MS06-061 Re-Release

(imported topic written by tim_tsai)

Microsoft re-released MS06-061 earlier today to notify customers of a revised update for Windows 2000 Service Pack 4. The original version of the update did not correctly set the kill bit for MSXML 2.6. Microsoft recommends all users to deploy the revised update. New Fixlet messages are now available in the “Enterprise Security” site to deploy the revised update:

ID 606116: “MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution - XML Core Parser 2.6 / XML Core Services 3.0 - Windows 2000 SP4 (v2, re-released 10/19/2006)”

ID 606117: “MS06-061: CORRUPT PATCH - XML Core Parser 2.6 / XML Core Services 3.0 - Windows 2000 SP4 (v2, re-released 10/19/2006)”

ID 606118: “MS06-061: REVISED PATCH - XML Core Parser 2.6 / XML Core Services 3.0 - Windows 2000 SP4 (v2, re-released 10/19/2006)”

The original Fixlet messages are now superseded:

ID 606101: “MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution - XML Core Parser 2.6 / XML Core Services 3.0 - Windows 2000 SP4 (Superseded)”

ID 606102: “MS06-061: CORRUPT PATCH - XML Core Parser 2.6 / XML Core Services 3.0 - Windows 2000 SP4 (Superseded)”

BES Administrators are encouraged to stop policy actions deploying the original version of the update, and set up new actions.