On August 9, 2004, Microsoft released SP2 for Windows XP. SP2 is the latest collection of updates for Windows XP.
Download Windows XP SP2 Network Installation (266mb)
See the Windows 2000/XP SP Slipstreaming page for info on how to integrate SP2 into your existing media.
Windows XP Home or Professional with Service Pack 1 or Service Pack 1a requires the following security-related patches (If you don’t know about SP1a or if you want to read about it go to my Windows XP SP1a Info page):
Make sure you read Internet Explorer 6.0 SP1 Patches and IIS 5.1 Patches before you go on.
October 2005
MS05-051 : Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
MS05-050 : Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
MS05-049 : Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)
MS05-048 : Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)
MS05-047 : Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)
MS05-046 : Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)
MS05-045 : Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
MS05-044 : Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
August 2005
MS05-043 : Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
MS05-042 : Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
MS05-041 : Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
MS05-040 : Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
July 2005
MS05-036 : Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
June 2005
MS05-033 : Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
MS05-032 : Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
MS05-031 : Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)
MS05-030 : Cumulative Security Update in Outlook Express (897715)
MS05-028 : Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)
MS05-027 : Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)
MS05-026 : Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
April 2005
MS05-019 : Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
MS05-018 : Vulnerability in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
MS05-017 : Vulnerability in Message Queuing Could Allow Code Execution (892944)
MS05-016 : Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
February 2005
MS05-015 : Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
MS05-013 : Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781)
MS05-012 : Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
MS05-011 : Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
MS05-010 : Vulnerability in the License Logging Service Could Allow Code Execution (885834)
MS05-009 : Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)
MS05-006 : Vulnerability in Windows Could Allow Information Disclosure (888302)
MS05-004 : ASP. NET Path Validation Vulnerability (887219)
January 2005
MS05-003 : Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
MS05-002 : Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
MS05-001 : Vulnerability in HTML Help Could Allow Code Execution (890175)
December 2004
MS04-045 : Vulnerability in WINS Could Allow Remote Code Execution (870763)
MS04-044 : Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
MS04-043 : Vulnerability in HyperTerminal Could Allow Code Execution (873339)
MS04-041 : Vulnerability in WordPad Could Allow Code Execution (885836)
October 2004
MS04-037 : Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
MS04-034 : Vulnerability in Compressed (zipped) Folders Could Allow Code Execution (873376)
MS04-032 : Security Update for Microsoft Windows (840987)
MS04-031 : Vulnerability in NetDDE Could Allow Remote Code Execution (841533)
MS04-030 : Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)
MS04-028 : Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (873374)
MS04-024 : Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
MS04-023 : Vulnerability in HTML Help Could Allow Code Execution (840315)
MS04-022 : Vulnerability in Task Scheduler Could Allow Code Execution (841873)
MS04-016 : Vulnerability in DirectPlay Could Allow Denial of Service (839643)
MS04-015 : Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)
MS04-014 : Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
MS04-012 : Cumulative Update for Microsoft RPC/DCOM (828741)
MS04-011 : Security Update for Microsoft Windows (835732)
MS04-007 : ASN .1 Vulnerability Could Allow Code Execution (828028)
MS04-003 : Buffer Overrun in MDAC Function Could Allow code execution (832483)
MS03-051 : Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
MS03-049 : Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
MS03-043 : Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
MS03-039 : Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
MS03-034 : Flaw in NetBIOS Could Lead to Information Disclosure (824105)
MS03-030 : Unchecked Buffer in DirectX Could Enable System Compromise (819696)
MS03-027 : Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
MS03-026 : Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
MS03-024 : Buffer Overrun in Windows Could Lead to Data Corruption (817606)
MS03-023 : Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
MS03-018 : Cumulative Patch for Internet Information Service (811114)
MS03-017 : Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) (Only if you still have the original WMP for XP)
MS03-013 : Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)
MS03-011 : Flaw in Microsoft VM Could Enable System Compromise (816093)
MS03-010 : Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)
MS03-008 : Flaw in Windows Script Engine could allow code execution (814078)
You Cannot Create a Network Connection After You Restore Windows XP (329441)
MS03-005 : Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
MS03-001 : Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
MS02-072 : Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)
MS02-071 : Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation (328310)
MS02-070 : Flaw in SMB Signing May Permit Group Policy to Be Modified (329170)
Hyperlinks Open in Internet Explorer Instead of in Default Browser or Help and Support Center – (810565)
MS02-050 : Certificate Validation Flaw Could Enable Identity Spoofing (328115 and 329115) (Reposted)
MS02-063 : Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (329834)
MS02-055 : Unchecked Buffer in Windows Help Facility Could Enable Code Execution (323255)
MS02-054 : Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (329048)
MS02-053 : Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (324096)
For the full list of Windows XP post-SP1/1a fixes please visit the following URL:
Note that this list contains ALL fixes, not just the security updates. Depending on your configuration you might not need to apply all the fixes listed above.