News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: April 14, 2020

  • Patch Tuesday bugs appearing already – after installing today’s Office patches, you may trigger a VBA “Compile error: Can’t find project or library”

    Posted on April 14th, 2020 at 13:38 woody Comment on the AskWoody Lounge

    Official confirmation here:

    When you install one of the Microsoft Office security updates that are listed in Microsoft Common Vulnerabilities and Exposures CVE-2020-0760, you might notice that some types of Visual Basic for Applications (VBA) references are blocked, and you receive an error message….

    If your existing VBA solutions have some VBA object libraries or references that are blocked, the following error message is displayed.

    Error message when VBA libs are blocked

    This is a standard message that indicates missing VBA object libraries. If you receive this error message, revisit your current VBA solution, and replace the blocked libraries with local ones.

    It’s going to be a rocky week.

  • Patch Tuesday live updates

    Posted on April 14th, 2020 at 12:25 woody Comment on the AskWoody Lounge

    Patch Tuesday is starting to roll out. I see 98 new patches in the Microsoft Catalog. (Note that four older patches also match a search on “2020-04”.) That’s a very light count. All tolled, they cover 113 security holes, which is a large crop.

    Looks like we have the usual cumulative updates for all versions of Win10.

    Win10 1903/1909 update KB 4549951 is up. There’s also a Servicing Stack Update, KB 4552152.

    Dustin Childs on the ZDI blog reports that there are 113 separately identified security holes. Two are publicly known, two are currently exploited. All of those are rated “Important” which is a significant step down from the usual security level which is “Critical.” Translation: Nothing to be overly concerned about.

    The Adobe Type 1 Font Manager security hole, which is both publicly known and currently exploited, is the one Microsoft announced a couple of weeks ago in ADV 200006. It was so pressing that MS didn’t release a fix at the time. 0patch has since published a micropatch for the problem. If you’ve paid for Win7 Extended Security Updates, you’ll get the patch, but normal Win7 users won’t get it.

    The other currently exploited security hole is yet another bug in the way Windows handles fonts — although it’s a different bug. Win10 is only tangentially affected. Win7 is, but you’ll only get the patch if you pay for it. Expect 0patch to come up with something fairly quickly.

    Ho hum.

    Martin Brinkmann has his usual thorough list on ghacks.net.

    I don’t see anything pressing in the lot. Do you?

    Let’s see if we got a fairly stable set of patches this month…..

    UPDATE: Childs has updated his list so it now shows four “exploited” security holes. The other two aren’t font-related. CVE-2020-0968 takes control through Internet Explorer, which means it could theoretically be triggered if you use Outlook. Microsoft doesn’t say it’s “exploited” on the CVE description page. CVE-2020-1027 seems to be more pernicious, with few details, but Microsoft lists it as “Important,” which means it isn’t.

    So we have four or three exploited security holes, up from two a couple of hours ago.

  • Microsoft extends end-of-life for Win10 version 1809 Pro and Home

    Posted on April 14th, 2020 at 12:17 woody Comment on the AskWoody Lounge

    How about that.

    This was just posted on the official Windows Release Information page:

    We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home, Pro, Pro Education, Pro for Workstations, and IoT Core editions of Windows 10, version 1809 to November 10, 2020. This means devices will receive monthly security updates only from June to November. The final security update for these editions of Windows 10, version 1809 will be released on November 10, 2020 instead of May 12, 2020.

    Not sure what the “security updates only” part means — MS has already said it’s going to stop dropping its ill-conceived “optional, non-security, C/D Week” patches for Win10, starting in May.

    That’s one of the five things I listed in my Computerworld article last week Five steps Microsoft should take RIGHT NOW to help us through the pandemic. Maybe we’ll get the other four?

    Hope springs eternal.

    UPDATE: MS has also extended end-of-life dates for Server 1809, SharePoint Server 2010, and Project Server 2010. Details from Mary Jo Foley on ZDNet.