Microsoft Security Bulletin MS06-061 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)

This bulleting plugs 2 holes involving XML and applies primarily to workstations and terminal servers provided you abstain from web browsing on the rest of your servers.  One vulnerability is an information disclosure risk that would allow an attacker to see information from other websites where the user authenticated.  The other vulnerability is an arbitrary, remote code execution risk in XSLT (Extensible Stylesheet Language Transformations).  There are several different versions of XML Core Services which is installed with various Microsoft products.  To determine whether your version of XML Core Services is vulnerable see knowledge base article 269238.  Since these vulnerabilities are not yet publicly detailed I recommend identifying exactly which systems are vulnerable in your environment and testing the patch before deployment. 

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.