MORE INFORMATION

Updates that are included on the Windows Security Update CD

The Windows Security Update CD includes critical updates for the following operating systems, software, and hardware.

Microsoft Windows XP

• Windows Security Advisor tool
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  828931 Frequently asked questions about the automated portion of the Microsoft Protect Your PC Web Site

• Windows XP Service Pack 1a (SP1a)
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  324720 List of bugs that are fixed in Windows XP Service Pack 1a

• The following Windows XP updates:

  • 823182 MS03-041: Vulnerability in authenticode verification could allow remote code execution

  • 824105 MS03-034: Flaw in NetBIOS could lead to information disclosure

  • 825119 MS03-044: Buffer overrun in Windows Help and Support Center could lead to system compromise

  • 826939 Update Rollup 1 for Windows XP is available

  • 828035 MS03-043: Buffer overrun in Messenger service could allow code execution

  • 817787 MS03-017: Flaw in Windows Media Player skins downloading could allow code execution

  • 814078 MS03-008: Flaw in Windows script engine may allow code to run

  • 330994 MS03-014: April, 2003, cumulative patch for Outlook Express

  • 828750 MS03-040: October, 2003, cumulative patch for Internet Explorer

  • 819696 MS03-030: Unchecked buffer in DirectX could enable system compromise

• Microsoft DirectX 9.0b
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  819696 MS03-030: Unchecked buffer in DirectX could enable system compromise

• Microsoft Windows Media Player 9 Series

Microsoft Windows 2000

• Windows 2000 Service Pack 4 (SP4)
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  327194 List of bugs that are fixed in Windows 2000 Service Pack 4

• The following Windows 2000 update:

  • 824146 MS03-039: A Buffer Overrun in RPCSS Could allow an attacker to run malicious programs

Microsoft Windows Millennium Edition

• Microsoft Internet Explorer 6 Service Pack 1 (SP1)
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  326489 List of issues fixed in Internet Explorer 6 service packs

• DirectX 9.0b
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  819696 MS03-030: Unchecked buffer in DirectX could enable system compromise

• Windows Media Player 9 Series
• Microsoft Data Access Components (MDAC) 2.8
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  828396 Release manifest for MDAC 2.8 (2.80.1022.3)

• The following Windows Millennium Edition updates:

  • 290700 Checkpoints that you create after September 8, 2001 do not restore your computer

  • 323172 MS02-048: Flaw in certificate enrollment control may cause digital certificates to be deleted

  • 323255 MS02-055: Unchecked buffer in Windows Help facility may allow attacker to run code

  • 329048 MS02-054: Unchecked buffer in file decompression functions may allow attacker to run code

  • 329115 MS02-050: Certificate validation flaw might permit identity spoofing

  • 330994 MS03-014: April, 2003, cumulative patch for Outlook Express

  • 811630 HTML Help update to limit functionality when it is invoked with the window.showHelp( ) method

  • 812709 MS03-006: Security vulnerability in Windows Millennium Edition Help and Support Center may permit malicious code to run

  • 823559 MS03-023: Buffer overrun in the HTML converter could allow code execution

  • 825119 MS03-044: Buffer Overrun in Windows Help and Support Center could lead to system compromise

  • 273727 Denial of service possible on an IPX/SPX protocol using the name management port

  • 314757 Unchecked buffer in Universal Plug and Play can lead to system compromise for Windows Me

  • 273991 Patch available for "Share Level Password" vulnerability

  • 828026 Update for Windows Media Player URL script command behavior

  • 828750 MS03-040: October, 2003, cumulative patch for Internet Explorer

  • 814078 MS03-008: Flaw in Windows script engine may allow code to run

Microsoft Windows 98 Second Edition

• Microsoft Internet Explorer 6 Service Pack 1
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  326489 List of issues fixed in Internet Explorer 6 service packs

• DirectX 9.0b
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  819696 MS03-030: Unchecked buffer in DirectX could enable system compromise

• Windows Media Player 9 Series
• Microsoft Data Access Components (MDAC) 2.8
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  828396 Release manifest for MDAC 2.8 (2.80.1022.3)

• The following Windows 98 Second Edition updates:

  • 238453 Data in route pointer field can bypass source routing disable

  • 245729 Windows 95 and Windows 98 file access URL update

  • 256015 Fatal exception 0E with multiple MS-DOS device names in path

  • 259728 MS00-029: Windows hangs with fragmented IP datagrams

  • 273727 Denial of service possible on an IPX/SPX protocol using the name management port

  • 314147 MS02-006: An unchecked buffer in the SNMP service may allow code to run

  • 329048 MS02-054: Unchecked buffer in file decompression functions may allow attacker to run code

  • 249973 MS00-005: Default RTF file viewer interrupts normal program processing

  • 274548 Patch for "HyperTerminal buffer overflow" vulnerability in Windows 98, Windows Me

  • 323172 MS02-048: Flaw in certificate enrollment control may cause digital certificates to be deleted

  • 329115 MS02-050: Certificate validation flaw might permit identity spoofing

  • 811630 HTML Help update to limit functionality when it is invoked with the window.showHelp( ) method

  • 823559 MS03-023: Buffer overrun in the HTML converter could allow code execution

  • 273991 Patch available for "Share Level Password" vulnerability

  • 314941 Unchecked buffer in Universal Plug and Play can lead to system compromise for Windows 98

  • 323255 MS02-055: Unchecked buffer in Windows Help facility may allow attacker to run code

  • 240163 Buffer overrun in Telnet in Windows 95/98 poses a security risk

  • 313829 Unchecked buffer in Windows shell could lead to code running

  • 330994 MS03-014: April, 2003, cumulative patch for Outlook Express

  • 828750 MS03-040: October, 2003, cumulative patch for Internet Explorer

  • 814078 MS03-008: Flaw in Windows script engine may allow code to run

  • 819639 MS03-021: A flaw in Windows Media Player may permit the Media Library to be accessed

Windows 98

• Internet Explorer 6 Service Pack 1
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  326489 List of issues fixed in Internet Explorer 6 service packs

• DirectX 9.0b
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  819696 MS03-030: Unchecked buffer in DirectX could enable system compromise

• Media Player 7.1
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  299321 Description and availability of Windows Media Player 7.1

• Windows 98 System Update
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  232972 Contents of the Microsoft Windows 98 system update

• Microsoft Data Access Components (MDAC) 2.8
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  828396 Release manifest for MDAC 2.8 (2.80.1022.3)

• Virtual Private Networking (VPN) update for Windows 98 and Dial-Up Networking 1.3
  
  For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

  191540 VPN update for Windows 98 and Dial-Up Networking 1.3 Available

• 168115 Malicious user with physical access to a computer can acquire cached domain password

• 238453 Data in route pointer field can bypass source routing disable

• 245729 Windows 95 and Windows 98 file access URL update

• 256015 Fatal exception 0E with multiple MS-DOS device names in path

• 259728 MS00-029: Windows hangs with fragmented IP datagrams

• 273727 Denial of service possible on an IPX/SPX protocol using the name management port

• 314147 MS02-006: An unchecked buffer in the SNMP service may allow code to run

• 329048 MS02-054: Unchecked buffer in file decompression functions may allow attacker to run code

• 249973 MS00-005: Default RTF file viewer interrupts normal program processing

• 274548 Patch for "HyperTerminal buffer overflow" vulnerability in Windows 98, Windows Me

• 323172 MS02-048: Flaw in certificate enrollment control may cause digital certificates to be deleted

• 329115 MS02-050: Certificate validation flaw might permit identity spoofing

• 811630 HTML Help update to limit functionality when it is invoked with the window.showHelp( ) method

• 823559 MS03-023: Buffer overrun in the HTML converter could allow code execution

• 273991 Patch available for "Share Level Password" vulnerability

• 314941 Unchecked buffer in Universal Plug and Play can lead to system compromise for Windows 98

• 323255 MS02-055: Unchecked buffer in Windows Help facility may allow attacker to run code

• 240163 Buffer overrun in Telnet in Windows 95/98 poses a security risk

• 313829 Unchecked buffer in Windows shell could lead to code running

• 330994 MS03-014: April, 2003, cumulative patch for Outlook Express

• 828750 MS03-040: October, 2003, cumulative patch for Internet Explorer

• 814078 MS03-008: Flaw in Windows script engine may allow code to run

• 817787 MS03-017: Flaw in Windows Media Player skins downloading could allow code execution

• 320920 MS02-032: Windows Media Player rollup available