Microsoft KB Archive/922760

= MS06-067: Cumulative security update for Internet Explorer =

Article ID: 922760

Article Last Modified on 12/3/2007

-

APPLIES TO

 Microsoft Windows Server 2003 Service Pack 1, when used with:  Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

 Microsoft Windows Server 2003, Web Edition

 Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

 Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

 Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

 Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

 Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

 Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul> </li> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li> <li>Microsoft Windows Server 2003, Standard x64 Edition</li> <li>Microsoft Windows Server 2003, Enterprise x64 Edition</li> <li>Microsoft Windows Server 2003, Datacenter x64 Edition</li> <li>Microsoft Windows XP Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul> </li> <li>Microsoft Windows XP Tablet PC Edition 2005</li> <li>Microsoft Windows XP Media Center Edition 2005</li> <li>Microsoft Windows XP Professional x64 Edition</li> <li>Microsoft Internet Explorer 6.0 Service Pack 1, when used with: <ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft BackOffice Small Business Server 2000 Service Pack 1</li></ul> </li> <li>Microsoft Internet Explorer 5.01 Service Pack 4, when used with: <ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Service Pack 4</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

<ul> <li>Microsoft BackOffice Small Business Server 2000 Service Pack 1</li></ul> </li> <li>Microsoft Windows Small Business Server 2003 Premium Edition</li> <li>Microsoft Windows Small Business Server 2003 Standard Edition</li> <li>Microsoft Windows Small Business Server 2003, Standard Edition Service Pack 1 (SP1)</li> <li>Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)</li> <li>Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)</li> <li>Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)</li> <li>Microsoft Windows Server 2003 R2 Standard x64 Edition</li> <li>Microsoft Windows Server 2003 R2 Enterprise x64 Edition</li> <li>Microsoft Windows Server 2003 R2 Datacenter x64 Edition</li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS06-067. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/athome/security/update/bulletins/200611.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx

</li></ul>

<div class="moreinformation_section">

Known issues
<ul> <li>After you install this security update, Web applications that are reliant on script in their pages may crash because of a stability bug in the script engine. This issue has been resolved and is included in the most recent JScript update. For more information about this update, click the following article number to view the article in the Microsoft Knowledge Base:

917344 MS06-023: Vulnerability in Microsoft JScript could allow remote code execution

</li> <li>In Microsoft Windows XP with Service Pack 2 and in Microsoft Windows Server 2003 with Service Pack 1, the Add or Remove Programs item in Control Panel lists software updates under the name of the product that the updates apply to. In Windows XP with Service Pack 2, Add or Remove Programs lists this update under Windows XP - Software Updates. In Windows XP with Service Pack 2, Add or Remove Programs does not show &quot;Installed On&quot; information for this software update. Therefore, this software update does not appear in the order of installation. Instead, this software update appears at the top of the Windows XP – Software Updates list.</li> <li>After you install this security update, chapters in some Windows Media High Definition Video (WMV HD) DVDs do not play when you click the chapters in Microsoft Windows Media Player. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

884487 A chapter does not play when you click it in some WMV HD DVD disks in Windows Media Player

</li> <li>ActiveX controls may not load as expected in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

909889 ActiveX controls may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)

</li> <li>A Web page that contains an ActiveX control may not load as expected in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

909738 A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)

</li> <li>The use of monikers is no longer supported in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

906294 The use of monikers is no longer supported in Internet Explorer after installing the security updates provided by cumulative security update 910620 (MS06-004)

</li> <li>File version verification with Dxtrans.dll and Dxtmsft.dll

Users who do file version verification based on the versions of the files Dxtrans.dll and Dxtmsft.dll that are actually being installed will notice that the file versions on their systems after installation are not 6.3.xxxx.yyyy but are 6.0.xxxx.yyyy instead.

Dxtrans.dll and Dxtmsft.dll are derived from a separate Microsoft product which had its own versioning scheme that differs from Internet Explorer. The binary versions needed to remain 6.3 for the major and minor product version to allow for correct versioning upgrades. Internet Explorer 5 and Internet Explorer 5.5 releases already contained the 6.x versions of Dxtrans.dll and Dxtmsft.dll. In Internet Explorer 6, the Dxtrans.dll and Dxtmsft.dll product string versions were changed to match the Internet Explorer version, whereas the binary version had to remain 6.3 to install over the previous 6.x versions.</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbwinserv2003sp2fix kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc KB922760

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.