We've created this page to allow you to see at a glance which Microsoft Security Bulletins apply to which products and the Severity Rating for each bulletin.  Each Security Bulletin is listed complete with links to the full bulletin on Microsoft's website.

You can view Security Bulletins sorted in reverse numerical order or by the date the Bulletin was last updated.
 

Severity Ratings

Security Vulnerabilities By Number

Security Vulnerabilities By Date

Severity Ratings
Microsoft use the following system to rate the severity for each vulnerability.  This information has been reproduced from the "Microsoft Security Response Center Security Bulletin Severity Rating System (Revised, November 2002)" which you can find at:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/rating.asp

We've added the "Colour" column onto the end of the table so that you can tell at a glance what Severity Rating Microsoft have assigned to the software affected by each vulnerability.

A FAQ on the Severity Rating system is available at:

http://www.microsoft.com/technet/security/policy/rateFAQ.asp

Microsoft believe you should always apply patches to any software you're using for which they issue a patch with either a Critical or Important rating and these patches should be applied as soon as is practically possible (especially Critical ones).

For patches rated as either Moderate or Low Microsoft recommend you read the related security bulletin to decide whether you should apply the patch to your environment. Personally if Microsoft issue a patch for something I'd seriously consider installing it (after testing) regardless of the Rating.  Easier said than done I know in a lot of environments but if you don't patch you're asking for trouble.

Security Vulnerabilities By Number
The following is a list of Security Vulnerabilities issued year-to-date (dd/mm/yy) with the most recent first.
 

Patch No.	Title	Affects/ Severity	Issued/ Updated
MS03-051	Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)	Windows 2000 SP2, SP3 Windows XP Windows XP SP 1 Office XP Office XP SR 1	11/11/03/ 14/11/03  Ver 1.2
MS03-050	Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)	Excel 97 Excel 2000 Excel 2002 Word 97 Word 98(J) Word 2000 Works Suite 2001 Word 2002 Works Suite 2002 Works Suite 2003 Works Suite 2004	11/11/03 Ver 1.0
MS03-049	Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)	Windows 2000 SP2, SP3 and SP4 Windows XP Windows XP SP 1 Windows XP 64-Bit Edition	11/11/03/ 14/11/03  Ver 1.1
MS03-048	Cumulative Update for Internet Explorer (824145)	Windows Millennium Edition Windows NT Workstation 4.0 SP 6a Windows NT Server 4.0 SP 6a Windows NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP2, SP3 and SP4 Windows XP Windows XP SP 1 Windows XP 64-Bit Edition Windows XP 64-Bit Edition Version 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition	11/11/03/ 12/11/03  Ver 1.1
MS03-047	Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)	Microsoft Exchange Server 5.5 SP4	15/10/03/ 22/10/02 Ver 2.0
MS03-046	Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)	Microsoft Exchange Server 5.5 SP4 Microsoft Exchange 2000 Server SP3	15/10/03/ 22/10/03 Ver 1.1
MS03-045	Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)	Windows NT Workstation 4.0 SP6a Windows NT Server 4.0 SP6a Windows NT Server 4.0 Terminal Server SP6 Windows 2000 SP2 Windows 2000 SP3, SP4 Windows XP Gold SP1 Windows XP 64 bit Edition Windows XP 64 bit Edition 2003 Windows Server 2003 Windows Server 2003 64 bit Edition	15/10/03/ 29/10/02 Ver 3.0
MS03-044	Buffer Overrun in Windows Help and Support Centre Could Lead to System Compromise (825119)	Windows Millennium Edition Windows NT Workstation 4.0 SP6a Windows NT Server 4.0 SP6a Windows NT Server 4.0 Terminal Server SP6 Windows 2000 SP2 Windows 2000 SP3, SP4 Windows XP Gold SP1 Windows XP 64 bit Edition Windows XP 64 bit Edition 2003 Windows Server 2003 Windows Server 2003 64 bit Edition	15/10/03/ 22/10/03 Ver 1.1
MS03-043	Buffer Overrun in Messenger Service Could Allow Code Execution (828035)	Windows NT Workstation 4.0 SP6a Windows NT Server 4.0 SP6a Windows NT Server 4.0 Terminal Server SP6 Windows 2000 SP2 Windows 2000 SP3, SP4 Windows XP Gold SP1 Windows XP 64 bit Edition Windows XP 64 bit Edition 2003 Windows Server 2003 Windows Server 2003 64 bit Edition	15/10/03/ 29/10/02 Ver 2.0
MS03-042	Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)	Windows NT Server 4.0 SP6a Windows NT Server 4.0 Terminal Server SP6 Windows 2000 SP2 Windows 2000 SP3, SP4 Windows XP Gold, SP1 Windows XP 64 bit Edition Windows XP 64 bit Edition 2003 Windows Server 2003 Windows Server 2003 64 bit Edition	15/10/03/ 29/10/02 Ver 2.0
MS03-041	Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)	Windows NT Workstation 4.0 SP6a Windows NT Server 4.0 SP6a Windows NT Server 4.0 Terminal Server SP6 Windows 2000 SP2 Windows 2000 SP3, SP4 Windows XP Gold SP1 Windows XP 64 bit Edition Windows XP 64 bit Edition 2003 Windows Server 2003 Windows Server 2003 64 bit Edition	15/10/03/ 22/10/03 Ver 1.1
MS03-040	Cumulative Patch for Internet Explorer (828750)	Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0 Internet Explorer 6.0 for Windows Server 2003	03/10/03/ 06/10/03 Ver 1.1
MS03-039	Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)	Windows NT Workstation 4.0 Windows NT Server 4.0 Windows NT Server 4.0 Terminal Server Edition Windows 2000 Windows XP Windows Server 2003	10/09/03 Ver 1.0
MS03-038	Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)	Access 97 Access 2000 Access 2002	03/09/03/ 04/09/03 Ver 1.1
MS03-037	Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715)	Visual Basic for Applications SDK 5.0 Visual Basic for Applications SDK 6.0 Visual Basic for Applications SDK 6.2 Visual Basic for Applications SDK 6.3 Plus a whole list of software which includes the affected software	03/09/03 Ver 1.0
MS03-036	Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103)	Office 97 Office 2000 Office XP Word 98 (J) FrontPage 2000 FrontPage 2002 Publisher 2000 Publisher 2002 Works Suite 2001 Works Suite 2002 Works Suite 2003	03/09/03/ 04/09/03 Ver 1.1
MS03-035	Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)	Word 97 Word 98 (J) Word 2000 Word 2002 Works Suite 2001 Works Suite 2002 Works Suite 2003	03/09/03/ 03/09/03 Ver 1.1
MS03-034	Flaw in NetBIOS Could Lead to Information Disclosure (824105)	Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP Windows Server 2003	03/09/03/ 03/09/03 Ver 1.1
MS03-033	Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)	MDAC 2.5 MDAC 2.6 MDAC 2.7	20/08/03 Ver 1.0
MS03-032	Cumulative Patch for Internet Explorer (822925)	Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0 Internet Explorer 6.0 for Windows Server 2003	20/08/03/ 03/10/03 Ver 1.4
MS03-031	Cumulative Patch for Microsoft SQL Server (815495)	SQL Server 7.0 MSDE 1.0 SQL Server 2000 SQL Server 2000 Desktop Engine (MSDE 2000) SQL Server 2000 Desktop Engine (Windows)	23/07/03/ 18/09/03 Ver 1.2
MS03-030	Unchecked Buffer in DirectX Could Enable System Compromise (819696)	DirectX 5.2 on Windows 98 DirectX 6.1 on Windows 98 SE DirectX 7.1 on Windows Millennium DirectX 7.0 on Windows 2000 DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b when installed on Windows 98, 98 SE, Millennium or 2000 DirectX 8.1 on Windows XP DirectX 8.1 on Windows Server 2003 DirectX 9.0a when installed on Windows 98, 98 SE, Millennium, 2000, XP DirectX 9.0a when installed on Windows Server 2003 Windows NT 4.0 with either Windows Media Player 6.4 or IE 6 SP 1 installed Windows NT 4.0 Terminal Server Edition with either Windows Media Player 6.4 or IE6 SP1 installed	23/07/03/ 20/08/03 Ver 2.1
MS03-029	Flaw in Windows Function Could Allow Denial of Service (823803)	Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition	23/07/03/ 13/08/03 Ver 2.0
MS03-028	Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456)	Internet Security and Acceleration (ISA) Server 2000	16/07/03/ 28/07/03 Ver 1.2
MS03-027	Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)	Windows XP	16/07/03/ 17/07/03 Ver 1.1
MS03-026	Buffer Overrun In RPC Interface Could Allow Code Execution (823980)	Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP Windows Server 2003	16/07/03/ 10/09/03 Ver 2.0
MS03-025	Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)	Windows 2000	09/07/03/ 10/07/03 Ver 1.1
MS03-024	Buffer Overrun in Windows Could Lead to Data Corruption (817606)	Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP	09/07/03/ 18/09/03 Ver 1.2
MS03-023	Buffer Overrun In HTML Converter Could Allow Code Execution (823559)	Windows 98 Windows 98 Second Edition Windows Me Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP Windows Server 2003	09/07/03/ 10/07/03 Ver 1.2
MS03-022	Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)	Windows 2000	25/06/03 Ver 1.0
MS03-021	Flaw In Windows Media Player May Allow Media Library Access (819639)	Windows Media Player 9 Series	25/06/03/ 04/07/03 Ver 1.1
MS03-020	Cumulative Patch for Internet Explorer (818529)	Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0 Internet Explorer 6.0 for Windows Server 2003	04/06/03 Ver 1.1
MS03-019	Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (817772)	Windows NT 4.0 Windows 2000	28/05/03/ 30/05/03 Ver 2.0
MS03-018	Cumulative Patch for Internet Information Service (811114)	Internet Information Server 4.0 Internet Information Services 5.0 Internet Information Services 5.1	28/05/03/ 30/05/03 Ver 1.1
MS03-017	Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)	Windows Media Player 7.1 Windows Media Player for Windows XP (Version 8.0)	07/05/03/ 09/05/03 Ver 1.2
MS03-016	Cumulative Patch for BizTalk Server (815206)	BizTalk Server 2000 BizTalk Server 2002	30/04/03 Ver 1.0
MS03-015	Cumulative Patch for Internet Explorer (813489)	Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0	23/04/03/ 01/05/03 Ver 1.1
MS03-014	Cumulative Patch for Outlook Express (330994)	Outlook Express 5.5 Outlook Express 6.0	23/04/03/ 22/08/03 Ver 1.1
MS03-013	Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)	Windows NT 4.0 Windows NT 4.0 Server Terminal Server Edition Windows 2000 Windows XP	16/04/03/ 25/08/03 Ver 2.1
MS03-012	Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066)	Proxy Server 2.0 ISA Server	09/04/03 Ver 1.0
MS03-011	Flaw in Microsoft VM Could Enable System Compromise (816093)	Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to and including build 5.0.3809 are affected by these vulnerabilities.	09/04/03/ 27/06/03 Ver 1.2
MS03-010	Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)	Windows NT 4 Windows 2000 Windows XP	26/03/03/ 13/05/03 Ver 1.1
MS03-009	Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065)	ISA Server	19/03/03 Ver 1.0
MS03-008	Flaw in Windows Script Engine Could Allow Code Execution (814078)	Windows 98 Windows 98 Second Edition Windows Me Windows NT 4.0 Server Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP	19/03/03/ 04/09/03 Ver 1.4
MS03-007	Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)	Windows NT 4.0 Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP	17/03/03/ 18/09/03 Ver 3.4
MS03-006	Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709)	Windows Me	26/02/03 Ver 1.0
MS03-005	Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)	Windows XP	05/02/03 Ver 1.0
MS03-004	Cumulative Patch for Internet Explorer (810847)	Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0	05/02/03/ 19/02/03 Ver 2.1
MS03-003	Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)	Outlook 2002	22/01/03 Ver 1.0
MS03-002	Cumulative Patch for Microsoft Content Management Server (810487)	Content Management Server 2001	22/01/03 Ver 1.0
MS03-001	Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)	Windows NT 4.0 Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP	22/01/03/ 28/10/03 Ver 1.1
MS02-050	Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)	Windows 98 Windows 98 Second Edition Windows Me Windows NT 4.0 Windows NT 4.0 Terminal Server Edition Windows 2000 Windows XP Office for Mac Internet Explorer for Mac Outlook Express for Mac	04/09/02/ 11/11/03 Ver 5.0

 

Rating	Definition	Colour
Critical	A vulnerability whose exploitation could allow the propagation of an Internet worm without user action	Red
Important	A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.	Orange
Moderate	Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation	Green
Low	A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.	Black