Using Beyond Compare 2, here are the differences between RyanVM's Windows XP Post-SP3 Update Pack 1.0.3 and XPSP3_QFE_UpdatePack for Windows XP Post-SP3 1.05 20090609:
Added
KB892130 - Windows Genuine Advantage Validation Tool ActiveX Control 1.9.40.0
KB923561 - Vulnerability in WordPad and Office text converters could allow remote code execution
KB938464 - Description of the security update for GDI+ for all editions of Windows XP with Internet Explorer 6 SP1
KB952004 - Description of the security update for MSDTC Transaction Facility (April 2009)
KB956572 - Description of the security update for Windows Service Isolation (April 2009)
KB958690 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
KB959426 - Blended threat vulnerability in SearchPath could allow elevation of privilege
KB960225 - security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it
KB960803 - Vulnerabilities in Windows HTTP services could allow remote code execution
KB961373 - Vulnerability in Microsoft DirectShow could allow remote code execution
KB961501 - Vulnerabilities in the Windows Print Spooler could allow remote code execution
KB968537 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
KB969897 - Cumulative security update for Internet Explorer (June 2009)
KB969898 - Cumulative Security Update for ActiveX Killbits
KB970238 - Vulnerability in RPC Could Allow Elevation of Privilege
KB905474 - Windows Genuine Advantage Notifications (Supressed MU Nag to Install)
Updated
KB931125 - Microsoft Root Certificates Update (May 2009)
Adobe Flash Player 10.0.22.87 ActiveX Control
Code65536 FontReg 2.1.2
MSXML 4.0 SP3 4.30.2100.0
KB890830 - Microsoft Malicious Software Removal Tool 2.11
Removed
KB887606 - Microsoft XML Parser (MSXML) uses cached credentials incorrectly
KB951698 - Vulnerabilities in DirectX could allow remote code execution
KB956807 - The Unicode hyphen character (U+2010) is not drawn when using an application that uses GDI+ API functions
KB956841 - Vulnerability in Virtual Address Descriptor manipulation could allow elevation of privilege
KB958215 - Cumulative security update for Internet Explorer (December, 2008)
KB958282 - 0x00000050 stop error when an application calls the NtGdiRectInRegion function
