MS06-061: Vulnerabilities in Microsoft XML Core Services could allow remote code execution

Article translations Article translations
Article ID: 924191 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS06-061. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Service pack information

The problem that is addressed by this security update is now corrected in Microsoft Office 2003 Service Pack 3 (SP3). For more information about how to obtain the latest service pack for Microsoft Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:
870924 How to obtain the latest service pack for Office 2003

Known issues with this security update

  • If you have multiple versions of the Microsoft XML Parser or Microsoft XML Core Services (MSXML) installed, you may have to install multiple packages for this security update. Additionally, if you install a version of MSXML after you install this security update, you may have to install an additional package for this security update. For more information about the different MSXML versions that are available or included with various Microsoft products or software updates, click the following article number to view the article in the Microsoft Knowledge Base:
    269238 List of Microsoft XML Parser (MSXML) versions
  • After you install the original version of security update 924191 for Windows 2000 Service Pack 4, the "kill bit" for Microsoft XML Parser (MSXML) version 2.6 CLSIDs is incorrectly set to 0x00000190 (400) instead of to 0x00000400 (1024). On October 19, 2006, Microsoft released a new version of this security update to address this problem.

    Note The new security update that was released on October 19, 2006 does not correctly update the version information that is displayed in Add or Remove Programs if you previously installed the original security update for Windows 2000. The version number should be updated to 0061014.135844. However, the version information continues to be displayed as 20060915.123522. This problem can be ignored. In this scenario, the "kill bit" is correctly updated in the registry for the MSXML version 2.6 CLSIDs.
  • After you install this security update, you cannot use Microsoft XML Parser version 2.6 in Microsoft Internet Explorer. This behavior is by design. The security update package 924191 set the "kill bit" for this version of MSXML. The "kill bit" prevents the component from running in Internet Explorer.

    Note Developers who use MSXML 2.6 version-dependent Program IDs (ProgIDs) in an application must update the ProgIDs to use MSXML 3.0.

    Sample code that uses an MSXML 2.6 version-dependent ProgID
    var o = new ActiveXObject("Msxml2.DOMDocument.2.6");
    Updated sample code that uses an MSXML 3.0 version-dependent ProgID
    var o = new ActiveXObject("Msxml2.DOMDocument.3.0");
    The 924191 security update packages for this release set the "kill bit" for the MSXML 2.6 CLSIDs that are listed in the following table.
    Collapse this tableExpand this table
    GUIDSymbolic name
    f5078f22-c551-11d3-89b9-0000f81fe221CLSID_XMLDocument26
    f5078f1b-c551-11d3-89b9-0000f81fe221CLSID_DOMDocument26
    f5078f1c-c551-11d3-89b9-0000f81fe221CLSID_FreeThreadedDOMDocument26
    f5078f1d-c551-11d3-89b9-0000f81fe221CLSID_XMLSchemaCache26
    f5078f1e-c551-11d3-89b9-0000f81fe221CLSID_XMLHTTP26
    f5078f21-c551-11d3-89b9-0000f81fe221CLSID_XSLTemplate26
    f5078f1f-c551-11d3-89b9-0000f81fe221CLSID_DSOControl26
    f5078f20-c551-11d3-89b9-0000f81fe221CLSID_XMLParser26
    f5078f28-c551-11d3-89b9-0000f81fe221CLSID_Viewer26
    f5078f29-c551-11d3-89b9-0000f81fe221CLSID_BufferedMoniker26
    f5078f26-c551-11d3-89b9-0000f81fe221CLSID_XSLPatternFactory26
  • Security update packages 925672 and 925673 for MSXML 4.0 Service Pack 2 (SP2) and MSXML 6.0 are complete installation packages. You can use these packages to install MSXML 4.0 SP2 or MSXML 6.0 on a computer that has no earlier versions of MSXML 4.0 or MSXML 6.0 installed. You can also use these packages to update an existing installation of MSXML 4.0, MSXML 4.0 SP1, or MSXML 6.0.
  • Windows Update and Microsoft Update only offer security update packages 925672 and 925673 if an earlier version of MSXML 4.0 SP2 or MSXML 6.0 is already installed on your computer. If you do not have an earlier version of MSXML 4.0 SP2 or MSXML 6.0 installed, download and install these packages from the Microsoft Download Center.
  • Windows Update and Microsoft Update do not offer security update 925672 if you have MSXML 4.0 or MSXML 4.0 SP1 installed. To update MSXML 4.0 or MSXML 4.0 SP1, use one of the following methods:
  • The files that are installed by security update packages 925672 and 925673 for MSXML 4.0 SP2 and MSXML 6.0 are listed in the following tables.

    MSXML 6.0 is not installed
    Collapse this tableExpand this table
    File Name Version Date Time Size
    Msxml6.dll 6.0.3888.0 1-Sep-06 12:081.27 MB
    Msxml6r.dll 6.0.3883.0 19-Jul-06 10:55 84.6 KB
    MSXML 6.0 is installed
    Collapse this tableExpand this table
    File Name Version Date Time Size
    Msxml6.dll 6.0.3888.0 1-Sep-06 12:081.27 MB
    MSXML 4.0 is not installed
    Collapse this tableExpand this table
    File Name Version Date Time Size
    Msxml4.dll 4.20.9839.0 12-Sep-06 5:51 1216 KB
    Msxml4r.dll 4.10.9404.0 12-Jul-06 5:49 80.5 KB
    Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.

    MSXML 4.0 is installed
    Collapse this tableExpand this table
    File Name Version Date Time Size
    Msxml4.dll 4.20.9839.0 12-Sep-06 5:5311.18 MB
    Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.
  • When you remove security update 925673 for MSXML 6.0, MSXML 6.0 is completely removed from your computer.
  • Security update package 925672 for MSXML 4.0 SP2 does not support completely removing MSXML 4.0 because this version of MSXML is installed in side-by-side mode. To work around this issue, follow these steps:
    1. Use Add or Remove Programs to remove security update 925672.
    2. Delete the MSXML4.dll file the from %SystemRoot%\System32 folder.
    3. Use Add or Remove Programs to repair MSXML 4.0.
    The earlier versions of the Msxml4.dll file and the Msxml4r.dll file are restored to both the %SystemRoot%\System32 folder and the side-by-side folder.
  • The security update packages for MSXML 3.0 only update the MSXML3.dll file. The resource files are not updated for this version.
  • After you install this security update, you may experience unexpected behavior in Microsoft Commerce Server 2002 Business Desk applications. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    926509 You may experience unexpected behavior when you access Commerce Server Business Desk applications after you update the computer with the latest security updates

Additional packages for this security update

The security update packages for this release use this Knowledge Base article number (924191) and the following Knowledge Base article numbers.
  • 925673 MS06-061: Security update for Microsoft XML Core Services 6.0
  • 925672 MS06-061: Security update for Microsoft XML Core Services 4.0 SP2
  • 924424 Description of the security update for Office 2003: October 10, 2006

Properties

Article ID: 924191 - Last Review: September 30, 2011 - Revision: 7.0
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition 2005
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional x64 Edition
Keywords: 
kbwinserv2003sp2fix kboffice2003presp3fix kbwin2000presp5fix kbwinserv2003presp2fix kbwinxppresp3fix kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix KB924191

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com