MSMXL 4.0 SP2 Security update (925672)

MSXML 4.0 SP2 Security Update (925672)

Installation date: 10/11/2006 6:45 PM

Installation status: Failed

Error details: Code 643

Update type: Important

A vulnerability exists in Microsoft XML Core Services that could allow for
information disclosure because the XMLHTTP ActiveX control incorrectly
interprets an HTTP server-side redirect.

More information:
http://support.microsoft.com/kb/925672

More information:
http://support.microsoft.com/kb/925672

I had the same problem. This update failed to install. When I rerun
liveupdate, it does not find it as available/needed to reinstall, but the
history clearly shows it as failed. I have no idea how to try to reinstall it.

"MikeH" wrote:

> MSXML 4.0 SP2 Security Update (925672)
>
> Installation date: 10/11/2006 6:45 PM
>
> Installation status: Failed
>
> Error details: Code 643
>
> Update type: Important
>
> A vulnerability exists in Microsoft XML Core Services that could allow for
> information disclosure because the XMLHTTP ActiveX control incorrectly
> interprets an HTTP server-side redirect.
>
> More information:
> http://support.microsoft.com/kb/925672
>
> More information:
> http://support.microsoft.com/kb/925672
>

I have the same problem when I go back to windows update it indicates I don't
need it. It is already there or something even though the log says it failed
to install.
What do you do?

"brad" wrote:

> I had the same problem. This update failed to install. When I rerun
> liveupdate, it does not find it as available/needed to reinstall, but the
> history clearly shows it as failed. I have no idea how to try to reinstall it.
>
> "MikeH" wrote:
>
> > MSXML 4.0 SP2 Security Update (925672)
> >
> > Installation date: 10/11/2006 6:45 PM
> >
> > Installation status: Failed
> >
> > Error details: Code 643
> >
> > Update type: Important
> >
> > A vulnerability exists in Microsoft XML Core Services that could allow for
> > information disclosure because the XMLHTTP ActiveX control incorrectly
> > interprets an HTTP server-side redirect.
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >

I have the same problem. What is the solution.

"brad" wrote:

> I had the same problem. This update failed to install. When I rerun
> liveupdate, it does not find it as available/needed to reinstall, but the
> history clearly shows it as failed. I have no idea how to try to reinstall it.
>
> "MikeH" wrote:
>
> > MSXML 4.0 SP2 Security Update (925672)
> >
> > Installation date: 10/11/2006 6:45 PM
> >
> > Installation status: Failed
> >
> > Error details: Code 643
> >
> > Update type: Important
> >
> > A vulnerability exists in Microsoft XML Core Services that could allow for
> > information disclosure because the XMLHTTP ActiveX control incorrectly
> > interprets an HTTP server-side redirect.
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >

exactly my problem as well...

"harold" wrote:

> I have the same problem. What is the solution.
>
> "brad" wrote:
>
> > I had the same problem. This update failed to install. When I rerun
> > liveupdate, it does not find it as available/needed to reinstall, but the
> > history clearly shows it as failed. I have no idea how to try to reinstall it.
> >
> > "MikeH" wrote:
> >
> > > MSXML 4.0 SP2 Security Update (925672)
> > >
> > > Installation date: 10/11/2006 6:45 PM
> > >
> > > Installation status: Failed
> > >
> > > Error details: Code 643
> > >
> > > Update type: Important
> > >
> > > A vulnerability exists in Microsoft XML Core Services that could allow for
> > > information disclosure because the XMLHTTP ActiveX control incorrectly
> > > interprets an HTTP server-side redirect.
> > >
> > > More information:
> > > http://support.microsoft.com/kb/925672
> > >
> > > More information:
> > > http://support.microsoft.com/kb/925672
> > >

Hello,
Suggest you flush your Automatic Updates download folder.
Housekeeping and cleanup steps:
Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Use Windows Explorer. Go to C:\Windows\System32

If you have a sub-folder called * Catroot2 * (not Catroot) rename the
folder to CR2OLD. Or delete everything in that folder. Just make sure you do the right one.

(to clean up downloaded files for Automatic updates / Windows Update)
From main Windows Start menu, select RUN, type in
CMD <Enter-key>

type in
net stop wuauserv <Enter-key>

Go to Windows Explorer.
Look on your system drive (usually C ) and look at the Windows folder name. Like Windows or WINNT.
Modify following as appropriate.
If your Windows folder is C:\Windows. Look at this folder
C:\Windows\SoftwareDistribution\Download

If you find files in there, delete them. That folder is where files are stored from W U downloads.

Go back to Command prompt window.
type in
net start wuauserv <Enter-key>

EXIT <Enter-key>

Logoff and do a fresh restart of Windows, before another attempt at getting the update !!

=
Your system may have multiple versions of MS XML, which is ok.
You may view which ones you have by using Windows Explorer, going to \Windows\system32 and looking for
msxml_.dll (where underscore is some number)

Get the update (hotfix) from MS Download Center.
<http://www.microsoft.com/downloads/details.aspx?FamilyID=961f3c95-ec4e-4561-ab27-b3180e9139c5>

Download and save it to disk.
Run the file.

Afterwards, verify the version of msxml4.dll matches the "post MS 06-061" listed at http://support.microsoft.com/kb/269238/
For my XP system, with XML 4, that's msxml4.dll with version 4.20.9839.0

Please note this addressed XML 4 update. If your system happens to have XML 6 as well, you'll want the update for KB925673
=
Keep this article handy for reference.
You cannot install some updates or programs
http://support.microsoft.com/kb/822798

Also, How to read the Windowsupdate.log file
http://support.microsoft.com/kb/902093

--
Maurice N
MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
-----

"MikeH" <> wrote in message news:BCC91B93-5460-48BE-8F0C-...
> MSXML 4.0 SP2 Security Update (925672)
>
> Installation date: 10/11/2006 6:45 PM
>
> Installation status: Failed
>
> Error details: Code 643
>
> Update type: Important
>
> A vulnerability exists in Microsoft XML Core Services that could allow for
> information disclosure because the XMLHTTP ActiveX control incorrectly
> interprets an HTTP server-side redirect.
>
> More information:
> http://support.microsoft.com/kb/925672
>
> More information:
> http://support.microsoft.com/kb/925672
>

Thanks very much, Maurice, for taking the time to reply - will try your
suggestions (carefully!) and post results.

"Maurice N ~ MVP" wrote:

> Hello,
> Suggest you flush your Automatic Updates download folder.
> Housekeeping and cleanup steps:
> Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.
>
> "CHECK" (turn on) Display the contents of system folders.
>
> Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
> Next, un-check Hide extensions for known file types.
> Next un-check Hide protected operating system files.
>
> Use Windows Explorer. Go to C:\Windows\System32
>
> If you have a sub-folder called * Catroot2 * (not Catroot) rename the
> folder to CR2OLD. Or delete everything in that folder. Just make sure you do the right one.
>
> (to clean up downloaded files for Automatic updates / Windows Update)
> From main Windows Start menu, select RUN, type in
> CMD <Enter-key>
>
> type in
> net stop wuauserv <Enter-key>
>
> Go to Windows Explorer.
> Look on your system drive (usually C ) and look at the Windows folder name. Like Windows or WINNT.
> Modify following as appropriate.
> If your Windows folder is C:\Windows. Look at this folder
> C:\Windows\SoftwareDistribution\Download
>
> If you find files in there, delete them. That folder is where files are stored from W U downloads.
>
> Go back to Command prompt window.
> type in
> net start wuauserv <Enter-key>
>
> EXIT <Enter-key>
>
> Logoff and do a fresh restart of Windows, before another attempt at getting the update !!
>
> =
> Your system may have multiple versions of MS XML, which is ok.
> You may view which ones you have by using Windows Explorer, going to \Windows\system32 and looking for
> msxml_.dll (where underscore is some number)
>
> Get the update (hotfix) from MS Download Center.
> <http://www.microsoft.com/downloads/details.aspx?FamilyID=961f3c95-ec4e-4561-ab27-b3180e9139c5>
>
> Download and save it to disk.
> Run the file.
>
> Afterwards, verify the version of msxml4.dll matches the "post MS 06-061" listed at http://support.microsoft.com/kb/269238/
> For my XP system, with XML 4, that's msxml4.dll with version 4.20.9839.0
>
> Please note this addressed XML 4 update. If your system happens to have XML 6 as well, you'll want the update for KB925673
> =
> Keep this article handy for reference.
> You cannot install some updates or programs
> http://support.microsoft.com/kb/822798
>
> Also, How to read the Windowsupdate.log file
> http://support.microsoft.com/kb/902093
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
>
> "MikeH" <> wrote in message news:BCC91B93-5460-48BE-8F0C-...
> > MSXML 4.0 SP2 Security Update (925672)
> >
> > Installation date: 10/11/2006 6:45 PM
> >
> > Installation status: Failed
> >
> > Error details: Code 643
> >
> > Update type: Important
> >
> > A vulnerability exists in Microsoft XML Core Services that could allow for
> > information disclosure because the XMLHTTP ActiveX control incorrectly
> > interprets an HTTP server-side redirect.
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
>

Thanks for the tips maurice, however what steps can you take to rename the
folder or delete when any type of access is denied even with user controls
off? I think that msn has gotten so worried about files being hacked into
they forgotten that they locked us out of our own computers? Personally I
obviously don't need this update too awful bad. (sarcastic remark)

"Maurice N ~ MVP" wrote:

> Hello,
> Suggest you flush your Automatic Updates download folder.
> Housekeeping and cleanup steps:
> Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.
>
> "CHECK" (turn on) Display the contents of system folders.
>
> Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
> Next, un-check Hide extensions for known file types.
> Next un-check Hide protected operating system files.
>
> Use Windows Explorer. Go to C:\Windows\System32
>
> If you have a sub-folder called * Catroot2 * (not Catroot) rename the
> folder to CR2OLD. Or delete everything in that folder. Just make sure you do the right one.
>
> (to clean up downloaded files for Automatic updates / Windows Update)
> From main Windows Start menu, select RUN, type in
> CMD <Enter-key>
>
> type in
> net stop wuauserv <Enter-key>
>
> Go to Windows Explorer.
> Look on your system drive (usually C ) and look at the Windows folder name. Like Windows or WINNT.
> Modify following as appropriate.
> If your Windows folder is C:\Windows. Look at this folder
> C:\Windows\SoftwareDistribution\Download
>
> If you find files in there, delete them. That folder is where files are stored from W U downloads.
>
> Go back to Command prompt window.
> type in
> net start wuauserv <Enter-key>
>
> EXIT <Enter-key>
>
> Logoff and do a fresh restart of Windows, before another attempt at getting the update !!
>
> =
> Your system may have multiple versions of MS XML, which is ok.
> You may view which ones you have by using Windows Explorer, going to \Windows\system32 and looking for
> msxml_.dll (where underscore is some number)
>
> Get the update (hotfix) from MS Download Center.
> <http://www.microsoft.com/downloads/details.aspx?FamilyID=961f3c95-ec4e-4561-ab27-b3180e9139c5>
>
> Download and save it to disk.
> Run the file.
>
> Afterwards, verify the version of msxml4.dll matches the "post MS 06-061" listed at http://support.microsoft.com/kb/269238/
> For my XP system, with XML 4, that's msxml4.dll with version 4.20.9839.0
>
> Please note this addressed XML 4 update. If your system happens to have XML 6 as well, you'll want the update for KB925673
> =
> Keep this article handy for reference.
> You cannot install some updates or programs
> http://support.microsoft.com/kb/822798
>
> Also, How to read the Windowsupdate.log file
> http://support.microsoft.com/kb/902093
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
>
> "MikeH" <> wrote in message news:BCC91B93-5460-48BE-8F0C-...
> > MSXML 4.0 SP2 Security Update (925672)
> >
> > Installation date: 10/11/2006 6:45 PM
> >
> > Installation status: Failed
> >
> > Error details: Code 643
> >
> > Update type: Important
> >
> > A vulnerability exists in Microsoft XML Core Services that could allow for
> > information disclosure because the XMLHTTP ActiveX control incorrectly
> > interprets an HTTP server-side redirect.
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
>

Hi Mike,
If their's a blocking issue in renaming/removing files or folder, you can do it in Safe mode. Just logoff, restart in Safe mode. Tap F8 as pc starts up.

--
Maurice N
MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
-----

"MikeH" <> wrote in message news:2F984830-3038-4CCD-B1AD-...
> Thanks for the tips maurice, however what steps can you take to rename the
> folder or delete when any type of access is denied even with user controls
> off? I think that msn has gotten so worried about files being hacked into
> they forgotten that they locked us out of our own computers? Personally I
> obviously don't need this update too awful bad. (sarcastic remark)
>
> "Maurice N ~ MVP" wrote:
>
>> Hello,
>> Suggest you flush your Automatic Updates download folder.
>> Housekeeping and cleanup steps:
>> Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.
>>
>> "CHECK" (turn on) Display the contents of system folders.
>>
>> Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
>> Next, un-check Hide extensions for known file types.
>> Next un-check Hide protected operating system files.
>>
>> Use Windows Explorer. Go to C:\Windows\System32
>>
>> If you have a sub-folder called * Catroot2 * (not Catroot) rename the
>> folder to CR2OLD. Or delete everything in that folder. Just make sure you do the right one.
>>
>> (to clean up downloaded files for Automatic updates / Windows Update)
>> From main Windows Start menu, select RUN, type in
>> CMD <Enter-key>
>>
>> type in
>> net stop wuauserv <Enter-key>
>>
>> Go to Windows Explorer.
>> Look on your system drive (usually C ) and look at the Windows folder name. Like Windows or WINNT.
>> Modify following as appropriate.
>> If your Windows folder is C:\Windows. Look at this folder
>> C:\Windows\SoftwareDistribution\Download
>>
>> If you find files in there, delete them. That folder is where files are stored from W U downloads.
>>
>> Go back to Command prompt window.
>> type in
>> net start wuauserv <Enter-key>
>>
>> EXIT <Enter-key>
>>
>> Logoff and do a fresh restart of Windows, before another attempt at getting the update !!
>>
>> =
>> Your system may have multiple versions of MS XML, which is ok.
>> You may view which ones you have by using Windows Explorer, going to \Windows\system32 and looking for
>> msxml_.dll (where underscore is some number)
>>
>> Get the update (hotfix) from MS Download Center.
>> <http://www.microsoft.com/downloads/details.aspx?FamilyID=961f3c95-ec4e-4561-ab27-b3180e9139c5>
>>
>> Download and save it to disk.
>> Run the file.
>>
>> Afterwards, verify the version of msxml4.dll matches the "post MS 06-061" listed at http://support.microsoft.com/kb/269238/
>> For my XP system, with XML 4, that's msxml4.dll with version 4.20.9839.0
>>
>> Please note this addressed XML 4 update. If your system happens to have XML 6 as well, you'll want the update for KB925673
>> =
>> Keep this article handy for reference.
>> You cannot install some updates or programs
>> http://support.microsoft.com/kb/822798
>>
>> Also, How to read the Windowsupdate.log file
>> http://support.microsoft.com/kb/902093
>>
>> --
>> Maurice N
>> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
>> -----
>>
>> "MikeH" <> wrote in message news:BCC91B93-5460-48BE-8F0C-...
>> > MSXML 4.0 SP2 Security Update (925672)
>> >
>> > Installation date: 10/11/2006 6:45 PM
>> >
>> > Installation status: Failed
>> >
>> > Error details: Code 643
>> >
>> > Update type: Important
>> >
>> > A vulnerability exists in Microsoft XML Core Services that could allow for
>> > information disclosure because the XMLHTTP ActiveX control incorrectly
>> > interprets an HTTP server-side redirect.
>> >
>> > More information:
>> > http://support.microsoft.com/kb/925672
>> >
>> > More information:
>> > http://support.microsoft.com/kb/925672
>> >
>>

My update history shows this update "Failed (Error 0xBC2)" and "Cancelled"
when I tried to install again. WU now shows "No high priority updates . . .".

I followed your instructions to clear my Automatic Udates Download folder
but WU still shows "No high priority updates . . .".

Before I installed the updates from WU I had installed the MS XML Hotfix you
note. Does this mean I have the correct update or do I still have a problem?

"Maurice N ~ MVP" wrote:

> Hello,
> Suggest you flush your Automatic Updates download folder.
> Housekeeping and cleanup steps:
> Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.
>
> "CHECK" (turn on) Display the contents of system folders.
>
> Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
> Next, un-check Hide extensions for known file types.
> Next un-check Hide protected operating system files.
>
> Use Windows Explorer. Go to C:\Windows\System32
>
> If you have a sub-folder called * Catroot2 * (not Catroot) rename the
> folder to CR2OLD. Or delete everything in that folder. Just make sure you do the right one.
>
> (to clean up downloaded files for Automatic updates / Windows Update)
> From main Windows Start menu, select RUN, type in
> CMD <Enter-key>
>
> type in
> net stop wuauserv <Enter-key>
>
> Go to Windows Explorer.
> Look on your system drive (usually C ) and look at the Windows folder name. Like Windows or WINNT.
> Modify following as appropriate.
> If your Windows folder is C:\Windows. Look at this folder
> C:\Windows\SoftwareDistribution\Download
>
> If you find files in there, delete them. That folder is where files are stored from W U downloads.
>
> Go back to Command prompt window.
> type in
> net start wuauserv <Enter-key>
>
> EXIT <Enter-key>
>
> Logoff and do a fresh restart of Windows, before another attempt at getting the update !!
>
> =
> Your system may have multiple versions of MS XML, which is ok.
> You may view which ones you have by using Windows Explorer, going to \Windows\system32 and looking for
> msxml_.dll (where underscore is some number)
>
> Get the update (hotfix) from MS Download Center.
> <http://www.microsoft.com/downloads/details.aspx?FamilyID=961f3c95-ec4e-4561-ab27-b3180e9139c5>
>
> Download and save it to disk.
> Run the file.
>
> Afterwards, verify the version of msxml4.dll matches the "post MS 06-061" listed at http://support.microsoft.com/kb/269238/
> For my XP system, with XML 4, that's msxml4.dll with version 4.20.9839.0
>
> Please note this addressed XML 4 update. If your system happens to have XML 6 as well, you'll want the update for KB925673
> =
> Keep this article handy for reference.
> You cannot install some updates or programs
> http://support.microsoft.com/kb/822798
>
> Also, How to read the Windowsupdate.log file
> http://support.microsoft.com/kb/902093
>
> --
> Maurice N
> MS-MVP (Windows Client) , Aumha.net VSOP , DTS-L
> -----
>
> "MikeH" <> wrote in message news:BCC91B93-5460-48BE-8F0C-...
> > MSXML 4.0 SP2 Security Update (925672)
> >
> > Installation date: 10/11/2006 6:45 PM
> >
> > Installation status: Failed
> >
> > Error details: Code 643
> >
> > Update type: Important
> >
> > A vulnerability exists in Microsoft XML Core Services that could allow for
> > information disclosure because the XMLHTTP ActiveX control incorrectly
> > interprets an HTTP server-side redirect.
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
> > More information:
> > http://support.microsoft.com/kb/925672
> >
>