--
boncain
------------------------------------------------------------------------
boncain's Profile: http://forums.techarena.in/members/boncain.htm
View this thread: http://forums.techarena.in/windows-update/1121231.htm
--
dazamiller
------------------------------------------------------------------------
dazamiller's Profile: http://forums.techarena.in/members/dazamiller.htm
Apart from uninstalling update or executing the below, I was not able
to find another solution till now:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{6262d3a0-531b-11cf-91f6-c2863c385e30}]
"Compatibility Flags"=-
--
boncain
------------------------------------------------------------------------
boncain's Profile: http://forums.techarena.in/members/boncain.htm
There are only two (2) killbits set by KB960715, one for Akamai Download
Manager and one for Research in Motion (RIM) AxLoader. Both Akamai and RIM
have released security updates related to these killbits: Have you installed
the appropriate update(s) yet? See the FAQ section of
http://www.microsoft.com/technet/security/advisory/960715.mspx.
NB: KB960715 also includes the killbits in KB956391 (originally released 14
Oct-08); cf. http://www.microsoft.com/technet/security/advisory/956391.mspx.
Did you uninstall it, too?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Have got all the latest updates (apart from this one as have removed
it) and am fully patched. Not sure why it causes an issue but it does.
Have also logged issue the Microsoft UK so fingers crossed.
Error: ManagerEditorNavigateSubForm-e4_MForm_Load: Object doesn't support
this property or method438 - by Dreamteam Design Ltd:
http://support.erol.co.uk:80/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=223
Not sure I agree with their conclusion "we presume that this is a mistake
and Microsoft will resume support in the next Windows Update" though.
--
~PA Bear
PA Bear [MS MVP] wrote:
> If all of your MS and third-party applications are fully patched
> themselves,
> installing KB960715 shouldn't be causing any problems.
>
> There are only two (2) killbits set by KB960715, one for Akamai Download
> Manager and one for Research in Motion (RIM) AxLoader. Both Akamai and
> RIM
> have released security updates related to these killbits: Have you
> installed
> the appropriate update(s) yet? See the FAQ section of
> http://www.microsoft.com/technet/security/advisory/960715.mspx.
>
> NB: KB960715 also includes the killbits in KB956391 (originally released
> 14
> Oct-08); cf.
> http://www.microsoft.com/technet/security/advisory/956391.mspx.
> Did you uninstall it, too?
>
> This update (KB960715) causes a problem with the msflxgrd.ocx control
> when used in a Access 2003 application. The control gets blocked and
> you have to uninstall the update.
http://www.microsoft.com/technet/security/advisory/960715.mspx
-> General Information -> Frequently Asked Questions ->
What does this update do?
<quote>
The following class identifiers relate to the CAPICOM control addressed
in Microsoft Security Bulletin MS08-070, Vulnerabilities in Visual Basic
6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code
Execution (932349):
Class Identifier
{1E216240-1B7D-11CF-9D53-00AA003C9CB6}
{3A2B370C-BA0A-11d1-B137-0000F8753F5D}
{B09DE715-87C1-11d1-8BE3-0000F8754DA1}
{cde57a43-8b86-11d0-b3c6-00a0c90aea82}
{6262d3a0-531b-11cf-91f6-c2863c385e30}
{0ECD9B64-23AA-11d0-B351-00A0C9055D8E}
{C932BA85-4374-101B-A56C-00AA003668DC}
{248dd896-bb45-11cf-9abc-0080c7e7b78d}
</quote>
See http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx for
further details though.
Bye,
Freudi
--
Robert_Kenworld
------------------------------------------------------------------------
Robert_Kenworld's Profile: http://forums.techarena.in/members/robert_kenworld.htm
http://support.microsoft.com/kb/957924 includes updates of controls
that should be used in order not to have conflict with windows
updates.
--------------------------------------------------------------------------------
Can anyone confirm this and check, if the update 960715 then can install
without problems?
ThankX
Björn
This may not solve this issue, because there are also users without VB6
installed with this problem.
This is exactly our problem, we have 200+ users who lost flexgrid
functionality with the auto application of kb960715. Only our
developer, who has VB6, was able to install the security roll up and
continue to use flexgrid pages on our custom intranet site. Thi site
was designed about 8 years ago and has never had an incompatibility
with any MS security updates until now. Any thoughts on replacing the
flexgrid component in our asp based app? Or how do we update the
client components on the pcs? thx
> We simply created a .reg file changing the DWORD value for msflxgrd from
> COMPAT_EVIL_DONT_LOAD = 0x00000400 to COMPAT_SAFEFOR_LOADING =
> 0x00800000. Tested this solution in XP and in Vista and it seems to
> solve the problem without having to uninstall the 960715 update.
Of course, this means your machines are exposed to the security vulnerability again.
Harry.
> Any thoughts on replacing the flexgrid component in our asp based app?
> Or how do we update the client components on the pcs?
http://support.microsoft.com/kb/957924
There are separte Security Updates for VS based apps, see MS08-070
for details and links.
Bye,
Freudi
> We simply created a .reg file changing the DWORD value for msflxgrd from
> COMPAT_EVIL_DONT_LOAD = 0x00000400 to COMPAT_SAFEFOR_LOADING =
> 0x00800000.
And you re-enabled the vulnerability with doing so. Not a wise idea
if you'ld ask me.
Bye,
Freudi
The bad news is that you can't install it on a workstation that doesn't have
VS6 installed.
My solution was to create an empty VB6 program that utilized one of the
controls from each of the OCX files, such as MSHFLXGD.OCX. Just the act of
installing that empty program on the affected workstations resolved my issues
with Access 2003.
MS somewhat acknowledges the issue in KB932349, but doesn't provide a clear
solution for any Office apps using VBA. I'm rather suprised and disappointed
that they just didn't include the affected runtime files as part of the
hotfix...
Al Petersen
> The good news is that there's a download that brings most, if not all, the
> affected controls up to date: KB957924 is a VS6 rollup.
>
> The bad news is that you can't install it on a workstation that doesn't have
> VS6 installed.
There are versions for Office Project and Office Frontpage here:
<http://www.microsoft.com/technet/security/bulletin/ms08-070.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-070.mspx
Harry.
Following the MS thread backwards on those pages, I still don't see a hotfix
that corrects the problem for the base MSO installation. Tracking down
corrections to MS oversights on hotfixes amount to non-billable hours on my
part, and my weekends are "Heinz" weekends as it is - "catch up" on
commitments to clients.
Let's face it. MS dropped the ball on this one, and I'm sure left many more
developers than me in the dark by not including the appropriate VBA runtime
updates in KB960715. Easy enough on their part to do, and a pain in gazorkas
for the rest of us when MS doesn't think through, and thoroughly test, the
various hotfixes thrown at us.
> At least on the surface, that may solve the issue, but according to the pages
> you point to, they explicitly require the installation of Project or Front
> Page on the target workstation. For my clients, those aren't installed; they
> have the basic MSO installation of Word, Excel, PowerPoint and Access.
In which case, at least in theory, the controls in question shouldn't be
installed in the first place - unless there's a third-party application
involved, in which case it should have an update that includes the affected
controls.
Are you able to verify that msflxgrd.ocx is installed along with a base Office
install, without Project or Frontpage?
Harry.
My point is that if MS is going to issue a hotfix that affects VBA runtimes,
those OCX updates should be included in that hotfix, regardless of whether
the target machine has them installed or not. They already throw too much
crud at us, as it is, with automatic updating.
In my mind, then, you're asking the wrong question. Yes, it's a third party
app, and regardless of how the OCX files that make it work get there, I think
the onus is on MS to update affected VBA runtimes at the same time when they
issue a hotfix that breaks them, regardless of how the broken OCX files got
installed in the first place.
> The answer to your question is no, I can't. What I do know is that those two
> applications were installed on client workstations one and three years ago,
> respectively, and have worked perfectly well until KB960715. Nor do I want
> to spend the time to validate what did and didn't get installed with the apps.
I think you were missing my point - if it so happens that a base install of
Office includes msflxgrd.ocx, and there is no corresponding update, then
Microsoft will consider that a bug and will fix it if we bring it to their
attention. If msflxgrd.ocx was distributed with a third-party application, then
the application developer is expected to have distributed a patch, and Microsoft
won't consider it to be a (Microsoft) bug.
Now, whether Microsoft *should* support Visual Studio OCX controls directly
rather than through the developers is another issue entirely, but it's pretty
much pointless to debate it; they don't, and I very much doubt they're going to
be convinced to change their mind. My only comment on the subject is that the
relevant security bulletin *was* released two months ago, so it isn't as if
developers haven't had time to provide an update.
Harry.
PA Bear [MS MVP] wrote:
> See this related post for a resolution:
> http://groups.google.com/group/microsoft.public.access/browse_thread/thread/89875607e2a2ea3a?hl=en&ie=UTF-8&oe=UTF-8&q=960715
>
I still maintain it would have been a lot less painful if MS had just rolled
those updated OCX files into KB960715 in the first place.
Of course, we have other options - drop the dependency on the controls or
migrate to VSTA, neither are short-term solutions. Ideas greatly appreciated.
http://accessblog.net/2009/02/kb960715-ie7-is-breaking-access-apps.html
I'd go back to your original distro, do an install of the 'empty' VB6
project, and test the results. I doubt it's a license issue. VBA doesn't,
to my knowledge, check versions.
All I did for my fix (that MS should have provided) is create a VB6 project,
select those particular components identified in the link above, and compile
the result, using the MS installer to create an installable. That solved my
issue with MSO, without having to touch the VBA code. If your 'ancient'
control isn't included in that list, go ahead and include it in the 'empty'
project after running the VB6 rollup.
You didn't indicate the source language for your app, but I would expect the
same principle to apply in your case - once the affected controls are safely
ensconsed in windowsl\system32 and the registry, I would be surprised if you
continue to have an issue.
Good luck...
> Compatibility Flags value changed from 400 to 0
And Windows make use of a known to vulnerable version of that ActiveX
control then. Not the right choice, if you'ld ask me.
Bye,
Freudi
> This patch also causes an issue with MSMASK32.ocx
>
> Can be fixed by amending the registry key below:-
>
> Windows Registry Editor Version 5.00
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
> Compatibility\{C932BA85-4374-101B-A56C-00AA003668DC}]
>
> Compatibility Flags value changed from 400 to 0
This is not a good solution because it reintroduces the security vulnerability.
Harry.
Steps to take:
1. Install the May 2009 VB Controls Update on PC with VB6
2. The two files in C:\windows\system32 you want is
MSFlxGrd.ocx and the comcat.dll (its dependent file)
3. Unregister these two files from your target machine without VB installed
a) Run cmd for dos box, then type regsvr32 -u
c:\windows\system32\msflxgrd.ocx
b) regsvr32 -u c:\windows\system32\comcat.dll
4. Replace target PC files with the two new files you extracted in step 2
5. Register the two new replacement files with the dependent file first:
a) Open the cmd box
b) regsvr32 c:\windows\system32\comcat.dll
c) regsvr32 c:\windows\system32\msflxgrd.ocx
6. Run your Access App and check to see your Flexgrid is just doing fine! ;-)
For handful of PCs, you can do this manually.
For lots of PCs or for client site, you can just script this process in cmd
script and run it on each PC or push it out automatically and have it run the
script.
Does anyone know of any otherHotfix that will cause this problem? I have had
KB960715 removed from my system and the network now no longer tries to
install it however I am having this problem with VBA flexigrids again, with
the error message 'Compile error in hidden module'. As this update no lnger
exists, it surely must be another one that has come through recently. Does
anyone have any ideas?
Many thanks.
Chris
"PA Bear [MS MVP]" wrote:
> Follow-up:
>
> Error: ManagerEditorNavigateSubForm-e4_MForm_Load: Object doesn't support
> this property or method438 - by Dreamteam Design Ltd:
> http://support.erol.co.uk:80/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=223
>
> Not sure I agree with their conclusion "we presume that this is a mistake
> and Microsoft will resume support in the next Windows Update" though.
> --
> ~PA Bear
>
> PA Bear [MS MVP] wrote:
> > If all of your MS and third-party applications are fully patched
> > themselves,
> > installing KB960715 shouldn't be causing any problems.
> >
> > There are only two (2) killbits set by KB960715, one for Akamai Download
> > Manager and one for Research in Motion (RIM) AxLoader. Both Akamai and
> > RIM
> > have released security updates related to these killbits: Have you
> > installed
> > the appropriate update(s) yet? See the FAQ section of
> > http://www.microsoft.com/technet/security/advisory/960715.mspx.
> >
> > NB: KB960715 also includes the killbits in KB956391 (originally released
> > 14
> > Oct-08); cf.
> > http://www.microsoft.com/technet/security/advisory/956391.mspx.
> > Did you uninstall it, too?
Did you read
http://groups.google.com/group/microsoft.public.windowsupdate/msg/e0f8704499f82397?
Is your install VB version fully patched, too (e.g.,
http://support.microsoft.com/?kbid=957924)?
> Does anyone know of any otherHotfix that will cause this problem? I have had
> KB960715 removed from my system and the network now no longer tries to
> install it however I am having this problem with VBA flexigrids again, with
> the error message 'Compile error in hidden module'. As this update no lnger
> exists, it surely must be another one that has come through recently. Does
> anyone have any ideas?
ActiveX killbit update rollups are cumulative. So every killbit rollup since
960715 will have the same effect 960715 does.
Remember, by leaving the updates out you are leaving your machine vulnerable to
attack! The best solution is to update the ActiveX control to the corrected
version, not to block the killbit updates.
Harry.
+-------------------------------------------------------------------+
|Filename: Fix flexgrid.zip |
|Download: http://forums.techarena.in/attachment.php?attachmentid=9378|
+-------------------------------------------------------------------+
--
dappertje
------------------------------------------------------------------------
dappertje's Profile: http://forums.techarena.in/members/52366.htm
View this thread: http://forums.techarena.in/windows-update/1121231.htm
dappertje wrote:
> Here a script and update for this problem.
> Unpack to your hdd and run fixupdate.bat
> In vista run as admin.
> The script do the following thing, unregister all the problematic ocx
> controls,
> copy new updated ocx controls and register them.
> It worked for a great deal of people
>
>
> +-------------------------------------------------------------------+
>> Filename: Fix flexgrid.zip |
>> Download: XXXX://forums.techarena.in/attachment.php?attachmentid=9378|
> +-------------------------------------------------------------------+