Windows users may have to update their PCs more than once to completely patch one of the vulnerabilities Microsoft fixed last week, the company's support site said Monday.

Security update MS06-061 -- one of five labeled "critical" by Microsoft -- may install multiple versions of the XML Parser or XML Core Services when it's downloaded manually or via an automatic update mechanism. But "if you install a version of MSXML after you install this security update, you may have to install an additional package for this security update," read a Microsoft support document.

That "additional package" can only be acquired by running Automatic Update a second time, said security company Symantec.

"Users that may have been affected are advised to re-scan their system for additional updates which may result in an additional patch being accessible that wasn't before," Symantec said in an alert to customers. "Administrators who are planning to, or who already have, applied the MS06-061 patches are advised to review the knowledge base and re-update their systems where applicable."

In a separate support document, Microsoft noted another problem with the MS06-061 update: accessing Commerce Server 2002 Business Desk applications after installing the update may be problematical.

According to Microsoft, the XML parser used by Business Desk is disabled by the MS06-061 patch. To return Business Desk apps to working condition, Microsoft has posted instructions that require users to modify a string found in as many as a dozen different files.