DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 926509 - Last Review: May 9, 2007 - Revision: 1.9

On This Page

SYMPTOMS

When you access Microsoft Commerce Server Business Desk applications, you may experience unexpected behavior. For example, when you perform searches for users and orders, no records are returned.

These problems occur after you install security update MS06-061 on the client computers that use the Business Desk application.

For more information about security update MS06-061, click the following article number to view the article in the Microsoft Knowledge Base:
924191  (http://support.microsoft.com/kb/924191/ ) MS06-061: Vulnerabilities in Microsoft XML Core Services could allow remote code execution

CAUSE

These problems occur because Business Desk applications use the Microsoft XML parser (MSXML) version 2.6. After you install security update MS06-061, you cannot use MSXML 2.6 in Microsoft Internet Explorer. This behavior is by design. The security update packages set the "kill bit" for this version of MSXML. The "kill bit" prevents the component from running in Internet Explorer.

RESOLUTION

To resolve these problems, follow these steps.

Step 1: Update the Web server that is hosting the Business Desk application

To do this, search for the string "MSXML2.XMLHTTP.2.6" in all the files in the following two folders on the Web server that is hosting the Business Desk application:
  • The %COMMERCE_SERVER_ROOT%\Widgets folder.
  • The folder that contains the Business Desk site code files. For example, this folder may be the Drive:\Inetpub\Wwwroot\Retailbizdesk folder.
Then, replace the string "MSXML2.XMLHTTP.2.6" with the string "MSXML2.XMLHTTP". For example, you may have to update the following files for a typical installation of Commerce Server 2002 Business Desk applications:
  • The following files are located in the %COMMERCE_SERVER_ROOT%\Widgets folder:
    • ExprbldrHTC\ExprBldr.htc
    • ListHTC\ListSheet.htc
    • ListHTC\ListSheetF.htc
    • ListHTC\TreeView.htc
  • The following files are located in the Drive:\Inetpub\Wwwroot\Retailbizdesk folder:
    • Catalogs\Designer\Common.asp
    • Catalogs\Editor\Common.asp
    • Catalogs\Editor\List_Catalogs.asp
    • Include\Dlg_permissions.asp
    • Include\HTTPXMLUtil.htm
    • Profiles\XmlHttpUtil.vbs
    • Security\Include\Security_util.asp
    • Security\Security.asp
Note Commerce Server 2000 does not use all of these files.

You can use the findstr command to locate files that contain the string "MSXML2.XMLHTTP.2.6". For example, type the following command at a command prompt, and then press ENTER:
findstr /spin MSXML2.XMLHTTP.2.6 *
For more information about the findstr command, type findstr /? at the command prompt, and then press ENTER.

Open each of these files in a text editor such as Notepad. Then, use a Find And Replace operation to replace the string "MSXML2.XMLHTTP.2.6" with the string "MSXML2.XMLHTTP".

Step 2: Restart IIS on the Web server that is hosting the Business Desk application

Use Iisreset.exe to restart Microsoft Internet Information Services (IIS) on the Web server that is hosting the Business Desk application. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
202013  (http://support.microsoft.com/kb/202013/ ) Internet Information Services 5.0 command-line syntax for Iisreset.exe

Step 3: Update MSXML to version 3.0 or to a later version on the client computers if it is required

For more information about how to obtain MSXML, visit the following Microsoft Web sites:
http://msdn2.microsoft.com/en-us/xml/bb190622.aspx (http://msdn2.microsoft.com/en-us/xml/bb190622.aspx)
http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx (http://www.microsoft.com/technet/security/bulletin/ms06-061.mspx)
For more information about how to determine the version of MSXML that is installed on a computer, click the following article numbers to view the articles in the Microsoft Knowledge Base:
278674  (http://support.microsoft.com/kb/278674/ ) Determine the version of MSXML parser installed on a computer
269238  (http://support.microsoft.com/kb/269238/ ) List of Microsoft XML parser (MSXML) versions

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

APPLIES TO
  • Microsoft Commerce Server 2002 Standard Edition
  • Microsoft Commerce Server 2000 Standard Edition
Keywords: 
kbtshoot kbnofix kbbug kbprb kbexpertiseinter KB926509
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support