Cyber security news for all


    Microsoft fixes a problem in VBA issues for Office security updates

    Microsoft has released unscheduled fix updates for Microsoft Office 2010- 2016 that can be downloaded and installed manually if required. An update released in April 2020 for the security patchday on some systems, which caused problems with projects in the scripting language.

    Unwanted Blockages Through Correction Update

    The April security update that brought the VBA issues with it removes the Office vulnerability, which can be used remotely. By default, to protect against the vulnerability, the security update blocks pointers to unsafe locations when used in VBA programs. A sensible protection mechanism, which, was explained on the first reports of the VBA problems, can be handled with a workaround using group guidelines if required. However, it is now known that the update also prevents the reloading of components whose file names or path contain characters.

    This is an error loading type libraries, which attackers can use to execute malicious code. All they have to do is persuade their victim to load a manipulated Office file. Unfortunately, after installing the patches, the Office versions 2010 and 2016 also refused to load regular VBA macros (Visual Basic for Applications).

    This problem occurs whenever components are linked in the macros whose path contains double byte characters. Microsoft has now provided some additional updates for affected users, which you should import manually if necessary. If you have installed the security update for Office 2010 and 2016 and have problems with the known problem VBA macros, you will now receive KB3101353 for Office 2016, which corrects this problem.

    @petesmst kicked off this morning:

    I am using Microsoft 365 Home (Current Version: 2004 – Build 12730.20250 Click-to-Run) on a Windows 10 (64-bit) Version 1909 (OS Build 18363.836) Desktop PC. When attempting to “Update Now”, the download of updates starts and then stops after around 3-4 minutes. Nothing further happens, even if left running overnight.

    The Improvements And Corrections With The Update Are

    • The update resolves the issue that occurs after you install the security update.
    • Visual Basic for Applications macros are not loaded if they contain references to components that are in a file path. Or you have a file name that contain double byte character set.

    Recent Articles

    Related Stories