We've created this page to allow you to see at a glance which Microsoft Security Bulletins apply to which products and the Severity Rating for each bulletin.  Each Security Bulletin is listed complete with links to the full bulletin on Microsoft's website.

You can view Security Bulletins sorted in reverse numerical order or by the date the Bulletin was last updated.
 

Severity Ratings

Security Vulnerabilities By Number

Security Vulnerabilities By Date

Previous Years

Severity Ratings
Microsoft use the following system to rate the severity for each vulnerability.  This information has been reproduced from the "Microsoft Security Response Center Security Bulletin Severity Rating System (Revised, November 2002)" which you can find at:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/rating.asp

We've added the "Colour" column onto the end of the table so that you can tell at a glance what Severity Rating Microsoft have assigned to the software affected by each vulnerability.

A FAQ on the Severity Rating system is available at:

http://www.microsoft.com/technet/security/policy/rateFAQ.asp

Microsoft believe you should always apply patches to any software you're using for which they issue a patch with either a Critical or Important rating and these patches should be applied as soon as is practically possible (especially Critical ones).

For patches rated as either Moderate or Low Microsoft recommend you read the related security bulletin to decide whether you should apply the patch to your environment. Personally if Microsoft issue a patch for something I'd seriously consider installing it (after testing) regardless of the Rating.  Easier said than done I know in a lot of environments but if you don't patch you're asking for trouble.

Security Vulnerabilities By Number
The following is a list of Security Vulnerabilities issued year-to-date (dd/mm/yy) with the most recent first.
 

Patch No.	Title	Affects/ Severity	Updated/ Issued/ Ver
MS04-026	Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)	Exchange Server 5.5 SP4	U = N/A I = 10/08/04 V =Ver 1.0
MS04-025	Cumulative Security Update for IE (867801)	IE 5.01 SP 2 IE 5.01 SP 3 IE 5.01 SP 4 IE 5.5 SP 2 IE 6 IE 6 SP 1 IE 6 SP 1 (64-Bit Edition) IE 6 for Windows Server 2003 IE 6 for Windows 2003 (64-Bit)	U = 01/08/04 I = 30/07/04 V =Ver 2.0
MS04-024	Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 NT Workstation and Server 4.0 SP 6a with Active Desktop Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME – Review the FAQ for details	U = 10/08/04 I = 13/07/04 V =Ver 1.4
MS04-023	Vulnerability in HTML Help Could Allow Code Execution (840315)	Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME – Review the FAQ for details	U = N/A I = 13/07/04 V =Ver 1.0
MS04-022	Vulnerability in Task Scheduler Could Allow Code Execution (841873)	Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003	U = 19/07/04 I = 13/07/04 V =Ver 1.1
MS04-021	Security Update for IIS 4.0 (841373)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a	U = 06/08/04 I = 13/07/04 V =Ver 1.2
MS04-020	Vulnerability in POSIX Could Allow Code Execution (841872)	Microsoft INTERIX® 2.2 NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP 2, 3, and 4	U = 10/08/04 I = 13/07/04 V =Ver 2.0
MS04-019	Vulnerability in Utility Manager Could Allow Code Execution (842526)	Windows 2000 SP 2, 3, and 4	U = N/A I = 13/07/04 V =Ver 1.0
MS04-018	Cumulative Security Update for Outlook Express (823353)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME – Review the FAQ for details	U = N/A I = 13/07/04 V =Ver 1.0
MS04-017	Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689)	Visual Studio .NET 2003 Outlook 2003 with Business Contact Manager Microsoft Business Solutions CRM 1.2	U = 16/06/04 I = 08/06/04 V =Ver 1.1
MS04-016	Vulnerability in DirectPlay Could Allow Denial of Service (839643)	Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME	U = 16/06/04 I = 08/06/04 V =Ver 1.1
MS04-015	Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)	Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition	U = 11/05/04 I = 11/05/04 V =Ver 1.1
MS04-014	Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME	U = 11/05/04 I = 13/04/04 V =Ver 2.0
MS04-013	Cumulative Security Update for Outlook Express (837009)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME	U = N/A I = 13/04/04 V =Ver 1.0
MS04-012	Cumulative Update for Microsoft RPC/DCOM (828741)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Windows 98, Windows 98 SE, and Windows ME	U = 21/04/04 I = 13/04/04 V =Ver 1.1
MS04-011	Security Update for Microsoft Windows (835732)	NT Workstation 4.0 SP 6a NT Server 4.0 SP 6a NT Server 4.0 Terminal Server Edition SP 6 Windows 2000 SP 2, 3, and 4 Windows XP and Windows XP SP 1 Windows XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition Ver 2003 Windows Server 2003 Windows Server 2003 64-Bit Edition Microsoft NetMeeting Windows 98, Windows 98 SE, and Windows ME	U = 10/08/04 I = 13/04/04 V =Ver 2.1
MS04-010	Vulnerability in MSN Messenger Could Allow Information Disclosure (838512)	Microsoft MSN Messenger 6.0 Microsoft MSN Messenger 6.1	U = N/A I = 09/03/04 V =Ver 1.0
MS04-009	Vulnerability in Microsoft Outlook Could Allow Code Execution (828040)	Office XP SP 2 Outlook 2002 SP 2	U = 12/04/04 I = 09/03/04 V =Ver 2.2
MS04-008	Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)	Windows 2000 SP 2, 3, and 4	U = N/A I = 09/03/04 V =Ver 1.0
MS04-007	ASN.1 Vulnerability Could Allow Code Execution (828028)	Windows NT® Workstation 4.0 SP 6a Windows NT Server 4.0 SP 6a Windows NT Server 4.0 Terminal Server Edition, SP 6 Windows 2000 SP 2, 3, and 4 Windows XP, Windows XP SP 1 Windows XP 64-Bit Edition, XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition 2003 Windows Server® 2003 Windows Server 2003, 64-Bit Edition	U = 09/06/04 I = 10/02/04 V =Ver 1.1
MS04-006	Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)	Windows NT Server 4.0 SP 6a Windows NT Server 4.0 Terminal Server Edition, SP 6 Windows 2000 SP 2, 3, and 4 Windows Server® 2003 Windows Server 2003, 64-Bit Edition	U = N/A I = 10/02/04 V =Ver 1.0
MS04-005	Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)	Microsoft Virtual PC for the Macintosh (all supported versions)	U = N/A I = 10/02/04 V =Ver 1.0
MS04-004	Cumulative Security Update for IE (832894)	Windows NT® Workstation 4.0 SP 6a Windows NT Server 4.0 SP 6a Windows NT Server 4.0 Terminal Server Edition, SP 6 Windows 2000 SP 2, 3, and 4 Windows XP, Windows XP SP 1 Windows XP 64-Bit Edition, XP 64-Bit Edition SP 1 Windows XP 64-Bit Edition 2003 Windows Server® 2003 Windows Server 2003, 64-Bit Edition	U = 12/04/04 I = 18/02/04 V =Ver 1.7
MS04-003	Buffer Overrun in MDAC Function Could Allow Code Execution (832483)	Microsoft Data Access Components (MDAC) 2.5 (included with Windows 2000)   MDAC Components 2.6 (included with SQL Server 2000) MDAC 2.7 (included with Windows XP)   MDAC 2.8 (included with Windows Server 2003) MDAC 2.8 (included with Windows Server 2003 64-Bit Edition)	U = 01/04/04 I = 13/01/04 V =Ver 1.2
MS04-002	Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)	Exchange Server 2003	U = 14/01/04 I = 13/01/04 V =Ver 1.1
MS04-001	Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)	Internet Security and Acceleration (ISA) Server 2000 Small Business Server (SBS) 2000 (which includes ISA Server 2000) SBS 2003 (which includes ISA Server 2000)	U = N/A I = 13/01/04 V =Ver 1.0

U = Last Updated
I = Date Issued
V =Current Version
 

Rating	Definition	Colour
Critical	A vulnerability whose exploitation could allow the propagation of an Internet worm without user action	Red
Important	A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.	Orange
Moderate	Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation	Green
Low	A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.	Black