In my testing these security bulleints aren't fixed in Win2k SP4, 

but are documented that they are at this link:

http://www.microsoft.com/technet/treeview/default.asp?

url=/technet/security/news/w2kSP4.asp



1. MS02-053. It fixes the FPSE 2000 vulnerability, but 

not FPSE 2002.



2. MS03-019. It updates the vulnerable files in only 1 

location, not both locations where niislog.dll is stored 

(\inetpub\scripts and \winnt\system32\windows 

media\server).



3. MS02-032. It fixes WMP 6.4, but only updates 2 of the 

5 vulnerable files in WMP 7.1.



4. MS03-014. It fixes the vulnerability for OE 5.5, but not 

OE 6.0 SP1.



One that did get fixed, but is not documented in the 

link, is MS01-022 (as of this post).



Anyone else find these in their testing?