Microsoft has released security bulletin MS06-067. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:
When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.
ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4
After you click an ActiveX applet control in a program that runs the applet control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not return to the applet control. You must click the control again to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:
Cumulative security update 910620 includes the security fixes that are documented in security bulletin MS06-004. The update rollup also includes hotfixes for Windows Internet Explorer that have been released after the release of security bulletin MS04-004 and after the release of security bulletin MS04-038.
If update rollup 873377, update rollup 889669, or an Internet Explorer hotfix that was released after security bulletin MS04-038 are not installed, and if you want to install the hotfixes that are included in update rollup 896727, you must follow the instructions in Microsoft Knowledge Base article 897225. Otherwise, all Internet Explorer hotfixes that you have installed are removed.
How to install hotfixes that are included in cumulative security updates for Internet Explorer 6 Service Pack 1
After you install this security update, Web applications that are reliant on script in their pages may crash because of a stability bug in the script engine. This issue has been resolved and is included in the most recent JScript update. For more information about this update, click the following article number to view the article in the Microsoft Knowledge Base:
MS06-023: Vulnerability in Microsoft JScript could allow remote code execution
In Microsoft Windows XP with Service Pack 2 and in Microsoft Windows Server 2003 with Service Pack 1, the Add or Remove Programs item in Control Panel lists software updates under the name of the product that the updates apply to. In Windows XP with Service Pack 2, Add or Remove Programs lists this update under Windows XP - Software Updates. In Windows XP with Service Pack 2, Add or Remove Programs does not show "Installed On" information for this software update. Therefore, this software update does not appear in the order of installation. Instead, this software update appears at the top of the Windows XP – Software Updates list.
After you install this security update, chapters in some Windows Media High Definition Video (WMV HD) DVDs do not play when you click the chapters in Microsoft Windows Media Player.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
ActiveX controls may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)
A Web page that contains an ActiveX control may not load as expected in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
The use of monikers is no longer supported in Internet Explorer after installing the security updates provided by cumulative security update 910620 (MS06-004)
File version verification with Dxtrans.dll and Dxtmsft.dll
Users who do file version verification based on the versions of the files Dxtrans.dll and Dxtmsft.dll that are actually being installed will notice that the file versions on their systems after installation are not 6.3.xxxx.yyyy but are 6.0.xxxx.yyyy instead.
Dxtrans.dll and Dxtmsft.dll are derived from a separate Microsoft product which had its own versioning scheme that differs from Internet Explorer. The binary versions needed to remain 6.3 for the major and minor product version to allow for correct versioning upgrades. Internet Explorer 5 and Internet Explorer 5.5 releases already contained the 6.x versions of Dxtrans.dll and Dxtmsft.dll. In Internet Explorer 6, the Dxtrans.dll and Dxtmsft.dll product string versions were changed to match the Internet Explorer version, whereas the binary version had to remain 6.3 to install over the previous 6.x versions.