Code Execution
941693 - OBSOLETE. Vulnerability in Windows Kernel Could Allow Elevation of Privilege
June 2008:
951698 - OBSOLETE. Vulnerabilities in DirectX Could Allow Remote Code Execution
948745 - OBSOLETE. Vulnerability in WINS Could Allow Elevation of Privilege
953235 - OBSOLETE. This actually links to KB949014 and KB949269. Vulnerability in Active Directory Could Allow Denial of Service
950762: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
942288: (download, bulletin) Windows Installer 4.5 Redistributable
July 2008:
953230-SEE NOTE: This actually links to KB951748. Vulnerabilities in DNS Could Allow Spoofing
August 2008:
952954: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
951066-SEE NOTE: Security Update for Outlook Express and Windows Mail (does not replace 929123)
950974: Vulnerabilities in Event System Could Allow Remote Code Execution
953839 - OBSOLETE. Cumulative Security Update for ActiveX
938127-SEE NOTE: Vulnerability in Vector Markup Language Could Allow Remote Code Execution
September 2008:
943729: Group Policy Preference Client Side Extensions
954593 - OBSOLETE. Vulnerabilities in GDI+ Could Allow Remote Code Execution
938464 - OBSOLETE. Attacker could remotely compromise Windows system that uses GDI+ and gain control over it
October 2008:
956391 - OBSOLETE. Cumulative security update for ActiveX
956803-SEE NOTE: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege
956841 - OBSOLETE. Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege
957095 - OBSOLETE. Vulnerability in SMB Could Allow Remote Code Execution
953155: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution
954211 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege. (see also 959252 below in November 2008)
958644: Vulnerability in Server Service Could Allow Remote Code Execution
340178-SEE NOTE: Windows Server 2003 Service Pack 2 Administration x86 Tools Pack - update
November 2008:
957097 - OBSOLETE. Vulnerability in SMB Could Allow Remote Code Execution
955218: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (XML 3, 4, 6)
958655 - OBSOLETE. Update to resolve an issue in MSI Installer 4.5
959252 - OBSOLETE. Update to resolve an issue in which you receive a 0x0000008e Stop error after installing 954211
December 2008:
955839 - OBSOLETE. Time Zone Updates
956802: Vulnerabilities in GDI Could Allow Remote Code Execution.
958756 - MSI 4.5 hotfix for msi.dll. Requires special request, not available for simple download.
January 2009:
958687 - OBSOLETE. Vulnerabilities in SMB Could Allow Remote Code Execution
February 2009:
There were no fixes for the OS in February 2009.
March 2009:
960225-SEE NOTE: Vulnerability in SChannel Could Allow Spoofing
967715-SEE NOTE: A new shell32.dll file correcting "disable Autorun registry key" enforcement
958690 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
April 2009:
959454: Vulnerabilities in Windows could allow elevation of privilege. This is broken into two downloads to piss you off. Click here for the first one called "KB952004"
959454: Vulnerabilities in Windows could allow elevation of privilege. This is broken into two downloads to piss you off. Click here for the second one called "KB956572"
959426: Blended threat vulnerability in SearchPath could allow elevation of privilege
960803 - OBSOLETE. Vulnerabilities in Windows HTTP services could allow remote code execution
960477: (OS patch that is non-OS related) Vulnerability in WordPad and Office text converters could allow remote code execution
961373 - OBSOLETE. Vulnerability in Microsoft DirectShow could allow remote code execution
960803 - Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution
May 2009:
There were no fixes for the OS in May 2009.
June 2009:
971055 - OBSOLETE. Vulnerabilities in Active Directory Could Allow Remote Code Execution
961501: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution
963093-SEE NOTE: Vulnerability in Windows Search Could Allow Information Disclosure
970238 - OBSOLETE. Vulnerability in RPC Could Allow Elevation of Privilege
968537 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
970483: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege
972189 - MSI 4.5 hotfix for msiprov.dll. Requires special request, not available for simple download.
July 2009:
961371 - OBSOLETE. Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution
973346 - OBSOLETE. Cumulative Security Update of ActiveX Kill Bits
971633 - OBSOLETE. Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution
970653 - OBSOLETE. Resolves issues caused by revised daylight saving time and time zone laws in several countries
August 2009:
973908: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
973354 - OBSOLETE. Outlook Exporess update
973869: (download, bulletin): DHTML editing component ActiveX control
973815: (download, bulletin): Microsoft MSWebDVD ActiveX Control
969883 - OBSOLETE. Vulnerabilities in WINS Could Allow Remote Code Execution
971032: Vulnerability in Message Queuing Could Allow Elevation of Privilege
971657: Vulnerability in Workstation Service Could Allow Elevation of Privilege
960859: Vulnerability in Telnet Could Allow Remote Code Execution
970927: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution
973811: Link 1 (explanation), Strengthens authentication credentials in specific scenarios
968389: Link 2 (reg setting), Strengthens authentication credentials in specific scenarios
968389: Link 3 (download), Strengthens authentication credentials in specific scenarios
September 2009:
956844: Vulnerability in DHTML Editing Component ActiveX Control
967723: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
971029 - Install to restrict AutoRun to only CD and DVD drives
October 2009:
973525 - OBSOLETE. Cumulative Security Update of ActiveX Kill Bits
958869-SEE NOTE: (download, bulletin): Vulnerabilities in GDI+ Could Allow Remote Code Execution
971486 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
969059: (download, bulletin): Vulnerability in Indexing Service Could Allow Remote Code Execution
975254-SEE NOTE: (download, bulletin): Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution
974571: (download, bulletin): Vulnerabilities in Windows CryptoAPI Could Allow Spoofing
975467: (download, bulletin): Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
November 2009:
969947 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
973309 - OBSOLETE. Vulnerability in Active Directory Could Allow Denial of Service. Also called 973037 and 973039
December 2009:
975539: (download, bulletin): Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution
974392: (download, bulletin): Vulnerability in LSASS Could Allow Denial of Service
974318: (download, bulletin): Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
973904: (OS patch that is non-OS related) Vulnerability in WordPad and Office text converters could allow remote code execution (NOT the same as April 2009 above)
955759: (download, bulletin): AppCompat update for Indeo codec
971737: (download, bulletin): Update that implements Extended Protection for Authentication in Microsoft Windows HTTP Services (WinHTTP)
970430: (download, bulletin): Update that implements Extended Protection for Authentication in the HTTP Protocol Stack (http.sys)
971726: (download, bulletin): Authenticated remote attacker could gain control over system
973917: (download, bulletin): Extended Protection for Authentication in IIS
January 2010:
972270: (download, bulletin): Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
February 2010:
971468 - OBSOLETE. Vulnerabilities in SMB Server Could Allow Remote Code Execution
975713: (download, bulletin): Vulnerability in Windows Shell Handler Could Allow Remote Code Execution
977165 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
977935: Link 1 (explanation): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
977914: Link 2 (download, bulletin): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
975560: Link 3 (download, bulletin): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
978037 - OBSOLETE. Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
978251 - OBSOLETE. Vulnerabilities in SMB Client Could Allow Remote Code Execution
978262 - OBSOLETE. Cumulative Security Update of ActiveX Kill Bits
978706: (download, bulletin): Vulnerability in Microsoft Paint Could Allow Remote Code Execution
976569: (download, bulletin): Update to Dotnet 2 SP2 issued February 22nd
March 2010:
979306 - OBSOLETE. Revised daylight saving time and time zones
973917: (download, bulletin): Strengthen IIS authentication credentials
Please note! As of April 2010, hotfix KB numbers in some cases bear absolutely no relationship whatsoever to the actual KB. In other words, as an actual example, clicking on either KB979309 or KB978601 will bring you to KB981210. Going forward I will do what I can. I know the reason for it, but it's still fucking stupid.
April 2010:
980232 - OBSOLETE. Vulnerabilities in SMB Client Could Allow Remote Code Execution
979683 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
981169 - OBSOLETE. Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
978338: (download, bulletin): Vulnerability in Windows ISATAP Component Could Allow Spoofing
977816: (download, bulletin): Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
981832: (download called 976323, bulletin): Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service
981210: (download 1 called 979309, bulletin): Vulnerabilities in SigVerif and CABview Could Allow Remote Code Execution
981210: (download 2 called 978601, bulletin): Vulnerabilities in SigVerif and CABview Could Allow Remote Code Execution
May 2010:
978542: (download, bulletin): Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution
June 2010:
979559 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
980195 - OBSOLETE. Security Update for ActiveX Killbits
980218 - OBSOLETE. OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege
977816 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
979907, also 981343 - Dotnet 1.1, 2, and/or 3.5 update
982666 - IIS vuln
July 2010:
2229593: (download, bulletin): Vulnerability in Help and Support Center Could Allow Remote Code Execution
August 2010:
2286198-SEE NOTE: (download, bulletin): Vulnerabilities in Windows Shell Could Allow Elevation of Privilege
980436: (download, bulletin): Vulnerabilities in Windows SChannel Could Allow Elevation of Privilege
982316-SEE NOTE: (download, bulletin): TAPI Update
2160329 - OBSOLETE. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
982214 - OBSOLETE. Vulnerabilities in SMB Server Could Allow Remote Code Execution
2115168: (download, bulletin): Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
2079403: (download, bulletin): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (new XML 3)
2264107-SEE NOTE: (download, bulletin): A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm (it's about fucking time)
September 2010:
975558: (download, bulletin): Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution
981322: (download, bulletin): Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution. Also called 2320113
981550 - OBSOLETE. Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege.
982000 - OBSOLETE. Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege.
983539 - OBSOLETE. Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege.
982802 - OBSOLETE. Vulnerability in Remote Procedure Call Could Allow Remote Code Execution
2124261: (download, bulletin): Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution. Also called 2267960
2121546 - OBSOLETE. Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege
2141007- SEE NOTE: (download, bulletin): Extended Protection for Authentication for Outlook Express and Windows Mail
2158563 - OBSOLETE. Cumulative time zone update
2259922 - OBSOLETE. Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
2347290: (download, bulletin): Vulnerability in Print Spooler Service Could Allow Remote Code Execution
2418042 - Vulnerability in ASP.NET Could Allow Information Disclosure
October 2010:
979687 (this is also 2405882): (download, bulletin): Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution
981957 - OBSOLETE. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
982132: (download, bulletin): Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
2279986 - OBSOLETE. Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege
2296011: (download, bulletin): Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
2345886: (download, bulletin): Extended Protection for Authentication in the Server service
2360937: (download, bulletin): Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege
2387149: (download, bulletin): Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution
982132: (download, bulletin): Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
November 2010:
2388210: (download, bulletin): Resolves a set of known application compatibility issues with Windows
2345886: (download, bulletin): Implements Extended Protection (EAP) for Authentication in the Server service. Of questionable necessity.
2360937: (download, bulletin): Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege
979687: (download, bulletin): Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution
2296011: (download, bulletin): Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution
December 2010:
2440591: (download, bulletin): Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege
2443105: (download, bulletin): Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution
2296199 - OBSOLETE. Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege
2423089: (download, bulletin): Vulnerability in Windows Address Book Could Allow Remote Code Execution
2207559-SEE NOTE: (download, bulletin): Vulnerability in Windows Netlogon Service Could Allow Denial of Service
2436673 - OBSOLETE. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
2467659 - OBSOLETE. Addresses an issue with the Internet Explorer on the auto-detection of Japanese Encoding JIS
2443685 - OBSOLETE. Cumulative Timezone Update
January 2011:
2419635: (download, bulletin): Vulnerability in MDAC
February 2011:
2478960: (download, bulletin): Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege
2476687 - OBSOLETE. Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
2393802 - OBSOLETE. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
2485376 - OBSOLETE. Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
2478953 - Vulnerability in Active Directory Could Allow Denial of Service
2483185 - Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution
2496930 - Vulnerabilities in Kerberos Could Allow Elevation of Privilege
March 2011:
2483619-SEE NOTE, 2481109, 2508062: (bulletin): Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (yep, they're ALL the same fix! Pure genius.)
2479628 - OBSOLETE. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
April 2011:
2508272 - OBSOLETE. Active X Killbits
2491683: (download, bulletin): Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution, part 1 (fxscover.exe)
2506212-SEE NOTE: (download, bulletin): Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution, part 2 (mfc42.dll)
2485663: (download, bulletin): Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
2412687: (download, bulletin): Vulnerability in GDI+ Could Allow Remote Code Execution
2507618: (download, bulletin): Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
2503658 - OBSOLETE. Vulnerability in MHTML Could Allow Information Disclosure
2509553: (download, bulletin): Vulnerability in DNS Resolution Could Allow Remote Code Execution
2510581-SEE NOTE: (download, bulletin): Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution
2506223 - OBSOLETE. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
2511455 - OBSOLETE. Vulnerabilities in SMB Client Could Allow Remote Code Execution
2508429: (download, bulletin): Vulnerabilities in SMB Client Could Allow Remote Code Execution (srv.sys, w03a3409.dll)
2508272, 2514666: (download, bulletin): Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution
2492386: (download, no bulletin): Application compatability issues
May 2011:
2524426-SEE NOTE: (download, bulletin): Vulnerability in WINS Could Allow Remote Code Execution
June 2011:
2535512: (download, bulletin): Vulnerabilities in Distributed File System Could Allow Remote Code Execution
2476490: (download, bulletin): Vulnerability in OLE Automation Could Allow Remote Code Execution
2518295: (download, bulletin): Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege
2503665- OBSOLETE. Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
971737 - Extended Protection for Authentication in WinHTTP
July 2011:
2555917 - OBSOLETE. Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
2507938: (download, bulletin): Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
2544521 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution
August 2011:
2570791 - OBSOLETE. Time Zone Updates
2536276: (download, bulletin): Vulnerability in SMB Client Could Allow Remote Code Execution (mrxsmb.sys)
2570222 - Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
2567680 - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
2566454 - Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege
September 2011:
2616676: (download, bulletin): Update to the certificate revocation list
2607712-SEE NOTE: (download, bulletin): Certificate list (see above)
2570947: (download, bulletin): Remote code execution if a user opens a legit rtf, txt, or doc
2571621: (download, bulletin): Vulnerability in WINS
October 2011:
2567053 - OBSOLETE. Vulnerabilities in Windows kernel-mode drivers could allow remote code execution
2592799: (download, bulletin): Vulnerability in ancillary function driver could allow elevation of privilege
2572069: (download, bulletin): .NET Framework 1.1 fix
2572073: (download, bulletin): .NET Framework 2 fix
2564958, 2623699: (download, bulletin): Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution
2562485 - Vulnerabilities in DNS Server Could Allow Remote Code Execution
948496 - Turn off default SNP features (do not use unless you are affected)
November 2011:
2601626, 2630837 - OBSOLETE. Vulnerability in Active Directory Could Allow Elevation of Privilege
2616310: (download, bulletin): Security update for Active Directory Application Mode (ADAM)
2544893: (download, bulletin): Vulnerability in MHTML could allow information disclosure
2641690: (download, bulletin): Fraudulent digital certificates could allow spoofing
2633952: (download): Timezone Updates
December 2011:
2633171: (download, bulletin): Vulnerability in Windows Kernel Could Allow Elevation of Privilege
2639417: (download, bulletin): Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
2618451 - ActiveX Kill Bits Cumulative Security Update
2624667: (download, bulletin): Vulnerability in OLE Could Allow Remote Code Execution
2640045, 2621146: (download 1, download 2, bulletin): Vulnerability in Active Directory Could Allow Elevation of Privilege
2620712: (download, bulletin): Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
-
January 2012:
Not done yet
NOTE - Rulman as MSFN has analyzed my list and says that these are obsolete. I have not checked however so I'm leaving them linked for now.
Other Windows Components: Internet Explorer 6
Obsolete hotfixes will not be listed, as this changes too often.
IE Cumulative: (download): Cumulative Security Update for Internet Explorer
Other Windows Components: Media Player
Too numerous. Just do yourself a favor and rip Media Player out.
Roots Update direct download link last updated September 25 2007
Windows Script 5.7.0.16535 direct download link
MS Server 2003 link that changes hourly and will probably be a 404 before I even finish typing this