Windows 2003 Server fixes for SP1 and SP2
Microsoft security fixes are the updates of Software programs or the OS that Microsoft releases to fix issues on specific products, and security related vulnerability. These updates are required to be deployed by customers, so they can keep their systems in a healthy, stable state and free of security attacks. Microsoft releases security updates on 2nd Tuesday of every Month and classifies them as critical, important, moderate and low. Apart from that, Microsoft releases out-of-band fixes, outside of update cycle, which are of highest critical priority and require immediate attention.
Updating systems is an essential step in an enterprise environment. As per today’s environmental demands it is vital for the enterprises and others to adapt patch management systems in place. Customers can subscribe to get alerts on the updates released by Microsoft, on which they have option either to automatically update affected systems or use some software tools to package and install via System administrator. The updates are released as Security Bulletin which with details about the issues, severity ratings, affected OS or Software, deployment instructions etc.
Fixes for Windows 2003
MS10-084:
This publicly disclosed vulnerability could allow attacker to get elevated privilege if he could able to logon locally with a valid logon credentials. The attacker can send an LPC message to the local LRPC Server by running specially crafted code that will enable an authenticated user to access resources running on Network Service account context.
The security update resolves the issue by modifying LRPC port messages within the RPC subsystem.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2.
For complete details of file(s) list and download check below link,
MS10-071:
This security update resolves vulnerabilities in IE6, IE7 and IE8 where an attacker can attack the system if user views a specially crafted web page.
The security update resolves the issue by modifying the way IE handles objects in memory, CSS special characters, HTML sanitization, AutoComplete feature, Anchor element, and script.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-066:
This security update resolves vulnerability in remote code execution if an attacker sent specially crafted RPC response to RPC initiated client and then taking complete control of the affected systems without user interaction.
RPC client allocation memory process was updated prior to loading RPC responses.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-065:
This security update resolves vulnerability in IIS 5.1, 6.0, 7.0 and 7.5 that could allow remote code execution if a user send HTTP request that are specially crafted to the server.
This update modifies the way IIS handles HTTP request that are specially crafted.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-063:
This security update resolves vulnerability in Unicode Scripts processor where an attacker can gain rights to the system as per user’s rights if user viewed a crafted document or web page that has OpenType fonts.
This update modifies the way Windows parses OpenTypes fonts.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-062:
This security update resolves vulnerability in MPEG-4 codec where an attacker can gain rights to the system as per user’s rights if user opens a crafted media file or download a crafted streaming content.
This update modifies the way MPEG-4 codec takes care of specially crafted media content.
Affected OS: 2003 SP2, x64 SP2
For complete details of file(s) list and download check below link,
MS10-061:
This security update resolves vulnerability in Print Spooler service. If an attacker sends a print request to a system that has issue in spooler interface over RPC, he could then get access to perform remote code execution.
This update handles the vulnerability by correcting printer spooler service validation via user permissions.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-030:
This security update resolves vulnerability in Outlook Express, Windows Mail and Live Mail where an attacker can gain rights to the system as per user’s rights if user goes to a malicious e-mail server.
This fix resolves the issue by correctly validating e-mail server responses.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-024:
This fix resolves vulnerability in Microsoft Exchange and SMTP service. If an attacker sent DNS response that is specially crafted to a system with SMTP service running, he could take control of the service.
This fix resolves the vulnerability by addressing SMTP parses MX records and how SMTP allocates memory for interpreting SMTP command responses.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2
For complete details of file(s) list and download check below link,
MS10-022:
This update resolves vulnerability in VBScript. If user has administrative rights and if he visited a malicious web site that has a malicious dialog box and if user pressed F1 key, the attacker could then load his Windows Help file on the system resulting remote code execution and complete control of the affected system.
This fix resolves the vulnerability by correcting the VBScript engine that process help files in a protected mode.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2.
For complete details of file(s) list and download check below link,
https://support.microsoft.com/en-us/help/981169
MS10-019:
This update resolves vulnerability in Windows Authenticode Verification process. If the attacker has access to Windows Authenticode Verification he could run remote code execution and then can take complete control of the affected system to install programs, modify the user’s accounts etc.
This fix resolves the vulnerability by addressing additional verification process whenever a user sign and verify a portable executable or cabinet file.
Affected OS: 2003 SP2, x64 SP2, Itanium based SP2.
For complete details of file(s) list and download check below link,
