Microsoft has released security bulletin MS06-061. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: Home users:

If the Msxml4.dll file is locked, the file may not be updated when you apply security update MS06-071 for MSXML 4.0, for MSXML 4.0 SP1, and for MSXML 4.0 SP2. To work around this issue, use the following commands to uninstall Msxml4.dll: MsiExec.exe /uninstall {37477865-A3F1-4772-AD43-AAFC6BCFF99F} /passive.

How to manually apply the workaround. Specifically, to see this information, expand the Suggested actions section, and then expand the Workaround section. Fix it solution for MSXML version 3, MSXML version 4, or MSXML version 6.

Resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page by using Internet Explorer. The vulnerability could be exploited through attacks in XML Core Services.

Resolves a security vulnerability that exists in Microsoft XML Core Services that could enable information disclosure.

Resolves a security vulnerability in Microsoft XML Core Services that could allow arbitrary code to run when you view a specially crafted webpage by using Windows Internet Explorer.

Security update package 954459 for MSXML 6.0 is a complete installation package. You can use this package to install MSXML 6.0 on a computer that has no earlier versions of MSXML 6.0 installed. You can also use this package to update an existing installation of MSXML 6.0.

This problem is fixed in SQL Server 2008 Service Pack 1. To resolve this problem, use the slipstream version to install the release version of SQL Server 2008 and SQL Server 2008 Service Pack 1 at the same time.

The file that security update package 927977 for MSXML 6.0 installs is listed in the following table. Resolves a newly discovered, publicly disclosed vulnerability in MSXML 6.0. We recommend that customers apply the update immediately.

This vulnerability could allow remote code execution if a user viewed a specially crafted Web page by using Internet Explorer. The vulnerability could be exploited through attacks in XML Core Services.