Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS06-061: Vulnerabilities in Microsoft XML Core Services could allow remote code execution


View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS06-061. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

↑ Back to the top


Service pack information

The problem that is addressed by this security update is now corrected in Microsoft Office 2003 Service Pack 3 (SP3). For more information about how to obtain the latest service pack for Microsoft Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:

870924 How to obtain the latest service pack for Office 2003

Known issues with this security update

  • If you have multiple versions of the Microsoft XML Parser or Microsoft XML Core Services (MSXML) installed, you may have to install multiple packages for this security update. Additionally, if you install a version of MSXML after you install this security update, you may have to install an additional package for this security update. For more information about the different MSXML versions that are available or included with various Microsoft products or software updates, click the following article number to view the article in the Microsoft Knowledge Base:

    269238 List of Microsoft XML Parser (MSXML) versions

  • After you install the original version of security update 924191 for Windows 2000 Service Pack 4, the "kill bit" for Microsoft XML Parser (MSXML) version 2.6 CLSIDs is incorrectly set to 0x00000190 (400) instead of to 0x00000400 (1024). On October 19, 2006, Microsoft released a new version of this security update to address this problem.



    Note The new security update that was released on October 19, 2006 does not correctly update the version information that is displayed in Add or Remove Programs if you previously installed the original security update for Windows 2000. The version number should be updated to 0061014.135844. However, the version information continues to be displayed as 20060915.123522. This problem can be ignored. In this scenario, the "kill bit" is correctly updated in the registry for the MSXML version 2.6 CLSIDs.
  • After you install this security update, you cannot use Microsoft XML Parser version 2.6 in Microsoft Internet Explorer. This behavior is by design. The security update package 924191 set the "kill bit" for this version of MSXML. The "kill bit" prevents the component from running in Internet Explorer.

    Note Developers who use MSXML 2.6 version-dependent Program IDs (ProgIDs) in an application must update the ProgIDs to use MSXML 3.0.

    Sample code that uses an MSXML 2.6 version-dependent ProgID
    var o = new ActiveXObject("Msxml2.DOMDocument.2.6");
    Updated sample code that uses an MSXML 3.0 version-dependent ProgID
    var o = new ActiveXObject("Msxml2.DOMDocument.3.0");
    The 924191 security update packages for this release set the "kill bit" for the MSXML 2.6 CLSIDs that are listed in the following table.
    GUIDSymbolic name
    f5078f22-c551-11d3-89b9-0000f81fe221CLSID_XMLDocument26
    f5078f1b-c551-11d3-89b9-0000f81fe221CLSID_DOMDocument26
    f5078f1c-c551-11d3-89b9-0000f81fe221CLSID_FreeThreadedDOMDocument26
    f5078f1d-c551-11d3-89b9-0000f81fe221CLSID_XMLSchemaCache26
    f5078f1e-c551-11d3-89b9-0000f81fe221CLSID_XMLHTTP26
    f5078f21-c551-11d3-89b9-0000f81fe221CLSID_XSLTemplate26
    f5078f1f-c551-11d3-89b9-0000f81fe221CLSID_DSOControl26
    f5078f20-c551-11d3-89b9-0000f81fe221CLSID_XMLParser26
    f5078f28-c551-11d3-89b9-0000f81fe221CLSID_Viewer26
    f5078f29-c551-11d3-89b9-0000f81fe221CLSID_BufferedMoniker26
    f5078f26-c551-11d3-89b9-0000f81fe221CLSID_XSLPatternFactory26
  • Security update packages 925672 and 925673 for MSXML 4.0 Service Pack 2 (SP2) and MSXML 6.0 are complete installation packages. You can use these packages to install MSXML 4.0 SP2 or MSXML 6.0 on a computer that has no earlier versions of MSXML 4.0 or MSXML 6.0 installed. You can also use these packages to update an existing installation of MSXML 4.0, MSXML 4.0 SP1, or MSXML 6.0.
  • Windows Update and Microsoft Update only offer security update packages 925672 and 925673 if an earlier version of MSXML 4.0 SP2 or MSXML 6.0 is already installed on your computer. If you do not have an earlier version of MSXML 4.0 SP2 or MSXML 6.0 installed, download and install these packages from the Microsoft Download Center.
  • Windows Update and Microsoft Update do not offer security update 925672 if you have MSXML 4.0 or MSXML 4.0 SP1 installed. To update MSXML 4.0 or MSXML 4.0 SP1, use one of the following methods:
  • The files that are installed by security update packages 925672 and 925673 for MSXML 4.0 SP2 and MSXML 6.0 are listed in the following tables.

    MSXML 6.0 is not installed
    File NameVersionDateTimeSize
    Msxml6.dll6.0.3888.01-Sep-0612:081.27 MB
    Msxml6r.dll6.0.3883.019-Jul-0610:5584.6 KB
    MSXML 6.0 is installed
    File NameVersionDateTimeSize
    Msxml6.dll6.0.3888.01-Sep-0612:081.27 MB
    MSXML 4.0 is not installed
    File NameVersionDateTimeSize
    Msxml4.dll4.20.9839.012-Sep-065:511216 KB
    Msxml4r.dll4.10.9404.012-Jul-065:4980.5 KB
    Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.

    MSXML 4.0 is installed
    File NameVersionDateTimeSize
    Msxml4.dll4.20.9839.012-Sep-065:5311.18 MB
    Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.
  • When you remove security update 925673 for MSXML 6.0, MSXML 6.0 is completely removed from your computer.
  • Security update package 925672 for MSXML 4.0 SP2 does not support completely removing MSXML 4.0 because this version of MSXML is installed in side-by-side mode. To work around this issue, follow these steps:
    1. Use Add or Remove Programs to remove security update 925672.
    2. Delete the MSXML4.dll file the from %SystemRoot%\System32 folder.
    3. Use Add or Remove Programs to repair MSXML 4.0.
    The earlier versions of the Msxml4.dll file and the Msxml4r.dll file are restored to both the %SystemRoot%\System32 folder and the side-by-side folder.
  • The security update packages for MSXML 3.0 only update the MSXML3.dll file. The resource files are not updated for this version.
  • After you install this security update, you may experience unexpected behavior in Microsoft Commerce Server 2002 Business Desk applications. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

    926509 You may experience unexpected behavior when you access Commerce Server Business Desk applications after you update the computer with the latest security updates

Additional packages for this security update

The security update packages for this release use this Knowledge Base article number (924191) and the following Knowledge Base article numbers.
  • 925673 MS06-061: Security update for Microsoft XML Core Services 6.0

  • 925672 MS06-061: Security update for Microsoft XML Core Services 4.0 SP2

  • 924424 Description of the security update for Office 2003: October 10, 2006

↑ Back to the top


Keywords: kbwinserv2003sp2fix, kb, kbpubtypekc, kbfix, kbbug, kbsecvulnerability, kbsecbulletin, kbsecurity, kbqfe, kblangall, kbexpertisebeginner, kbwinxppresp3fix, kbwinserv2003presp2fix, kbwin2000presp5fix, kbsqlserv2000presp5fix, kbsql2005presp2fix, kboffice2003presp3fix, kbmustloc

↑ Back to the top

Article Info
Article ID : 924191
Revision : 5
Created on : 4/13/2020
Published on : 4/13/2020
Exists online : False
Views : 3287