We have recently started seeing a few problems with Microsoft Dynamics GP VBA (Visual Basic for Applications) customizations as the result of a critical Windows Update that was released. I have done some research on the issues our customer's have been seeing and I wanted to share my findings with the community. The root cause has been narrowed down to Microsoft Security Bulletin MS08-070, which addresses security risks found in certain ActiveX controls. This bulletin was originally published December 9, 2008.
Background of the critical Windows UpdateThe critical update is to address issues in multiple ActiveX controls where there was a possibility of remote code execution if the user would visit a website with specially crafted code to exploit this issue. The affect is the publisher of the website containing the malicious code could potentially take over complete control of the user's system. The vulnerabilities were discovered in very commonly used ActiveX controls, such as the MS FlexGrid control (MSFLXGRD.OCX) and the MS DataGrid control (MSDATGRD.OCX) as well as a few others (see security bulletin MS08-070).
This affects a broad set of Developer tools and Office software such as VB6 Runtime, Visual Studio 2002/2003 SP1, FoxPro 8/9 SP1/SP2, Frontpage 2002 and Project 2003 SP3/2007 SP1. Here is a great chart of the affect controls taken from the security bulletin. Of particular interest to us is the VB6 Runtime files.
Severity Ratings and Vulnerability Identifiers (excerpt from MS08-070)
Vulnerability Severity Rating and Maximum Security Impact by Affected Software
DataGrid Control Memory Corruption Vulnerability - CVE-2008-4252
FlexGrid Control Memory Corruption Vulnerability - CVE-2008-4253
Hierarchical FlexGrid Control Memory Corruption Vulnerability - CVE-2008-4254
Windows Common AVI Parsing Overflow Vulnerability - CVE-2008-4255
Charts Control Memory Corruption Vulnerability - CVE-2008-4256
Masked Edit Control Memory Corruption Vulnerability - CVE-2008-3704
Microsoft Developer Tools
Microsoft Visual Basic 6.0 Runtime Extended Files
CriticalRemote Code Execution
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual FoxPro 8.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 1
Microsoft Visual FoxPro 9.0 Service Pack 2
Microsoft Office Software
Microsoft Office FrontPage 2002 Service Pack 3
Microsoft Office Project 2003 Service Pack 3
Microsoft Office Project 2007 and Microsoft Office Project 2007 Service Pack 1
The security update changes registry settings to prevent a COM object from being instantiated in Internet Explorer. However, there is a known problem that affects applications using VBA code. If your Dynamics GP VBA code is using one of the affected controls on a userform, your code may no longer function after the update is installed. This known issue is discussed further in KB932349.
To resolve this issue, there is an new rollup update for the ActiveX controls that was published on February 10, 2009. The rollup update is discussed further in KB960715. This rollup update contains updated files for the previously published advisory MS08-070 as well as two 3rd party ActiveX controls. Locate the appropriate download for your operating system version.
Several folks are reporting that a recent Windows update is causing problems with VBA code in Dynamics
My problem is with the FlexGrid control on a GP10 VBA User Form.
It would be really special if Microsoft were to publish a fix for this issue that could be applied directly to the affected machines. They have not. They have an update for VB6 SP6 that updates the affected controls, but the only way to repair the distributed applications is to repackage them, and this is not an option for the VBA modules.
It would also be cool if searching for *.exd (recommended in KB957924) on Vista actually found the existing files. A command window must be used to delete them.
PLEASE READ BEFORE POSTING
Please only post comments relating to the topic of this page.
If you wish to ask a technical question, please use the links in the links section (scroll down, on right hand side) to ask on the Newsgroups or Forums. If you ask on the Newsgroups or Forums, others in the community can respond and the answers are available for everyone in the future.