Developing for Dynamics GP

by David Musgrave (Perth, WA, Australia) and the Microsoft Dynamics GP Developer Support Team (Fargo, ND, USA)

Windows Update causes problems with VBA code

Windows Update causes problems with VBA code

  • Comments 2

Greg WillsonWe have recently started seeing a few problems with Microsoft Dynamics GP VBA (Visual Basic for Applications) customizations as the result of a critical Windows Update that was released.  I have done some research on the issues our customer's have been seeing and I wanted to share my findings with the community.  The root cause has been narrowed down to Microsoft Security Bulletin MS08-070, which addresses security risks found in certain ActiveX controls.  This bulletin was originally published December 9, 2008.

Background of the critical Windows Update
The critical update is to address issues in multiple ActiveX controls where there was a possibility of remote code execution if the user would visit a website with specially crafted code to exploit this issue.  The affect is the publisher of the website containing the malicious code could potentially take over complete control of the user's system.  The vulnerabilities were discovered in very commonly used ActiveX controls, such as the MS FlexGrid control (MSFLXGRD.OCX) and the MS DataGrid control (MSDATGRD.OCX) as well as a few others (see security bulletin MS08-070).

This affects a broad set of Developer tools and Office software such as VB6 Runtime, Visual Studio 2002/2003 SP1, FoxPro 8/9 SP1/SP2, Frontpage 2002 and Project 2003 SP3/2007 SP1.  Here is a great chart of the affect controls taken from the security bulletin.  Of particular interest to us is the VB6 Runtime files.

Severity Ratings and Vulnerability Identifiers (excerpt from MS08-070)

Vulnerability Severity Rating and Maximum Security Impact by Affected Software

Affected Software

DataGrid Control Memory Corruption Vulnerability - CVE-2008-4252

FlexGrid Control Memory Corruption Vulnerability - CVE-2008-4253

Hierarchical FlexGrid Control Memory Corruption Vulnerability - CVE-2008-4254

Windows Common AVI Parsing Overflow Vulnerability - CVE-2008-4255

Charts Control Memory Corruption Vulnerability - CVE-2008-4256

Masked Edit Control Memory Corruption Vulnerability - CVE-2008-3704

Microsoft Developer Tools

 

 

 

 

 

 

Microsoft Visual Basic 6.0 Runtime Extended Files

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Microsoft Visual Studio .NET 2002 Service Pack 1

Not applicable

Not applicable

Not applicable

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Microsoft Visual Studio .NET 2003 Service Pack 1

Not applicable

Not applicable

Not applicable

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Microsoft Visual FoxPro 8.0 Service Pack 1

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Microsoft Visual FoxPro 9.0 Service Pack 1

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Microsoft Visual FoxPro 9.0 Service Pack 2

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Critical
Remote Code Execution

Microsoft Office Software

 

 

 

 

 

 

Microsoft Office FrontPage 2002 Service Pack 3

Not applicable

Critical
Remote Code Execution

Not applicable

Not applicable

Not applicable

Not applicable

Microsoft Office Project 2003 Service Pack 3

Not applicable

Critical
Remote Code Execution

Not applicable

Critical
Remote Code Execution

Not applicable

Not applicable

Microsoft Office Project 2007 and Microsoft Office Project 2007 Service Pack 1

Not applicable

Not applicable

Not applicable

Critical
Remote Code Execution

Not applicable

Not applicable

The security update changes registry settings to prevent a COM object from being instantiated in Internet Explorer.  However, there is a known problem that affects applications using VBA code.  If your Dynamics GP VBA code is using one of the affected controls on a userform, your code may no longer function after the update is installed.  This known issue is discussed further in KB932349.

To resolve this issue, there is an new rollup update for the ActiveX controls that was published on February 10, 2009.  The rollup update is discussed further in KB960715.  This rollup update contains updated files for the previously published advisory MS08-070 as well as two 3rd party ActiveX controls.  Locate the appropriate download for your operating system version.

Greg

  • Several folks are reporting that a recent Windows update is causing problems with VBA code in Dynamics

  • My problem is with the FlexGrid control on a GP10 VBA User Form.

    It would be really special if Microsoft were to publish a fix for this issue that could be applied directly to the affected machines. They have not. They have an update for VB6 SP6 that updates the affected controls, but the only way to repair the distributed applications is to repackage them, and this is not an option for the VBA modules.

    It would also be cool if searching for *.exd (recommended in KB957924) on Vista actually found the existing files. A command window must be used to delete them.

Page 1 of 1 (2 items)
Comments Information

PLEASE READ BEFORE POSTING

Please only post comments relating to the topic of this page.

If you wish to ask a technical question, please use the links in the links section (scroll down, on right hand side) to ask on the Newsgroups or Forums. If you ask on the Newsgroups or Forums, others in the community can respond and the answers are available for everyone in the future.

Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post