Microsoft has released security bulletin MS06-061. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:
The problem that is addressed by this security update is now corrected in Microsoft Office 2003 Service Pack 3 (SP3).
For more information about how to obtain the latest service pack for Microsoft Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:
How to obtain the latest service pack for Office 2003
Known issues with this security update
If you have multiple versions of the Microsoft XML Parser or Microsoft XML Core Services (MSXML) installed, you may have to install multiple packages for this security update. Additionally, if you install a version of MSXML after you install this security update, you may have to install an additional package for this security update.
For more information about the different MSXML versions that are available or included with various Microsoft products or software updates, click the following article number to view the article in the Microsoft Knowledge Base:
After you install the original version of security update 924191 for Windows 2000 Service Pack 4, the "kill bit" for Microsoft XML Parser (MSXML) version 2.6 CLSIDs is incorrectly set to 0x00000190 (400) instead of to 0x00000400 (1024). On October 19, 2006, Microsoft released a new version of this security update to address this problem.
Note The new security update that was released on October 19, 2006 does not correctly update the version information that is displayed in Add or Remove Programs if you previously installed the original security update for Windows 2000. The version number should be updated to 0061014.135844. However, the version information continues to be displayed as 20060915.123522. This problem can be ignored. In this scenario, the "kill bit" is correctly updated in the registry for the MSXML version 2.6 CLSIDs.
After you install this security update, you cannot use Microsoft XML Parser version 2.6 in Microsoft Internet Explorer. This behavior is by design. The security update package 924191 set the "kill bit" for this version of MSXML. The "kill bit" prevents the component from running in Internet Explorer.
Note Developers who use MSXML 2.6 version-dependent Program IDs (ProgIDs) in an application must update the ProgIDs to use MSXML 3.0.
Sample code that uses an MSXML 2.6 version-dependent ProgID
var o = new ActiveXObject("Msxml2.DOMDocument.2.6");
Updated sample code that uses an MSXML 3.0 version-dependent ProgID
var o = new ActiveXObject("Msxml2.DOMDocument.3.0");
The 924191 security update packages for this release set the "kill bit" for the MSXML 2.6 CLSIDs that are listed in the following table.
Collapse this tableExpand this table
GUID
Symbolic name
f5078f22-c551-11d3-89b9-0000f81fe221
CLSID_XMLDocument26
f5078f1b-c551-11d3-89b9-0000f81fe221
CLSID_DOMDocument26
f5078f1c-c551-11d3-89b9-0000f81fe221
CLSID_FreeThreadedDOMDocument26
f5078f1d-c551-11d3-89b9-0000f81fe221
CLSID_XMLSchemaCache26
f5078f1e-c551-11d3-89b9-0000f81fe221
CLSID_XMLHTTP26
f5078f21-c551-11d3-89b9-0000f81fe221
CLSID_XSLTemplate26
f5078f1f-c551-11d3-89b9-0000f81fe221
CLSID_DSOControl26
f5078f20-c551-11d3-89b9-0000f81fe221
CLSID_XMLParser26
f5078f28-c551-11d3-89b9-0000f81fe221
CLSID_Viewer26
f5078f29-c551-11d3-89b9-0000f81fe221
CLSID_BufferedMoniker26
f5078f26-c551-11d3-89b9-0000f81fe221
CLSID_XSLPatternFactory26
Security update packages 925672 and 925673 for MSXML 4.0 Service Pack 2 (SP2) and MSXML 6.0 are complete installation packages. You can use these packages to install MSXML 4.0 SP2 or MSXML 6.0 on a computer that has no earlier versions of MSXML 4.0 or MSXML 6.0 installed. You can also use these packages to update an existing installation of MSXML 4.0, MSXML 4.0 SP1, or MSXML 6.0.
Windows Update and Microsoft Update only offer security update packages 925672 and 925673 if an earlier version of MSXML 4.0 SP2 or MSXML 6.0 is already installed on your computer. If you do not have an earlier version of MSXML 4.0 SP2 or MSXML 6.0 installed, download and install these packages from the Microsoft Download Center.
Windows Update and Microsoft Update do not offer security update 925672 if you have MSXML 4.0 or MSXML 4.0 SP1 installed. To update MSXML 4.0 or MSXML 4.0 SP1, use one of the following methods:
Method 1: Download and install security update 925672 from the Microsoft Download Center. To do this, visit the following Microsoft Web site:
Method 2: Download and install MSXML 4.0 SP2, and then install security update 925672 from Windows Update or from Microsoft Update. To download MSXML 4.0 SP2, visit the following Microsoft Web site:
The files that are installed by security update packages 925672 and 925673 for MSXML 4.0 SP2 and MSXML 6.0 are listed in the following tables.
MSXML 6.0 is not installed
Collapse this tableExpand this table
File Name
Version
Date
Time
Size
Msxml6.dll
6.0.3888.0
1-Sep-06
12:08
1.27 MB
Msxml6r.dll
6.0.3883.0
19-Jul-06
10:55
84.6 KB
MSXML 6.0 is installed
Collapse this tableExpand this table
File Name
Version
Date
Time
Size
Msxml6.dll
6.0.3888.0
1-Sep-06
12:08
1.27 MB
MSXML 4.0 is not installed
Collapse this tableExpand this table
File Name
Version
Date
Time
Size
Msxml4.dll
4.20.9839.0
12-Sep-06
5:51
1216 KB
Msxml4r.dll
4.10.9404.0
12-Jul-06
5:49
80.5 KB
Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.
MSXML 4.0 is installed
Collapse this tableExpand this table
File Name
Version
Date
Time
Size
Msxml4.dll
4.20.9839.0
12-Sep-06
5:531
1.18 MB
Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.
When you remove security update 925673 for MSXML 6.0, MSXML 6.0 is completely removed from your computer.
Security update package 925672 for MSXML 4.0 SP2 does not support completely removing MSXML 4.0 because this version of MSXML is installed in side-by-side mode. To work around this issue, follow these steps:
Use Add or Remove Programs to remove security update 925672.
Delete the MSXML4.dll file the from %SystemRoot%\System32 folder.
Use Add or Remove Programs to repair MSXML 4.0.
The earlier versions of the Msxml4.dll file and the Msxml4r.dll file are restored to both the %SystemRoot%\System32 folder and the side-by-side folder.
The security update packages for MSXML 3.0 only update the MSXML3.dll file. The resource files are not updated for this version.
After you install this security update, you may experience unexpected behavior in Microsoft Commerce Server 2002 Business Desk applications.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
You may experience unexpected behavior when you access Commerce Server Business Desk applications after you update the computer with the latest security updates
Additional packages for this security update
The security update packages for this release use this Knowledge Base article number (924191) and the following Knowledge Base article numbers.
Back to the top
