Microsoft KB Archive/924191

= MS06-061: Vulnerabilities in Microsoft XML Core Services could allow remote code execution =

Article ID: 924191

Article Last Modified on 10/22/2007

-

APPLIES TO


 * Microsoft XML Parser 3.0
 * Microsoft XML Core Services 4.0
 * Microsoft XML Core Services 6.0
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Service Pack 4
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
 * Microsoft Windows Server 2003 R2 Datacenter x64 Edition
 * Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
 * Microsoft Windows Server 2003 R2 Enterprise x64 Edition
 * Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003 R2 Standard x64 Edition
 * Microsoft Windows Server 2003 SP1
 * Microsoft Windows Server 2003 Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, 64-Bit Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Media Center Edition 2005
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Professional x64 Edition
 * Microsoft Windows XP Service Pack 1
 * Microsoft Windows XP Service Pack 2
 * Microsoft Windows XP Tablet PC Edition 2005
 * Microsoft Windows XP Service Pack 2
 * Microsoft Office Standard Edition 2003
 * Microsoft BackOffice Small Business Server 2000 Service Pack 1

-



INTRODUCTION
Microsoft has released security bulletin MS06-061. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:  Home users:

http://www.microsoft.com/athome/security/update/bulletins/200610.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx





This problem was first corrected in Microsoft Office 2003 Service Pack 3. To resolve this problem, obtain the latest service pack for Office 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

870924 How to obtain the latest service pack for Office 2003

Known issues with this security update
 If you have multiple versions of the Microsoft XML Parser or Microsoft XML Core Services (MSXML) installed, you may have to install multiple packages for this security update. Additionally, if you install a version of MSXML after you install this security update, you may have to install an additional package for this security update. For more information about the different MSXML versions that are available or included with various Microsoft products or software updates, click the following article number to view the article in the Microsoft Knowledge Base:

269238 List of Microsoft XML Parser (MSXML) versions

 After you install the original version of security update 924191 for Windows 2000 Service Pack 4, the &quot;kill bit&quot; for Microsoft XML Parser (MSXML) version 2.6 CLSIDs is incorrectly set to 0x00000190 (400) instead of to 0x00000400 (1024). On October 19, 2006, Microsoft released a new version of this security update to address this problem.

Note The new security update that was released on October 19, 2006 does not correctly update the version information that is displayed in Add or Remove Programs if you previously installed the original security update for Windows 2000. The version number should be updated to 0061014.135844. However, the version information continues to be displayed as 20060915.123522. This problem can be ignored. In this scenario, the &quot;kill bit&quot; is correctly updated in the registry for the MSXML version 2.6 CLSIDs.  After you install this security update, you cannot use Microsoft XML Parser version 2.6 in Microsoft Internet Explorer. This behavior is by design. The security update package 924191 set the &quot;kill bit&quot; for this version of MSXML. The &quot;kill bit&quot; prevents the component from running in Internet Explorer.

Note Developers who use MSXML 2.6 version-dependent Program IDs (ProgIDs) in an application must update the ProgIDs to use MSXML 3.0.

Sample code that uses an MSXML 2.6 version-dependent ProgID var o = new ActiveXObject(&quot;Msxml2.DOMDocument.2.6&quot;); Updated sample code that uses an MSXML 3.0 version-dependent ProgID var o = new ActiveXObject(&quot;Msxml2.DOMDocument.3.0&quot;); The 924191 security update packages for this release set the &quot;kill bit&quot; for the MSXML 2.6 CLSIDs that are listed in the following table.  Security update packages 925672 and 925673 for MSXML 4.0 Service Pack 2 (SP2) and MSXML 6.0 are complete installation packages. You can use these packages to install MSXML 4.0 SP2 or MSXML 6.0 on a computer that has no earlier versions of MSXML 4.0 or MSXML 6.0 installed. You can also use these packages to update an existing installation of MSXML 4.0, MSXML 4.0 SP1, or MSXML 6.0.</li> Windows Update and Microsoft Update only offer security update packages 925672 and 925673 if an earlier version of MSXML 4.0 SP2 or MSXML 6.0 is already installed on your computer. If you do not have an earlier version of MSXML 4.0 SP2 or MSXML 6.0 installed, download and install these packages from the Microsoft Download Center.</li> Windows Update and Microsoft Update do not offer security update 925672 if you have MSXML 4.0 or MSXML 4.0 SP1 installed. To update MSXML 4.0 or MSXML 4.0 SP1, use one of the following methods:  Method 1: Download and install security update 925672 from the Microsoft Download Center. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=961f3c95-ec4e-4561-ab27-b3180e9139c5

</li> Method 2: Download and install MSXML 4.0 SP2, and then install security update 925672 from Windows Update or from Microsoft Update. To download MSXML 4.0 SP2, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=3144b72b-b4f2-46da-b4b6-c5d7485f2b42

</li></ul> </li> The files that are installed by security update packages 925672 and 925673 for MSXML 4.0 SP2 and MSXML 6.0 are listed in the following tables.

MSXML 6.0 is not installed

MSXML 6.0 is installed

MSXML 4.0 is not installed

Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.

MSXML 4.0 is installed

Note This security update is installed in both the %SystemRoot%\System32 folder and the side-by-side folder.</li> When you remove security update 925673 for MSXML 6.0, MSXML 6.0 is completely removed from your computer.</li> Security update package 925672 for MSXML 4.0 SP2 does not support completely removing MSXML 4.0 because this version of MSXML is installed in side-by-side mode. To work around this issue, follow these steps: <ol> Use Add or Remove Programs to remove security update 925672.</li> Delete the MSXML4.dll file the from %SystemRoot%\System32 folder.</li> Use Add or Remove Programs to repair MSXML 4.0.</li></ol>

The earlier versions of the Msxml4.dll file and the Msxml4r.dll file are restored to both the %SystemRoot%\System32 folder and the side-by-side folder.</li> The security update packages for MSXML 3.0 only update the MSXML3.dll file. The resource files are not updated for this version.</li> After you install this security update, you may experience unexpected behavior in Microsoft Commerce Server 2002 Business Desk applications. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

926509 You may experience unexpected behavior when you access Commerce Server Business Desk applications after you update the computer with the latest security updates

</li></ul>

Additional packages for this security update
The security update packages for this release use this Knowledge Base article number (924191) and the following Knowledge Base article numbers.  

925673 MS06-061: Security update for Microsoft XML Core Services 6.0

</li> 

925672 MS06-061: Security update for Microsoft XML Core Services 4.0 SP2

</li> <li>

924424 Description of the security update for Office 2003: October 10, 2006

</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000 KB925672 KB925673 KB924424 KB269238

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc kbwin2000presp5fix kbwinxppresp3fix kbexpertisebeginner kboffice2003presp3fix kbwinserv2003presp2fix kbwinserv2003sp2fix KB924191

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.