Article ID: 926509
Article Last Modified on 5/9/2007
APPLIES TO
- Microsoft Commerce Server 2002 Standard Edition
- Microsoft Commerce Server 2000 Standard Edition
SYMPTOMS
When you access Microsoft Commerce Server Business Desk applications, you may experience unexpected behavior. For example, when you perform searches for users and orders, no records are returned.
These problems occur after you install security update MS06-061 on the client computers that use the Business Desk application.
For more information about security update MS06-061, click the following article number to view the article in the Microsoft Knowledge Base:
924191 MS06-061: Vulnerabilities in Microsoft XML Core Services could allow remote code execution
CAUSE
These problems occur because Business Desk applications use the Microsoft XML parser (MSXML) version 2.6. After you install security update MS06-061, you cannot use MSXML 2.6 in Microsoft Internet Explorer. This behavior is by design. The security update packages set the "kill bit" for this version of MSXML. The "kill bit" prevents the component from running in Internet Explorer.
RESOLUTION
To resolve these problems, follow these steps.
Step 1: Update the Web server that is hosting the Business Desk application
To do this, search for the string "MSXML2.XMLHTTP.2.6" in all the files in the following two folders on the Web server that is hosting the Business Desk application:
- The %COMMERCE_SERVER_ROOT%\Widgets folder.
- The folder that contains the Business Desk site code files. For example, this folder may be the
Drive
:\Inetpub\Wwwroot\Retailbizdesk folder.
Then, replace the string "MSXML2.XMLHTTP.2.6" with the string "MSXML2.XMLHTTP". For example, you may have to update the following files for a typical installation of Commerce Server 2002 Business Desk applications:
- The following files are located in the %COMMERCE_SERVER_ROOT%\Widgets folder:
- ExprbldrHTC\ExprBldr.htc
- ListHTC\ListSheet.htc
- ListHTC\ListSheetF.htc
- ListHTC\TreeView.htc
- The following files are located in the
Drive
:\Inetpub\Wwwroot\Retailbizdesk folder:- Catalogs\Designer\Common.asp
- Catalogs\Editor\Common.asp
- Catalogs\Editor\List_Catalogs.asp
- Include\Dlg_permissions.asp
- Include\HTTPXMLUtil.htm
- Profiles\XmlHttpUtil.vbs
- Security\Include\Security_util.asp
- Security\Security.asp
Note Commerce Server 2000 does not use all of these files.
You can use the findstr command to locate files that contain the string "MSXML2.XMLHTTP.2.6". For example, type the following command at a command prompt, and then press ENTER:
findstr /spin MSXML2.XMLHTTP.2.6 *
For more information about the findstr command, type findstr /? at the command prompt, and then press ENTER.
Open each of these files in a text editor such as Notepad. Then, use a Find And Replace operation to replace the string "MSXML2.XMLHTTP.2.6" with the string "MSXML2.XMLHTTP".
Step 2: Restart IIS on the Web server that is hosting the Business Desk application
Use Iisreset.exe to restart Microsoft Internet Information Services (IIS) on the Web server that is hosting the Business Desk application. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
202013 Internet Information Services 5.0 command-line syntax for Iisreset.exe
Step 3: Update MSXML to version 3.0 or to a later version on the client computers if it is required
For more information about how to obtain MSXML, visit the following Microsoft Web sites:
For more information about how to determine the version of MSXML that is installed on a computer, click the following article numbers to view the articles in the Microsoft Knowledge Base:
278674 Determine the version of MSXML parser installed on a computer
269238 List of Microsoft XML parser (MSXML) versions
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Additional query words: bizdesk profile
Keywords: kbtshoot kbnofix kbbug kbprb kbexpertiseinter KB926509