KB960715 blocks msflxgrd.ocx in VBA

[kevin...@googlemail.com]

This update (KB960715) causes a problem with the msflxgrd.ocx control
when used in a Access 2003 application. The control gets blocked and
you have to uninstall the update. Would appricate a fix for this as I
am sure this is not what Microsoft intended to fix with this update.

[boncain]

It also causes a problem with msdatgrd.ocx when used in access 2003
application. We payd Microsoft (Italy) for the solution but i think they
have not idea about the problem.

--
boncain
------------------------------------------------------------------------
boncain's Profile: http://forums.techarena.in/members/boncain.htm
View this thread: http://forums.techarena.in/windows-update/1121231.htm

http://forums.techarena.in

[dazamiller]

I have got the same problem. I have emailed microsoft (uk) and will let
you know if they come back with a fix

--
dazamiller
------------------------------------------------------------------------
dazamiller's Profile: http://forums.techarena.in/members/dazamiller.htm

[chri...@gmail.com]

I have the same problems also with MSFLXGRD.OCX. What are going to do
now since our programs that do not work ? We have to replace flexgrid
with different control ? Lot of clients will not accept uninstalling
update.

Apart from uninstalling update or executing the below, I was not able
to find another solution till now:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{6262d3a0-531b-11cf-91f6-c2863c385e30}]
"Compatibility Flags"=-

[boncain]

Ok friend we are in the shit. Microsoft Italy told me that these
controls are not supported yet. You have to scrap your application or
rewrite it without controls. I think that our microsoft support is ill
informed but that's all at the moment.

--
boncain
------------------------------------------------------------------------
boncain's Profile: http://forums.techarena.in/members/boncain.htm

[PA Bear [MS MVP]]

If all of your MS and third-party applications are fully patched themselves,
installing KB960715 shouldn't be causing any problems.

There are only two (2) killbits set by KB960715, one for Akamai Download
Manager and one for Research in Motion (RIM) AxLoader. Both Akamai and RIM
have released security updates related to these killbits: Have you installed
the appropriate update(s) yet? See the FAQ section of
http://www.microsoft.com/technet/security/advisory/960715.mspx.

NB: KB960715 also includes the killbits in KB956391 (originally released 14
Oct-08); cf. http://www.microsoft.com/technet/security/advisory/956391.mspx.
Did you uninstall it, too?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

[kevin...@googlemail.com]

On 12 Feb, 17:51, "PA Bear [MS MVP]" <PABear...@gmail.com> wrote:
> If all of your MS and third-party applications are fully patched themselves,
> installing KB960715 shouldn't be causing any problems.
>
> There are only two (2) killbits set by KB960715, one for Akamai Download
> Manager and one for Research in Motion (RIM) AxLoader.  Both Akamai and RIM
> have released security updates related to these killbits: Have you installed

> the appropriate update(s) yet?  See the FAQ section ofhttp://www.microsoft.com/technet/security/advisory/960715.mspx.

>
> NB: KB960715 also includes the killbits in KB956391 (originally released 14

> Oct-08); cf.http://www.microsoft.com/technet/security/advisory/956391.mspx.

> Did you uninstall it, too?
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Adminhttp://aumha.net
> DTS-Lhttp://dts-l.net/
>
>
>
> kevin.me...@googlemail.com wrote:
> > This update (KB960715) causes a problem with the msflxgrd.ocx control
> > when used in a Access 2003 application. The control gets blocked and
> > you have to uninstall the update. Would appricate a fix for this as I

> > am sure this is not what Microsoft intended to fix with this update.- Hide quoted text -
>
> - Show quoted text -

Have got all the latest updates (apart from this one as have removed
it) and am fully patched. Not sure why it causes an issue but it does.
Have also logged issue the Microsoft UK so fingers crossed.

[chris]

We have a PAYROLL application that runs on MS Access 2003 and uses
msdatgrd.ocx. Our customers were not able to pay their employees today.
Thank god for this post. We told everyone to remove the update

[mik724]

I am having similar problem since yesterday. I tried re-registering msflxgrd
serveral times, but did not fix. The only solution so far is to remove the
KB960715. Thanks guys and let's keep posted

[PA Bear [MS MVP]]

Follow-up:

Error: ManagerEditorNavigateSubForm-e4_MForm_Load: Object doesn't support
this property or method438 - by Dreamteam Design Ltd:
http://support.erol.co.uk:80/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=223

Not sure I agree with their conclusion "we presume that this is a mistake
and Microsoft will resume support in the next Windows Update" though.
--
~PA Bear

PA Bear [MS MVP] wrote:
> If all of your MS and third-party applications are fully patched
> themselves,
> installing KB960715 shouldn't be causing any problems.
>
> There are only two (2) killbits set by KB960715, one for Akamai Download
> Manager and one for Research in Motion (RIM) AxLoader. Both Akamai and
> RIM
> have released security updates related to these killbits: Have you
> installed
> the appropriate update(s) yet? See the FAQ section of
> http://www.microsoft.com/technet/security/advisory/960715.mspx.
>
> NB: KB960715 also includes the killbits in KB956391 (originally released
> 14
> Oct-08); cf.
> http://www.microsoft.com/technet/security/advisory/956391.mspx.
> Did you uninstall it, too?
>

[mik724]

I had similar issue since yesterday, and I tried re-registering the msflxgrd
serveral times but did not fix the errors. The only solution so far has been
to remove the KB960715. Thanks guys and let's keep posted on this issue.

[Ottmar Freudenberger]

<kevin...@googlemail.com> schrieb:

> This update (KB960715) causes a problem with the msflxgrd.ocx control
> when used in a Access 2003 application. The control gets blocked and
> you have to uninstall the update.

http://www.microsoft.com/technet/security/advisory/960715.mspx
-> General Information -> Frequently Asked Questions ->
What does this update do?

<quote>
The following class identifiers relate to the CAPICOM control addressed
in Microsoft Security Bulletin MS08-070, Vulnerabilities in Visual Basic
6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code
Execution (932349):

Class Identifier
{1E216240-1B7D-11CF-9D53-00AA003C9CB6}

{3A2B370C-BA0A-11d1-B137-0000F8753F5D}

{B09DE715-87C1-11d1-8BE3-0000F8754DA1}

{cde57a43-8b86-11d0-b3c6-00a0c90aea82}

{6262d3a0-531b-11cf-91f6-c2863c385e30}

{0ECD9B64-23AA-11d0-B351-00A0C9055D8E}

{C932BA85-4374-101B-A56C-00AA003668DC}

{248dd896-bb45-11cf-9abc-0080c7e7b78d}

</quote>

See http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx for
further details though.

Bye,
Freudi

[Robert_Kenworld]

We simply created a .reg file changing the DWORD value for msflxgrd from
COMPAT_EVIL_DONT_LOAD = 0x00000400 to COMPAT_SAFEFOR_LOADING =
0x00800000. Tested this solution in XP and in Vista and it seems to
solve the problem without having to uninstall the 960715 update.

--
Robert_Kenworld
------------------------------------------------------------------------
Robert_Kenworld's Profile: http://forums.techarena.in/members/robert_kenworld.htm

[chri...@gmail.com]

Yes, it seems we were missing last update. KB960715 blocks msflxgrd
older versions than 6.1.98.12 (November 2008)

http://support.microsoft.com/kb/957924 includes updates of controls
that should be used in order not to have conflict with windows
updates.

[Böning@discussions.microsoft.com Björn Böning]

Found in http://forums.techarena.in/windows-update/1121231.htm:
chri...@gmail.com Posts: n/a

Re: KB960715 blocks msflxgrd.ocx in VBA

--------------------------------------------------------------------------------

Can anyone confirm this and check, if the update 960715 then can install
without problems?

ThankX
Björn

[Björn Böning]

overlooked, that this post is already posted here. Sorry!

This may not solve this issue, because there are also users without VB6
installed with this problem.

[mmor...@bulkmatic.com]

On Feb 13, 9:51 am, Björn Böning <BjrnBn...@discussions.microsoft.com>
wrote:

> overlooked, that this post is already posted here. Sorry!
>
> This may not solve this issue, because there are also users without VB6
> installed with this problem.

This is exactly our problem, we have 200+ users who lost flexgrid
functionality with the auto application of kb960715. Only our
developer, who has VB6, was able to install the security roll up and
continue to use flexgrid pages on our custom intranet site. Thi site
was designed about 8 years ago and has never had an incompatibility
with any MS security updates until now. Any thoughts on replacing the
flexgrid component in our asp based app? Or how do we update the
client components on the pcs? thx

[Harry Johnston [MVP]]

Robert_Kenworld wrote:

> We simply created a .reg file changing the DWORD value for msflxgrd from
> COMPAT_EVIL_DONT_LOAD = 0x00000400 to COMPAT_SAFEFOR_LOADING =
> 0x00800000. Tested this solution in XP and in Vista and it seems to
> solve the problem without having to uninstall the 960715 update.

Of course, this means your machines are exposed to the security vulnerability again.

Harry.

[Ottmar Freudenberger]

<mmor...@bulkmatic.com> schrieb:

> Any thoughts on replacing the flexgrid component in our asp based app?
> Or how do we update the client components on the pcs?

http://support.microsoft.com/kb/957924
There are separte Security Updates for VS based apps, see MS08-070
for details and links.

Bye,
Freudi

[Ottmar Freudenberger]

"Robert_Kenworld" <Robert_Kenw...@DoNotSpam.com> schrieb:

> We simply created a .reg file changing the DWORD value for msflxgrd from
> COMPAT_EVIL_DONT_LOAD = 0x00000400 to COMPAT_SAFEFOR_LOADING =
> 0x00800000.

And you re-enabled the vulnerability with doing so. Not a wise idea
if you'ld ask me.

Bye,
Freudi

[Aquidneck]

The good news is that there's a download that brings most, if not all, the
affected controls up to date: KB957924 is a VS6 rollup.

The bad news is that you can't install it on a workstation that doesn't have
VS6 installed.

My solution was to create an empty VB6 program that utilized one of the
controls from each of the OCX files, such as MSHFLXGD.OCX. Just the act of
installing that empty program on the affected workstations resolved my issues
with Access 2003.

MS somewhat acknowledges the issue in KB932349, but doesn't provide a clear
solution for any Office apps using VBA. I'm rather suprised and disappointed
that they just didn't include the affected runtime files as part of the
hotfix...

Al Petersen

[Harry Johnston [MVP]]

Aquidneck wrote:

> The good news is that there's a download that brings most, if not all, the
> affected controls up to date: KB957924 is a VS6 rollup.
>
> The bad news is that you can't install it on a workstation that doesn't have
> VS6 installed.

There are versions for Office Project and Office Frontpage here:

<http://www.microsoft.com/technet/security/bulletin/ms08-070.mspx>

http://www.microsoft.com/technet/security/bulletin/ms08-070.mspx

Harry.

[Aquidneck]

At least on the surface, that may solve the issue, but according to the pages
you point to, they explicitly require the installation of Project or Front
Page on the target workstation. For my clients, those aren't installed; they
have the basic MSO installation of Word, Excel, PowerPoint and Access.

Following the MS thread backwards on those pages, I still don't see a hotfix
that corrects the problem for the base MSO installation. Tracking down
corrections to MS oversights on hotfixes amount to non-billable hours on my
part, and my weekends are "Heinz" weekends as it is - "catch up" on
commitments to clients.

Let's face it. MS dropped the ball on this one, and I'm sure left many more
developers than me in the dark by not including the appropriate VBA runtime
updates in KB960715. Easy enough on their part to do, and a pain in gazorkas
for the rest of us when MS doesn't think through, and thoroughly test, the
various hotfixes thrown at us.

[Harry Johnston [MVP]]

Aquidneck wrote:

> At least on the surface, that may solve the issue, but according to the pages
> you point to, they explicitly require the installation of Project or Front
> Page on the target workstation. For my clients, those aren't installed; they
> have the basic MSO installation of Word, Excel, PowerPoint and Access.

In which case, at least in theory, the controls in question shouldn't be
installed in the first place - unless there's a third-party application
involved, in which case it should have an update that includes the affected
controls.

Are you able to verify that msflxgrd.ocx is installed along with a base Office
install, without Project or Frontpage?

Harry.

[Aquidneck]

The answer to your question is no, I can't. What I do know is that those two
applications were installed on client workstations one and three years ago,
respectively, and have worked perfectly well until KB960715. Nor do I want
to spend the time to validate what did and didn't get installed with the apps.

My point is that if MS is going to issue a hotfix that affects VBA runtimes,
those OCX updates should be included in that hotfix, regardless of whether
the target machine has them installed or not. They already throw too much
crud at us, as it is, with automatic updating.

In my mind, then, you're asking the wrong question. Yes, it's a third party
app, and regardless of how the OCX files that make it work get there, I think
the onus is on MS to update affected VBA runtimes at the same time when they
issue a hotfix that breaks them, regardless of how the broken OCX files got
installed in the first place.

[Harry Johnston [MVP]]

Aquidneck wrote:

> The answer to your question is no, I can't. What I do know is that those two
> applications were installed on client workstations one and three years ago,
> respectively, and have worked perfectly well until KB960715. Nor do I want
> to spend the time to validate what did and didn't get installed with the apps.

I think you were missing my point - if it so happens that a base install of
Office includes msflxgrd.ocx, and there is no corresponding update, then
Microsoft will consider that a bug and will fix it if we bring it to their
attention. If msflxgrd.ocx was distributed with a third-party application, then
the application developer is expected to have distributed a patch, and Microsoft
won't consider it to be a (Microsoft) bug.

Now, whether Microsoft *should* support Visual Studio OCX controls directly
rather than through the developers is another issue entirely, but it's pretty
much pointless to debate it; they don't, and I very much doubt they're going to
be convinced to change their mind. My only comment on the subject is that the
relevant security bulletin *was* released two months ago, so it isn't as if
developers haven't had time to provide an update.

Harry.

[PA Bear [MS MVP]]

See this related post for a resolution:
http://groups.google.com/group/microsoft.public.access/browse_thread/thread/89875607e2a2ea3a?hl=en&ie=UTF-8&oe=UTF-8&q=960715

--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

[PA Bear [MS MVP]]

Also http://accessblog.net/2009/02/kb960715-ie7-is-breaking-access-apps.html

PA Bear [MS MVP] wrote:

> See this related post for a resolution:
> http://groups.google.com/group/microsoft.public.access/browse_thread/thread/89875607e2a2ea3a?hl=en&ie=UTF-8&oe=UTF-8&q=960715
>

[Aquidneck]

Both links won't resolve the issue of ActiveX controls in an MSO application.
My problem surfaced in MS Access with two separate clients. One link you
gave does list the affected controls, so my quick solution was to create an
empty VB6 project with the affected tools selected. Compile and package it
up and do an install on the affected workstation, and the problem is solved.

I still maintain it would have been a lot less painful if MS had just rolled
those updated OCX files into KB960715 in the first place.

[Williamson@discussions.microsoft.com Stephen Williamson]

We distribute a couple of these controls with our application - an
application that hosts VBA. We ship a number of VBA modules with each
installation that have dependency on the offending ocxs (hence the
distribution). So, fair enough, the dlls are security flawed and must be
upgraded. We can patch our install database (msi) with the latest dll by
extracting it from the VB6 distro, as described above. However, once
installed these safe versions still fail at vba compile time with "hidden
module not found" error - my guess is that there is a licensing issue. My
question is where to source a non-developer, non-deisgn-time licensed version
that is freely distributable? Do we need to establish a new licensing
agreement with MS? The control we distribute currently comes from an ancient
msm file, the source of which has been lost in the sands of time!

Of course, we have other options - drop the dependency on the controls or
migrate to VSTA, neither are short-term solutions. Ideas greatly appreciated.

[Aquidneck]

The only suggestion I can offer is what worked for me, which is create an
empty VB6 project using the controls from the following link:

http://accessblog.net/2009/02/kb960715-ie7-is-breaking-access-apps.html

I'd go back to your original distro, do an install of the 'empty' VB6
project, and test the results. I doubt it's a license issue. VBA doesn't,
to my knowledge, check versions.

All I did for my fix (that MS should have provided) is create a VB6 project,
select those particular components identified in the link above, and compile
the result, using the MS installer to create an installable. That solved my
issue with MSO, without having to touch the VBA code. If your 'ancient'
control isn't included in that list, go ahead and include it in the 'empty'
project after running the VB6 rollup.

You didn't indicate the source language for your app, but I would expect the
same principle to apply in your case - once the affected controls are safely
ensconsed in windowsl\system32 and the registry, I would be surprised if you
continue to have an issue.

Good luck...

[J@discussions.microsoft.com Jean-Paul J]

[Jean-Paul J]

I've made this update of OCX and reinstall the KB960715. After restart the
computer, the DWORD in register is set to 400 hexa. The only way I found is
writing a function with API advapi32.dll to rewrite the correct entry form my
program !

[Ottmar Freudenberger]

"brian ellis" <brian el...@discussions.microsoft.com> schrieb:

> Compatibility Flags value changed from 400 to 0

And Windows make use of a known to vulnerable version of that ActiveX
control then. Not the right choice, if you'ld ask me.

Bye,
Freudi

[Harry Johnston [MVP]]

brian ellis wrote:

> This patch also causes an issue with MSMASK32.ocx
>
> Can be fixed by amending the registry key below:-
>
> Windows Registry Editor Version 5.00
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
> Compatibility\{C932BA85-4374-101B-A56C-00AA003668DC}]

>
> Compatibility Flags value changed from 400 to 0

This is not a good solution because it reintroduces the security vulnerability.

Harry.

[MattNak]

[MattNak]

I made my Access 2007 work with this with the new controls on PCs without VB6.
I would imagine it should work for Access 2003 as well.

Steps to take:
1. Install the May 2009 VB Controls Update on PC with VB6
2. The two files in C:\windows\system32 you want is
MSFlxGrd.ocx and the comcat.dll (its dependent file)
3. Unregister these two files from your target machine without VB installed
a) Run cmd for dos box, then type regsvr32 -u
c:\windows\system32\msflxgrd.ocx
b) regsvr32 -u c:\windows\system32\comcat.dll
4. Replace target PC files with the two new files you extracted in step 2
5. Register the two new replacement files with the dependent file first:
a) Open the cmd box
b) regsvr32 c:\windows\system32\comcat.dll
c) regsvr32 c:\windows\system32\msflxgrd.ocx
6. Run your Access App and check to see your Flexgrid is just doing fine! ;-)

For handful of PCs, you can do this manually.
For lots of PCs or for client site, you can just script this process in cmd
script and run it on each PC or push it out automatically and have it run the
script.

[Chris Stammers]

Hello,

Does anyone know of any otherHotfix that will cause this problem? I have had
KB960715 removed from my system and the network now no longer tries to
install it however I am having this problem with VBA flexigrids again, with
the error message 'Compile error in hidden module'. As this update no lnger
exists, it surely must be another one that has come through recently. Does
anyone have any ideas?

Many thanks.

Chris

"PA Bear [MS MVP]" wrote:

> Follow-up:
>
> Error: ManagerEditorNavigateSubForm-e4_MForm_Load: Object doesn't support
> this property or method438 - by Dreamteam Design Ltd:
> http://support.erol.co.uk:80/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=223
>
> Not sure I agree with their conclusion "we presume that this is a mistake
> and Microsoft will resume support in the next Windows Update" though.
> --
> ~PA Bear

>
> PA Bear [MS MVP] wrote:

> > If all of your MS and third-party applications are fully patched
> > themselves,
> > installing KB960715 shouldn't be causing any problems.
> >
> > There are only two (2) killbits set by KB960715, one for Akamai Download
> > Manager and one for Research in Motion (RIM) AxLoader. Both Akamai and
> > RIM
> > have released security updates related to these killbits: Have you
> > installed
> > the appropriate update(s) yet? See the FAQ section of
> > http://www.microsoft.com/technet/security/advisory/960715.mspx.
> >
> > NB: KB960715 also includes the killbits in KB956391 (originally released
> > 14
> > Oct-08); cf.
> > http://www.microsoft.com/technet/security/advisory/956391.mspx.
> > Did you uninstall it, too?

[PA Bear [MS MVP]]

To avoid confusion, please begin a new thread about your specific problems,
preferably in a VB-specific newsgroup. State your IE version and full
Windows version (e.g., WinXP SP3; Vista SP2) in your first post.

Did you read
http://groups.google.com/group/microsoft.public.windowsupdate/msg/e0f8704499f82397?

Is your install VB version fully patched, too (e.g.,
http://support.microsoft.com/?kbid=957924)?

[Harry Johnston [MVP]]

Chris Stammers wrote:

> Does anyone know of any otherHotfix that will cause this problem? I have had
> KB960715 removed from my system and the network now no longer tries to
> install it however I am having this problem with VBA flexigrids again, with
> the error message 'Compile error in hidden module'. As this update no lnger
> exists, it surely must be another one that has come through recently. Does
> anyone have any ideas?

ActiveX killbit update rollups are cumulative. So every killbit rollup since
960715 will have the same effect 960715 does.

Remember, by leaving the updates out you are leaving your machine vulnerable to
attack! The best solution is to update the ActiveX control to the corrected
version, not to block the killbit updates.

Harry.

[dappertje]

Here a script and update for this problem.
Unpack to your hdd and run fixupdate.bat
In vista run as admin.
The script do the following thing, unregister all the problematic ocx
controls,
copy new updated ocx controls and register them.
It worked for a great deal of people

+-------------------------------------------------------------------+
|Filename: Fix flexgrid.zip |
|Download: http://forums.techarena.in/attachment.php?attachmentid=9378|
+-------------------------------------------------------------------+

--
dappertje
------------------------------------------------------------------------
dappertje's Profile: http://forums.techarena.in/members/52366.htm
View this thread: http://forums.techarena.in/windows-update/1121231.htm

http://forums.techarena.in

[PA Bear [MS MVP]]

I would touch that link or download with YOUR ten-foot pole, d00d!

dappertje wrote:
> Here a script and update for this problem.
> Unpack to your hdd and run fixupdate.bat
> In vista run as admin.
> The script do the following thing, unregister all the problematic ocx
> controls,
> copy new updated ocx controls and register them.
> It worked for a great deal of people
>
>
> +-------------------------------------------------------------------+
>> Filename: Fix flexgrid.zip |

>> Download: XXXX://forums.techarena.in/attachment.php?attachmentid=9378|
> +-------------------------------------------------------------------+