MS13-002: Vulnerabilities in Microsoft XML core services could allow remote code execution: January 8, 2013

INTRODUCTION

Microsoft has released security bulletin MS13-002. To view the complete security bulletin, go to one of the following Microsoft websites: 

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country:
International Support

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain information about known issues. If this is the case, the known issue is listed under each article link. 
  • 2687497 MS12-043 and MS13-002: Description of the security update for XML Core Services 5.0 when it is installed together with Office SharePoint Server 2007 or Groove Server 2007: January 8, 2013
  • 2687499 MS13-002: Description of the security update for XML Core Services 5.0: January 8, 2013
  • 2757638  MS13-002: Description of the security update for XML Core Services 3.0 and 6.0: January 8, 2013
  • 2758694 MS13-002: Description of the security update for XML Core Services 4.0: January 8, 2013

    Known issues in security update 2758694: 
    • When you install this security update on a computer that is running Windows Vista or Windows Server 2008, you may have to restart the computer two times to complete the installation. This issue may occur if you install an XML Core Services 4.0–based update together with an update that contains inbox drivers. For example, the following updates contain inbox drivers:
      956697 Windows Server 2008 Hyper-V VSS writer is not used during a backup job because of corrupted or invalid virtual machine configuration files

      938371 A software update is available for the Windows Vista installation components
      This issue occurs because Microsoft Windows Installer (MSI)-based installations will not continue while inbox drivers are updating. This occurs because inbox drivers set the "impactful transaction" flag and the "reboot required" flag at the servicing stack level for Windows Vista and for Windows Server 2008. Therefore, the update for XML Core Services 4.0 will fail during installation if an update that contains an inbox driver is applied first. After the inbox driver is installed, and after the computer is restarted, the installation of security update for XML Core Services 4.0 will succeed. However, an additional restart is required to complete the installation.

      To avoid this issue, install the security update for XML Core Services 4.0 before you install the update that contains inbox drivers.

    • Security update 2758694 does not support the complete removal of MSXML 4.0.

      This situation occurs because this version of MSXML is installed in side-by-side mode. To work around this issue, follow these steps:
      1. Install update 973685. For more information about update 973685, click the following article number to view the article in the Microsoft Knowledge Base:
        973685 Description of an update for Microsoft XML Core Services 4.0 Service Pack 3
      2. Install security update 2758694.
      3. Remove security update 973685 by using the Add or Remove Programs item in Control Panel.
      4. Delete the Msxml4.dll file from the %SystemRoot%\System32 folder.
      5. Repair the previous installation of MSXML 4.0 (from step 2) by using the Add or Remove Programs item in Control Panel.


      The earlier versions of the Msxml4.dll file and of the Msxml4r.dll file are restored to the side-by-side folder and to the %SystemRoot%\System32 folder.
  • 2758696 MS13-002: Description of the security update for XML Core Services 6.0: January 8, 2013
  • 2760574 MS13-002: Description of the security update for XML Core Services 5.0 when it is installed together with Office 2003 Service Pack 3: January 8, 2013
File hash information

Applies to

This article applies to the following:
  • Microsoft XML Core Services 6.0 Service Pack 2 when used with:
    • Windows 8
    • Windows Server 2012
    • Windows RT
    • Windows 7
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2
    • Windows Server 2008 R2 Service Pack 1
    • Windows Server 2008 Service Pack 2
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
  • Microsoft XML Core Services 5.0 when used with:
    • Microsoft Office SharePoint Server 2007 Service Pack 2
    • Microsoft Office SharePoint Server 2007 Service Pack 3
    • Microsoft Groove Server 2007 Service Pack 2
    • Microsoft Groove Server 2007 Service Pack 3
    • 2007 Microsoft Office Suite Service Pack 2
    • 2007 Microsoft Office Suite Service Pack 3
    • Microsoft Office Word Viewer
    • Microsoft Office Compatibility Pack Service Pack 2
    • Microsoft Office Compatibility Pack Service Pack 3
    • Microsoft Expression Web Service Pack 1
    • Microsoft Expression Web 2
    • Microsoft Office 2003 Service Pack 3
  • Microsoft XML Core Services 4.0 Service Pack 3 when used with:
    • Windows 8
    • Windows Server 2012
    • Windows RT
    • Windows 7
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2
    • Windows Server 2008 R2 Service Pack 1
    • Windows Server 2008 Service Pack 2
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
  • Microsoft XML Core Services 3.0 when used with:
    • Windows 8
    • Windows Server 2012
    • Windows 7
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2
    • Windows Server 2008 R2 Service Pack 1
    • Windows Server 2008 Service Pack 2
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
Properties

Article ID: 2756145 - Last Review: Jan 8, 2013 - Revision: 1

Feedback