Microsoft has released a security update on Tuesday (10/10/2006) as part of the monthly patch Tuesday cycle for the .NET Framework 2.0 that addresses a vulnerability which could allow information disclosure. This security update is described in security bulletin MS06-056 and in Knowledge Base Article 922770.

A small number of users have reported issues with installing this update. It appears that the issues reported fall into 3 categories:

Problem 1
The installation fails because Windows Installer 3.1 (a pre-requisite for all .NET Framework 2.0 updates) is not present on the computer. This is easily remedied by installing Windows Installer 3.1 from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c
All .NET Framework 2.0 patches require Windows Installer 3.1, so it is worthwhile doing this now.

Problem 2
The installation fails with an error code 0x643 (hex) or 1603 (decimal).
A workaround for this issue is described here in KB Article 923100

Problem 3
The installation fails with an error code 1324 and a message that “The folder ‘Program Files’ contains an invalid character”.
A workaround for this issue is described here in KB Article 923101


Out of the millions of potential customers that were eligible to install this patch (by virtue of having the .NET Framework 2.0 installed), we are only seeing a miniscule fraction of these users reporting any problems installing the patch.

The appropriate teams are working hard on identifying the root cause for issues #2 and #3, so that the problem can be fixed. Given the very wide range of combinations of hardware and installed software applications that the .NET Framework and the patch can be installed on, what is needed is adequate customer data to reproduce the problems.

I am wondering if anybody reading this post has run into issues #2 and #3 and would be willing to help out by providing data that might help us reproduce these problems. If you are, I would appreciate you getting in touch with me.