Table Of Contents
Software Installed by the Cisco Unity Server Updates Wizard in 2013
What You Need to Know About the Wizard
Running the Server Updates Wizard
Servers on Which the Wizard Can Be Run
Only English-Language Versions of Updates Provided
Wizard Version 3.0(34), January 2013
Software Installed by the Cisco Unity Server Updates Wizard in 2013
Published January 21, 2013
Caution 
Cisco will cease the future releases of the Server Update Wizard for all versions of Cisco Unity as of January 29, 2013. This includes software patches for security releases, hotfixes, and service packs released by Microsoft affecting the Cisco Unity functionality. Customers may continue to install critical updates from Microsoft to their Cisco Unity systems deployment. Cisco strongly recommends performing a risk evaluation and validation in their lab environment prior to applying them to their production system. For more information on end of license notices refer to the applicable document at t
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_eol_notices_list.html.
Caution Wizard development related to Cisco Unity 4.x and Cisco Unity Connection 1.x has ceased as of July 27, 2009 and March 12, 2009, respectively. For more information, see the Cautions at the end of the
"Servers on Which the Wizard Can Be Run" section.
This document lists the Microsoft updates that are installed automatically when you run the Cisco Unity Server Updates wizard. The following information is provided for each update: the update number, related Knowledge Base article ID, severity rating, and Microsoft document title. For more information on an update, refer to the Microsoft website.
In addition, this document lists the version of Cisco Security Agent for Cisco Unity that the Cisco Unity Server Updates wizard can optionally install.
Note Before you download and use the wizard, familiarize yourself with the information in the "What You Need to Know About the Wizard" section.
On the second Tuesday of each month, Microsoft releases its list of new security updates. We review the list and, if the updates are sufficiently important, create a new wizard. (On average, we create a new wizard about every two months.) The new wizard contains the existing updates from previous wizard versions and the new updates that are applicable to the supported versions of the following software on any of the Cisco Unity-related servers:
•Windows Server 2003
•Windows 2000 Server
•SQL Server 2005 and SQL Server 2000
•SQL Server 2005 Express and MSDE 2000
•Exchange Server 2003
•Exchange 2000 Server
•Internet Explorer
This means that you need to run only the latest wizard version to get all of the updates that are currently recommended for use with any of the applicable servers.
For support-policy information on Microsoft service packs and updates, and on Windows Automatic Updates, see Supported Hardware and Software, and Support Policies for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.
What You Need to Know About the Wizard
The following three sections contain important information about the Cisco Unity Server Updates wizard:
•Running the Server Updates Wizard
•Servers on Which the Wizard Can Be Run
•Only English-Language Versions of Updates Provided
Running the Server Updates Wizard
To ensure the best possible security for the third-party applications installed on Cisco Unity and Cisco Unity-related servers, we recommend that you do the following tasks once a month:
1. Download the latest Cisco Unity Server Updates wizard.
Go to the Voice and Unified Communications Downloads page at http://www.cisco.com/cisco/software/navigator.html?mdfid=280082558. In the tree control on the Downloads page, expand Unified Communications Applications > Voice Mail and Unified Messaging > Cisco Unity, then click the latest version of Cisco Unity and browse to the Microsoft Updates download page.
Note To access the software download page, you must be logged on to Cisco.com as a registered user.
2. During nonbusiness hours, log on to the server from the console or by using a VNC viewer. Other remote-access applications are not supported.
See also the "Servers on Which the Wizard Can Be Run" section.
3. If you plan to install a new version of Cisco Security Agent for Cisco Unity on a server on which it is already installed: Uninstall the existing version and restart the server before you run the Server Updates wizard.
Note Beginning in January 2010, the Server Updates wizard installs version 3.1(7) of the Cisco Security Agent for Cisco Unity.
For information on uninstalling Cisco Security Agent for Cisco Unity, see the applicable version of Release Notes for Cisco Security Agent for Cisco Unity at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.
4. If you uninstalled Cisco Security Agent for Cisco Unity version 3.1(5) or earlier in Task 3. and if the Cisco Unity server is running Windows Server 2003: Check the status of the Windows firewall and, if it is enabled, disable it. In some configurations, uninstalling Cisco Security Agent for Cisco Unity version 3.1(5) or earlier causes the Windows firewall to be enabled, which causes Cisco Unity to function improperly.
5. If you are running the wizard on a Cisco Unity server: Use the Cisco Unity tray icon to stop the Cisco Unity software.
6. Stop antivirus services, if any.
Note If you plan to skip installing a new version of Cisco Security Agent for Cisco Unity on a server on which it is already installed, the Server Updates wizard automatically stops the agent before installing the updates.
7. Run the wizard, and follow the on-screen prompts to install updates for the software installed on the server. At the end of the wizard, choose the option to restart the server.
Progress information displayed by the individual updates is sometimes inaccurate. Do not assume that an apparent lack of progress is an indication that the installation of an update has failed. (The wizard saves detailed installation logs to C:\WINDOWS\SUWlogs.)
8. Restart antivirus services, if any.
9. Repeat Task 2. through Task 8. on the remaining servers on which the wizard can be run.
Servers on Which the Wizard Can Be Run
The Cisco Unity Server Updates wizard can be run on the following Cisco Unity and Cisco Unity-related servers:
•Cisco Unity 5.x, 7.x, and 8.x servers.
•Cisco Unity 5.x and 7.x voice-recognition servers.
Note Beginning with Cisco Unity 8.x, the Cisco Unity voice-recognition application runs on a Linux-based server.
•Cisco Unity Bridge servers.
•In a Cisco Unity Voice Messaging configuration, you can also run the wizard on dedicated Exchange servers and domain controllers/global catalog servers.
Caution Cisco will cease the future releases of the Server Update Wizard for all versions of Cisco Unity as of January 29, 2013. This includes software patches for security releases, hotfixes, and service packs released by Microsoft affecting the Cisco Unity functionality. Customers may continue to install critical updates from Microsoft to their Cisco Unity systems deployment. Cisco strongly recommends performing a risk evaluation and validation in their lab environment prior to applying them to their production system. For more information on end of license notices refer to the applicable document at t
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_eol_notices_list.html.
Caution Wizard development related to Cisco Unity 4.x has ceased as of July 27, 2009, as documented in the "End of Software Maintenance Releases Date" milestone in the
EoS and EoL Announcement for Cisco Unity 4.x document at
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5745/ps2237/end_of_life_notice_cisco_unity_version_4x.html. The Cisco Unity 4.x support policy for Microsoft service packs and updates allows the installation of all Microsoft updates when they are released. Although using the Cisco Unity Server Updates wizard to install the updates may continue to work, we are no longer testing the wizard with Cisco Unity 4.x. As a result, if you encounter any problems with the wizard, Cisco TAC will not be able to help you resolve them. For the Cisco Unity 4.x support policy for Microsoft service packs and updates, see
Supported Hardware and Software, and Support Policies for Cisco Unity 4.2 and Later at
http://www.cisco.com/en/US/docs/voice_ip_comm/unity/42/support/42lsupp.html.
Caution Wizard development related to Cisco Unity Connection 1.x has ceased as of March 12, 2009, as documented in the "End of Software Maintenance Releases Date" milestone in the
EoS and EoL Announcement for Cisco Unity Connection 1.x document at
https://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5745/ps6509/prod_end-of-life_notice0900aecd806c3d64.html. The Connection 1.x support policy for Microsoft service packs and updates allows the installation of all Microsoft updates when they are released. Although using the Cisco Unity Server Updates wizard to install the updates may continue to work, we are no longer testing the wizard with Connection 1.x. As a result, if you encounter any problems with the wizard, Cisco TAC will not be able to help you resolve them. For the Connection 1.x support policy for Microsoft service packs and updates, see
Cisco Unity Connection 1.x System Requirements, and Supported Hardware and Software at
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/1x/requirements/1xsysrq.html.
Only English-Language Versions of Updates Provided
The Cisco Unity Server Updates wizard contains only the English-language version of Microsoft updates. Therefore, you can use the wizard to update a server only when Windows was installed in one of the following ways:
•By using the Platform Configuration discs that are included with a Cisco Unity server purchased from Cisco.
Note Windows Server 2003 Platform Configuration discs include the Microsoft Multilingual User Interface, which allows you to localize the Windows user interface into the languages supported for use with Cisco Unity.
•By using a retail, English-language Windows disc.
You cannot use the Cisco Unity Server Updates wizard to install Microsoft updates when a localized version of Windows was installed on the server. If you installed a non-English-language version of Windows, we recommend that you use another process to download and install the Microsoft updates listed in this document (for example, Windows Automatic Update).
Wizard Version 3.0(34), January 2013
Revised January 15, 2013
Cisco Unity Server Updates wizard version 3.0(34) installs the following software:
•Cisco Security Agent for Cisco Unity version 3.1(7).
•The Microsoft security updates listed below.
In addition, when this version of the wizard runs on Windows Server 2003 SP1 or SP2, it applies the registry edit described in Microsoft Knowledge Base article KB 928046. The registry edit fixes a known issue in Cisco Unity in which administering the system over remote desktop connections in console mode crashed the Cisco Unity-CM TSP.
January 2013
–MS13-002, KB 2756145 (Critical), Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
–MS13-004, KB 2769324 (Important), Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
December 2012
–MS12-077, KB 2761465 (Critical), Cumulative Security Update for Internet Explorer
–MS12-078, KB 2783534 (Critical), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
–MS12-081, KB 2758857 (Critical), Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
–MS12-082, KB 2770660 (Important), Vulnerability in DirectPlay Could Allow Remote Code Execution
November 2012
–MS12-072, KB 2727528 (Critical), Vulnerabilities in Windows Shell Could Allow Remote Code Execution
–MS12-074, KB 2745030 (Critical), Vulnerabilities in .NET Framework Could Allow Remote Code Execution
–MS12-075, KB 2761226 (Critical), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
October 2012
–MS12-043, KB 2722479 (Critical), Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
–MS12-054, KB 2733594 (Critical), Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution
–MS12-055, KB 2731847 (Important), Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
–MS12-068, KB 2724197 (Critical), Vulnerability in Windows Kernel Could Allow Elevation of Privilege
–MS12-070, KB 2722913 (Critical), CVulnerability in SQL Server Could Allow Elevation of Privilege
August 2012
–MS12-043, KB 2722479 (Critical), Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
–MS12-052, KB 2722913 (Critical), Cumulative Security Update for Internet Explorer
–MS12-054, KB 2733594 (Critical), Vulnerabilities in Windows Networking Components Could Allow Remote Code
–MS12-055, KB 2731847 (Important), Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
July 2012
–MS12-043, (MSXML3.0 - KB 2685939 (Critical), MSXML4.0 KB2721691(Critical), and MSXML6.0 KB2721693(Critical)) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
–MS12-045, KB 2698365 (Critical), Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution
–MS12-047, KB 2718523 (Important), Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
–MS12-048, KB 2691442 (Important), Vulnerability in Windows Shell Could Allow Remote Code Execution
–MS12-049, KB 2655992 (Important), Vulnerability in TLS Could Allow Information Disclosure
June 2012
–MS12-036, KB 2685939 (Critical), Vulnerability in Remote Desktop Could Allow Remote Code Execution
–MS12-037, KB 2699988 (Critical), Cumulative Security Update for Internet Explorer
–MS12-038, KB 2706726 (Critical), Vulnerability in .NET Framework Could Allow Remote Code Execution
–MS12-041, KB 2709162 (Important), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
–MS12-042, KB 2711167 (Important), Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
May 2012
–MS12-034, KB 2681578 (Critical), Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight
–MS12-035, KB 2693777 (Critical), Vulnerabilities in .NET Framework Could Allow Remote Code Execution
April 2012
–MS12-023, KB 2675157 (Critical), Cumulative Security Update for Internet Explorer
–MS12-024, KB 2653956 (Critical), Vulnerability in Windows Could Allow Remote Code Execution
–MS12-025, KB 2671605 (Critical), Vulnerability in .NET Framework Could Allow Remote Code Execution
March 2012
–MS12-020, KB 2671387 (Critical), Vulnerabilities in Remote Desktop Could Allow Remote Code Execution
–MS12-018, KB 2641653 (Important), Security Update for Windows Server 2003
–MS12-017, KB 2647170 (Important), Vulnerability in DNS Server Could Allow Denial of Service
February 2012
–MS12-008, KB 2660465 (Critical), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
–MS12-009, KB 2645640 (Important), Vin Ancillary Function Driver Could Allow Elevation of Privilege
–MS12-010, KB 2647516 (Critical), Cumulative Security Update for Internet Explorer
–MS12-016, KB 2651026 (Critical), Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution
January 2012
–MS12-001, KB 2644615 (Important), Vulnerability in Windows Kernel Could Allow Security Feature Bypass
–MS12-002, KB 2603381 (Important), Vulnerability in Windows Object Packager Could Allow Remote Code Execution
–MS12-003, KB 2646524 (Important), Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
–MS12-004, KB 2636391 (Critical), Vulnerabilities in Windows Media Could Allow Remote Code Execution
–MS12-005, KB 2584146 (Important), Vulnerability in Microsoft Windows Could Allow Remote Code Execution
December 2011
–MS11-087, KB 2639417 (Critical), Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
–MS11-090, KB 2618451 (Critical), Cumulative Security Update for ActiveX Kill Bits
–MS11-093, KB 2624667 (Important), Vulnerability in Microsoft Windows OLE32 Could Allow Remote Code Execution
–MS11-095, KB 2640045 (Important), Vulnerability in Active Directory Could Allow Remote Code Execution
–MS11-097, KB 2620712 (Important), Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege
–MS11-098, KB 2633171 (Important), Vulnerability in Windows Kernel Could Allow Elevation of Privilege
–MS11-099, KB 2618444 (Important), Cumulative Security Update for Internet Explorer
November 2011
–MS11-075, KB 2623699 (Important), Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution
–MS11-077, KB 2567053 (Important), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
–MS11-078, KB 2604930 (Critical), Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution
–MS11-080, KB 2592799 (Important), Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
–MS11-081, KB 2586448 (Critical), Cumulative Security Update for Internet Explorer
–MS11-086, KB 2630837 (Important), Vulnerability in Active Directory Could Allow Elevation of Privilege
September 2011
–MS11-070, KB 2571621 (Important), Vulnerability in WINS Could Allow Elevation of Privilege
–MS11-071, KB 2570947 (Important), Vulnerability in Windows Components Could Allow Remote Code Execution
August 2011
–MS11-057, KB 2559049 (Critical), Cumulative Security Update for Internet Explorer
–MS11-058, KB 2562485 (Important), Vulnerabilities in DNS Server Could Allow Remote Code Execution
–MS11-062, KB 2566454 (Important), Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege
–MS11-063, KB 2567680 (Important), Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
–MS11-065, KB 2570222 (Important), Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
–MS11-069, KB 2567951 (Moderate), Vulnerability in .NET Framework Could Allow Information Disclosure
July 2011
–MS11-054, KB 2555917 (Important), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
–MS11-056, KB 2507938 (Important), Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
June 2011
–MS11-037, KB 2544893 (Important), Vulnerability in MHTML Could Allow Information Disclosure
–MS11-038, KB 2476490 (Critical), Vulnerability in OLE Automation Could Allow Remote Code Execution
–MS11-039, KB 2514842 (Critical), Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution
–MS11-042, KB 2535512 (Critical), Vulnerabilities Distributed File System Could Allow Remote Code Execution
–MS11-043, KB 2536276 (Critical), Vulnerability in SMB Client Could Allow Remote Code Execution
–MS11-044, KB 2538814 (Critical), Vulnerability in .NET Framework Could Allow Remote Code Execution
–MS11-046, KB 2503665 (Important), Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
–MS11-049, KB 2543893 (Important), Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure
–MS11-050, KB 2530548 (Critical), Cumulative Security Update for Internet Explorer
–MS11-051, KB 2518295 (Important), Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege
–MS11-052, KB 2544521 (Critical), Vulnerability in Vector Markup Language Could Allow Remote Code Execution
May 2011
–MS11-035, KB 2524426 (Critical), Vulnerability in WINS Could Allow Remote Code Execution
April 2011
–MS11-018, KB 2497640 (Critical), Cumulative Security Update for Internet Explorer
–MS11-019, KB 2511455 (Critical), Vulnerabilities in SMB Client Could Allow Remote Code Execution
–MS11-020, KB 2508429 (Critical), Vulnerability in SMB Server Could Allow Remote Code Execution
–MS11-024, KB 2527308 (Important), Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution
–MS11-026, KB 2503658 (Important), Vulnerability in MHTML Could Allow Information Disclosure
–MS11-027, KB 2508272 (Critical), Cumulative Security Update of ActiveX Kill Bits
–MS11-028, KB 2484015 (Critical), Vulnerability in .NET Framework Could Allow Remote Code Execution
–MS11-029, KB 2489979 (Critical), Vulnerability in GDI+ Could Allow Remote Code Execution
–MS11-030, KB 2509553 (Critical), Vulnerability in DNS Resolution Could Allow Remote Code Execution
–MS11-031, KB 2514666 (Critical), Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution
–MS11-032, KB 2507618 (Critical), Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
–MS11-033, KB 2485663 (Important), Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
–MS11-034, KB 2506223 (Important), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
March 2011
–MS11-017, KB 2508062 (Important), Vulnerability in Remote Desktop Client Could Allow Remote Code Execution
February 2011
–MS11-014, KB 2478960 (Important), Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege
–MS11-013, KB 2496930 (Important), Vulnerabilities in Kerberos Could Allow Elevation of Privilege
–MS11-012, KB 2479628 (Important), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
–MS11-011, KB 2393802 (Important), Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
–MS11-010, KB 2476687 (Important), Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
–MS11-007, KB 2485376 (Critical), Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
–MS11-006, KB 2483185 (Critical), Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution
–MS11-005, KB 2478953 (Important), Vulnerability in Active Directory Could Allow Denial of Service
–MS11-003, KB 2482017 (Critical), Cumulative Security Update for Internet Explorer
–MS11-002, KB 2451910 (Critical), Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution
December 2010
–MS10-101, KB 2207559 (Important), Vulnerability in Windows Netlogon Service Could Allow Denial of Service
–MS10-099, KB 2440591 (Important), Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege
–MS10-098, KB 2436673 (Important), Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
–MS10-097, KB 2443105 (Important), Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution
–MS10-096, KB 2423089 (Important), Vulnerability in Windows Address Book Could Allow Remote Code Execution
–MS10-091, KB 2296199 (Critical), Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution
–MS10-090, KB 2416400 (Critical), Cumulative Security Update for Internet Explorer
October 2010
–MS10-084, KB 2360937 (Important), Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege
–MS10-083, KB 2405882 (Important), Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution
–MS10-081, KB 2296011 (Important), Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
–MS10-076, KB 982132 (Critical), Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
–MS10-074, KB 2387149 (Moderate), Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution
–MS10-070, KB 2418042 (Important), Vulnerability in ASP.NET Could Allow Information Disclosure
September 2010
–MS10-069, KB 2121546 (Important), Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege
–MS10-068, KB 983539 (Important), Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege
–MS10-067, KB 2259922 (Important), Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
–MS10-065, KB 2267960 (Important), Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution
–MS10-063, KB 2320113 (Critical), Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution
–MS10-062, KB 975558 (Critical), Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution
–MS10-061, KB 2347290 (Critical), Vulnerability in Print Spooler Service Could Allow Remote Code Execution
August 2010
–MS10-060, KB 2265906 (Critical), Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution
–MS10-054, KB 982214 (Critical), Vulnerabilities in SMB Server Could Allow Remote Code Execution
–MS10-052, KB 2115168 (Critical), Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
–MS10-051, KB 2079403 (Critical), Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
–MS10-049, KB 980436 (Critical), Vulnerabilities in SChannel could allow Remote Code Execution
–MS10-046, KB 2286198 (Critical), Vulnerability in Windows Shell Could Allow Remote Code Execution
July 2010
–MS10-042, KB 2229593 (Critical), Vulnerability in Help and Support Center Could Allow Remote Code Execution
June 2010
–MS10-041, KB 981343 (Important), Vulnerability in Microsoft .NET Framework Could Allow Tampering
–MS10-040, KB 982666 (Important), Vulnerability in Internet Information Services Could Allow Remote Code Execution
–MS10-034, KB 980195 (Critical), Cumulative Security Update of ActiveX Kill Bits
April 2010
–KB 948496, An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers
December 2008
–KB 955839, December 2008 cumulative time zone update for Microsoft Windows operating systems
July 2008
–KB 953988, An application that uses the IEnumVARIANT interface triggers a memory leak, and this causes system performance to decrease on a Windows Server 2003-based computer
February 2010
–MS10-015, KB 977165 (Important), Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
–MS10-014, KB 977290 (Important), Vulnerability in Kerberos Could Allow Denial of Service
–MS10-013, KB 977935 (Critical), Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
–MS010-012, KB 971468 (Important), Vulnerabilities in SMB Server Could Allow Remote Code Execution
–MS010-011, KB 978037 (Important), Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
–MS010-008, KB 978262 (Critical), Cumulative Security Update of ActiveX Kill Bits
–MS010-007, KB 975713 (Critical), Vulnerability in Windows Shell Handler Could Allow Remote Code Execution
–MS010-006, KB 978251 (Critical), Vulnerabilities in SMB Client Could Allow Remote Code Execution
–MS010-005, KB 978706 (Moderate), Vulnerability in Microsoft Paint Could Allow Remote Code Execution
January 2010
–MS10-001, KB 972270 (Critical), Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
December 2009
–MS09-073, KB 975539 (Important), Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution
–MS09-071, KB 974318 (Critical), Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
–MS09-070, KB 971726 (Important), Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution
–MS09-069, KB 974392 (Important), Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
October 2009
–MS09-064, KB 974783 (Critical), Vulnerability in License Logging Server Could Allow Remote Code Execution
–MS09-062, KB 957488 (Critical), Vulnerabilities in GDI+ Could Allow Remote Code Execution
–MS09-059, KB 975467 (Important), Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
–MS09-057, KB 969059 (Important), Vulnerability in Indexing Service Could Allow Remote Code Execution
–MS09-056, KB 974571 (Important), Vulnerabilities in Windows CryptoAPI Could Allow Spoofing
–MS09-053, KB 975254 (Important), Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution
–KB 957593, Error message if you use the NON_CONTENT_INDEXED_SEARCH flag
September 2009
–MS09-048, KB 967723 (Critical), Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
–MS09-047, KB 973812 (Critical), Vulnerabilities in Windows Media Format Could Allow Remote Code Execution
–MS09-046, KB 956844 (Critical), Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution
–MS09-045, KB 971961 (Critical), Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution
August 2009
–MS09-044, KB 970927 (Critical), Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution
–MS09-042, KB 960859 (Important), Vulnerability in Telnet Could Allow Remote Code Execution
–MS09-041, KB 971657 (Important), Vulnerability in Workstation Service Could Allow Elevation of Privilege
–MS09-040, KB 971032 (Important), Vulnerability in Message Queuing Could Allow Elevation of Privilege
–MS09-039, KB 969883 (Critical), Vulnerabilities in WINS Could Allow Remote Code Execution
–MS09-037, KB 973908 (Critical), Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
June 2009
–MS09-022, KB 961501 (Critical), Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution
–MS09-020, KB 970483 (Important), Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege
–MS09-019, KB 969897 (Critical), Cumulative Security Update for Internet Explorer
April 2009
–MS09-015, KB 959426 (Moderate), Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege
–MS09-013, KB 960803 (Critical), Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution
–MS09-012, KB 959454, KB952004, and KB956572 (Important), Vulnerabilities in Windows Could Allow Elevation of Privilege
–MS09-010, KB 960477 (Critical), Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution. (In the Add or Remove Programs control panel, the application is listed as KB 923561.)
March 2009
–MS09-007, KB 960225 (Important), Vulnerability in SChannel Could Allow Spoofing
February 2009
–MS09-004, KB 959420 (Important), Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution. (KB 959420 is the main article for this update. However, in the Add or Remove Programs control panel, the application is listed as "Security Update for SQL Server 2000 Service Pack 4 and MSDE 2000 (KB960083)".)
–MS09-003, KB 959239 (Critical), Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution. (KB 959239 is the main article for this update. However, in the Add or Remove Programs control panel, the application is listed as "Security Update for Exchange 2000 Server (KB959897)".)
December 2008
–MS08-071, KB 956802 (Critical), Vulnerabilities in GDI Could Allow Remote Code Execution
November 2008
–MS08-068, KB 957097 (Important), Vulnerability in SMB Could Allow Remote Code Execution
October 2008
–MS08-067, KB 958644 (Critical), Vulnerability in Server Service Could Allow Remote Code Execution
–MS08-062, KB 953155 (Important), Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution
August 2008
–MS08-049, KB 950974 (Important), Vulnerabilities in Event System Could Allow Remote Code Execution
–MS08-046, KB 952954 (Critical), Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
July 2008
–MS08-039, KB 953747 (Important), Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege
June 2008
–MS08-036, KB 950762 (Important), Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
April 2008
–MS08-022, KB 944338 (Critical), Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution
–MS08-021, KB 948590 (Critical), Vulnerabilities in GDI Could Allow Remote Code Execution
–MS08-020, KB 945553 (Important), Vulnerability in DNS Client Could Allow Spoofing
February 2008
–MS08-008, KB 947890 and KB 943055 (Critical), Vulnerability in OLE Automation Could Allow Remote Code Execution
–MS08-007, KB 946026 (Critical), Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution
–MS08-005, KB 942831 (Important), Vulnerability in Internet Information Services Could Allow Elevation of Privilege
–KB 928046, A custom wave driver is unloaded when a remote client computer connects to a Windows Server 2003-based computer that is running a TAPI program
January 2008
–MS08-001, KB 941644 (Critical), Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
December 2007
–MS07-067, KB 944653 (Important), Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege
November 2007
–MS07-062, KB 941672 (Important), Vulnerability in DNS Could Allow Spoofing (only installed when DNS is installed on the server)
–MS07-061, KB 943460 (Critical), Vulnerability in Windows URI Handling Could Allow Remote Code Execution
October 2007
–MS07-051, KB 938827 (Critical), Vulnerability in Microsoft Agent Could Allow Remote Code Execution
August 2007
–MS07-045, KB 937143 (Critical), Cumulative Security Update for Internet Explorer
June 2007
–MS07-034, KB929123 (Critical), Cumulative Security Update for Outlook Express and Windows Mail
May 2007
–MS07-026, KB931832 (Critical), Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution
After you install MS07-026, Cisco Unity may not be able to deliver voice messages to subscribers whose Active Directory accounts belong to one or more administrative groups. For information on a workaround, refer to the tech note Cisco Unity for Exchange Cannot Deliver Messages to Some Subscribers After MS06-019 or MS07-026 Is Installed at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_tech_notes_list.html.
April 2007
–MS07-020, KB 932168 (Critical), Vulnerability in Microsoft Agent Could Allow Remote Code Execution
–MS07-017, KB 925902 (Critical), Vulnerabilities in GDI Could Allow Remote Code Execution
February 2007
–MS07-013, KB 918118 (Important), Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution
–MS07-011, KB 926436 (Important), Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution
–MS07-009, KB 927779 (Critical), Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution
–MS07-008, KB 928843 (Critical), Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution
–MS07-006, KB 928255 (Important), Vulnerability in Windows Shell Could Allow Elevation of Privilege
–KB 931836 (none), February 2007 cumulative time zone update for Microsoft Windows operating systems
December 2006
–MS06-078, KB925398 (Critical), Vulnerability in Windows Media Format Could Allow Remote Code Execution
–MS06-074, KB 926247 (Important), Vulnerability in SNMP Could Allow Remote Code Execution
November 2006
–MS06-070, KB 924270 (Critical), Vulnerability in Workstation Service Could Allow Remote Code Execution
–MS06-066, KB 923980 (Important), Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution
October 2006
–MS06-065, KB 924496 (Moderate), Vulnerability in Windows Object Packager Could Allow Remote Execution
–MS06-064, KB 922819 (Low), Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service
–MS06-063, KB 923414 (Important), Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution
–MS06-057, KB 923191 (Critical), Vulnerability in Windows Explorer Could Allow Remote Execution
August 2006
–MS06-050, KB 920670 (Important), Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution
–MS06-046, KB 922616 (Critical), Vulnerability in HTML Help Could Allow Remote Code Execution
–MS06-044, KB 917008 (Critical), Vulnerability in Microsoft Management Console Could Allow Remote Code Execution
–MS06-041, KB 920683 (Critical), Vulnerabilities in DNS Resolution Could Allow Remote Code Execution
July 2006
–MS06-036, KB 914388 (Critical), Vulnerability in DHCP Client Service Could Allow Remote Code Execution
–MS06-035, KB 917159 (Critical), Vulnerability in Server Service Could Allow Remote Code Execution
–MS06-034, KB 917537 (Important), Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution
June 2006
–MS06-031, KB 917736 (Moderate), Vulnerability in RPC Mutual Authentication Could Allow Spoofing
–MS06-022, KB 918439 (Critical), Vulnerability in ART Image Rendering Could Allow Remote Code Execution
May 2006
–MS06-018, KB 913580 (Moderate), Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service
April 2006
–MS06-015, KB 908531 (Important), Vulnerability in Windows Explorer Could Allow Remote Code Execution
–MS06-014, KB 911562 (Critical), Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
March 2006
–Cumulative Hotfix for SQL Server 2000 Service Pack 4 - Build 2187, KB 916287
February 2006
–MS06-009, KB 901190 (Important), Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (necessary only if the Korean Input Method Editor is installed)
–MS06-008, KB 911927 (Important), Vulnerability in Web Client Service Could Allow Remote Code Execution
January 2006
–MS06-003, KB 902412 (Critical), Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution
December 2005
–MS05-055, KB 908523 (Important), Vulnerability in Windows Kernel Could Allow Elevation of Privilege
–MS05-053, KB 896424 (Critical), Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution
October 2005
–MS05-051, KB 902400 (Critical), Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
–MS05-049, KB 900725 (Important), Vulnerabilities in Windows Shell Could Allow Remote Code Execution
–MS05-048, KB 907245 (Important), Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution
–MS05-047, KB 905749 (Important), Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege
–MS05-046, KB 899589 (Important), Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution
–MS05-045, KB 905414 (Moderate), Vulnerability in Network Connection Manager Could Allow Denial of Service
–MS05-044, KB 905495 (Moderate), Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering
August 2005
–MS05-043, KB 896423 (Critical), Vulnerability in Print Spooler Service Could Allow Remote Code Execution
–MS05-042, KB 899587 (Moderate), Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing
–MS05-041, KB 899591 (Moderate), Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
–MS05-040, KB 893756 (Important), Vulnerability in Telephony Service Could Allow Remote Code Execution
–MS05-039, KB 899588 (Critical), Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege
July 2005
–MS05-036, KB 901214 (Critical), Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution
–MS05-032, KB 890046 (Moderate), Vulnerability in Microsoft Agent Could Allow Spoofing
June 2005
–Microsoft Update Rollup 1 for Windows 2000 SP4, KB 900345.
–MS05-026, KB 896358 (Critical), Vulnerability in HTML Help Could Allow Remote Code Execution
April 2005
–MS05-021, KB 894549 (Critical), Vulnerability in Exchange Server Could Allow Remote Code Execution
February 2005
–MS05-014, KB 867282 (Critical), Cumulative Security Update for Internet Explorer
October 2004
–MS04-036, KB 883935 (Critical), Vulnerability in NNTP Could Allow Remote Code Execution
August 2004
–Microsoft .NET Framework 1.1 Service Pack 1, KB 867460
–Exchange 2000 Server Post-Service Pack 3 Update Rollup, KB 870540 (None), Availability of the August 2004 Exchange 2000 Server Post-Service Pack 3 Update Rollup
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013 Cisco Systems, Inc. All rights reserved.
Feedback
