Windows XP SP1/SP1a Patches

You should consider installing Service Pack 2 as soon as possible

On August 9, 2004, Microsoft released SP2 for Windows XP. SP2 is the latest collection of updates for Windows XP.
Download Windows XP SP2 Network Installation (266mb)link out ico
See the Windows 2000/XP SP Slipstreaming page for info on how to integrate SP2 into your existing media.

Required Patches

Windows XP Home or Professional with Service Pack 1 or Service Pack 1a requires the following security-related patches (If you don’t know about SP1a or if you want to read about it go to my Windows XP SP1a Info page):
Make sure you read Internet Explorer 6.0 SP1 Patches and IIS 5.1 Patches before you go on.

October 2005
MS05-051 : Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)link out ico
MS05-050 : Vulnerability in DirectShow Could Allow Remote Code Execution (904706)link out ico
MS05-049 : Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)link out ico
MS05-048 : Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)link out ico
MS05-047 : Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)link out ico
MS05-046 : Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)link out ico
MS05-045 : Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)link out ico
MS05-044 : Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)link out ico
August 2005
MS05-043 : Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)link out ico
MS05-042 : Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)link out ico
MS05-041 : Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)link out ico
MS05-040 : Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)link out ico
July 2005
MS05-036 : Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)link out ico
June 2005
MS05-033 : Vulnerability in Telnet Client Could Allow Information Disclosure (896428)link out ico
MS05-032 : Vulnerability in Microsoft Agent Could Allow Spoofing (890046)link out ico
MS05-031 : Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)link out ico
MS05-030 : Cumulative Security Update in Outlook Express (897715)link out ico
MS05-028 : Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)link out ico
MS05-027 : Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)link out ico
MS05-026 : Vulnerability in HTML Help Could Allow Remote Code Execution (896358)link out ico
April 2005
MS05-019 : Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)link out ico
MS05-018 : Vulnerability in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)link out ico
MS05-017 : Vulnerability in Message Queuing Could Allow Code Execution (892944)link out ico
MS05-016 : Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)link out ico
February 2005
MS05-015 : Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)link out ico
MS05-013 : Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781)link out ico
MS05-012 : Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)link out ico
MS05-011 : Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)link out ico
MS05-010 : Vulnerability in the License Logging Service Could Allow Code Execution (885834)link out ico
MS05-009 : Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)link out ico
MS05-006 : Vulnerability in Windows Could Allow Information Disclosure (888302)link out ico
MS05-004 : ASP. NET Path Validation Vulnerability (887219)link out ico
January 2005
MS05-003 : Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)link out ico
MS05-002 : Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)link out ico
MS05-001 : Vulnerability in HTML Help Could Allow Code Execution (890175)link out ico
December 2004
MS04-045 : Vulnerability in WINS Could Allow Remote Code Execution (870763)link out ico
MS04-044 : Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)link out ico
MS04-043 : Vulnerability in HyperTerminal Could Allow Code Execution (873339)link out ico
MS04-041 : Vulnerability in WordPad Could Allow Code Execution (885836)link out ico
October 2004
MS04-037 : Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)link out ico
MS04-034 : Vulnerability in Compressed (zipped) Folders Could Allow Code Execution (873376)link out ico
MS04-032 : Security Update for Microsoft Windows (840987)link out ico
MS04-031 : Vulnerability in NetDDE Could Allow Remote Code Execution (841533)link out ico
MS04-030 : Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)link out ico
MS04-028 : Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (873374)link out ico

July 2004

MS04-024 : Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)link out ico
MS04-023 : Vulnerability in HTML Help Could Allow Code Execution (840315)link out ico
MS04-022 : Vulnerability in Task Scheduler Could Allow Code Execution (841873)link out ico

June 2004

MS04-016 : Vulnerability in DirectPlay Could Allow Denial of Service (839643)link out ico

May 2004

MS04-015 : Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)link out ico

April 2004

MS04-014 : Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)link out ico
MS04-012 : Cumulative Update for Microsoft RPC/DCOM (828741)link out ico
MS04-011 : Security Update for Microsoft Windows (835732)link out ico

February 2004

MS04-007 : ASN .1 Vulnerability Could Allow Code Execution (828028)link out ico

January 2004

MS04-003 : Buffer Overrun in MDAC Function Could Allow code execution (832483)link out ico

November 2003

MS03-051 : Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)link out ico
MS03-049 : Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)link out ico

October 2003

MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)link out ico
MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)link out ico
MS03-043 : Buffer Overrun in Messenger Service Could Allow Code Execution (828035)link out ico
MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)link out ico

September 2003

MS03-039 : Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)link out ico
MS03-034 : Flaw in NetBIOS Could Lead to Information Disclosure (824105)link out ico

July 2003

MS03-030 : Unchecked Buffer in DirectX Could Enable System Compromise (819696)link out ico
MS03-027 : Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)link out ico
MS03-026 : Buffer Overrun In RPC Interface Could Allow Code Execution (823980)link out ico
MS03-024 : Buffer Overrun in Windows Could Lead to Data Corruption (817606)link out ico
MS03-023 : Buffer Overrun In HTML Converter Could Allow Code Execution (823559)link out ico

May 2003

MS03-018 : Cumulative Patch for Internet Information Service (811114)link out ico
MS03-017 : Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)link out ico (Only if you still have the original WMP for XP)

April 2003

MS03-013 : Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)link out ico
MS03-011 : Flaw in Microsoft VM Could Enable System Compromise (816093)link out ico

March 2003

MS03-010 : Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)link out ico
MS03-008 : Flaw in Windows Script Engine could allow code execution (814078)link out ico

February 2003

You Cannot Create a Network Connection After You Restore Windows XP (329441)link out ico
MS03-005 : Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)link out ico

January 2003

MS03-001 : Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)link out ico

December 2002

MS02-072 : Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)link out ico
MS02-071 : Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation (328310)link out ico
MS02-070 : Flaw in SMB Signing May Permit Group Policy to Be Modified (329170)link out ico
Hyperlinks Open in Internet Explorer Instead of in Default Browser or Help and Support Center – (810565)link out ico

November 2002

MS02-050 : Certificate Validation Flaw Could Enable Identity Spoofing (328115 and 329115) (Reposted)link out ico

October 2002

MS02-063 : Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (329834)link out ico
MS02-055 : Unchecked Buffer in Windows Help Facility Could Enable Code Execution (323255)link out ico
MS02-054 : Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (329048)link out ico

September 2002

MS02-053 : Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (324096)link out ico

Full list

For the full list of Windows XP post-SP1/1a fixes please visit the following URL:

Note that this list contains ALL fixes, not just the security updates. Depending on your configuration you might not need to apply all the fixes listed above.