Microsoft re-releases security bulletin MS06-61 for Windows 2000 SP4

Microsoft yesterday re-released the security bulletin number MS06-61 that addresses the vulnerability in Microsoft XML Core services that could allow unauthorised remote code execution. The security update previously released did not set the kill bit correctly for Microsoft XML Parser 2.6. The bug in the update affected Microsoft Windows 2000 SP4 and later operating systems running Microsoft XML Parser 2.6 and Microsoft XML Core Services 3.0 and Microsoft Office 2003 SP1 and SP2 running Microsoft XML Core Services 5.0 Service Pack 1.

Users running Microsoft XML Core Services 2.5 are not affected by this bug. It is advised that users apply this patch immediately if it is required to be applied for your environment. You can either use the Microsoft Baseline Security Analyzer or SMS to determine whether this patch is required or not. MBSA 1.2.1 and SMS 2.0 CANNOT determine the patching requirement for Microsoft Windows Server 2003 Enterprise Itanium edition and SP1 Itanium edition and x64 edition family.

The CLSIDs (Class Identifiers) and the corresponding files where the Microsoft XML Core Services functionality is contained are listed below:

This security update addresses two vulnerabilities

1. Microsoft XML Core Services Vulnerability as recorded and submitted as a candidate in the Common Vulnerabilities and Exposures (CVE) as CVE-2006-4685.

A vulnerability exists in Microsoft XML Core Services that could allow for information disclosure because the XMLHTTP ActiveX control incorrectly interprets an HTTP server-side redirect. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially lead to information disclosure if a user visited that page or clicked a link in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could access content from another domain retrieved using the credentials of the user browsing the Web at the client. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. However, user interaction is required to exploit this vulnerability.

2. XSLT Buffer Overrun Vulnerability as recorded and submitted as a candidate in the CVE as CVE-2006-4686.

A vulnerability exists in XSLT processing that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.