Microsoft reissues patch for Windows 2000

19.10.2006
A software security update released by Microsoft Corp. nine days ago to fix a flaw in Windows operating systems was reissued Thursday after the company determined that the original patch didn't completely fix a security problem for Windows 2000 users.

The reissued patch download should be installed by users of all Windows 2000 operating systems, even by those who previously installed the original patch from Oct. 10, according to Microsoft. (http://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx)

The service bulletin describing the problem, MS06-061, was aimed at repairing vulnerabilities in Microsoft XML core services that could allow remote code execution by attackers if uncorrected. Other Windows XP and Server operating systems are also described in the service bulletin, but they are being repaired properly by the original patch and are not affected by the reissued advisory, the company said.

The original Oct. 10 patch was one of 10 security bulletins that were released to fix 26 software flaws (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004044&intsrc=news_list) affecting Windows operating systems as part of the company's monthly security update.

"While the original version of this security update for Windows 2000 did protect against all vulnerabilities discussed in the bulletin, it did not correctly set the kill bit for Microsoft XML Parser 2.6," said a Microsoft spokesman.

"The new version of MS06-061 for Windows 2000 protects against all vulnerabilities discussed in the bulletin and correctly sets the kill bit for Microsoft XML Parser 2.6," he added.