April 2020 updates for Office come with a warning

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

The April 2020 security fixes for Microsoft Office come with a warning that some VBA code will stop working. There are workarounds to let some references through.

The KB4557055 security fix blocks VBA references that link to Internet or intranet sources or have been downloaded from the Internet. That will effect some Office/VBA code which will need updating.

That’s a good move and some might argue, a belated one.  It stops hackers trying to infect a computer by hiding malicious code in an external library or taking over the references stored elsewhere.

What is blocked?

Three broad types of reference are now blocked when the link is from the Internet, intranet or downloaded from the Internet.

  • Typelibs (*.olb, *.tlb, *.dll)
  • Executable files (*.exe)
  • ActiveX controls(*.ocx)

VBA won’t be able to ‘see’ the external library and shows a “ Can’t find project or library “ error.

img 5e982e99453b6 - April 2020 updates for Office come with a warning

Source: Microsoft

Workarounds

There are ways to unblock access to external references.

Intranet links can be enabled via a Group Policy – Administrative TemplatesMicrosoft Office 2016 | Security Settings
| All VBA to load typelib references by path from untrusted intranet locations.

april 2020 updates for office come with a warning microsoft office 36764 - April 2020 updates for Office come with a warning

Source: Microsoft

Object libraries (DLL) will load if registered using regsvr32 .

What about trusted locations?

Microsoft documentation implies that these changes apply to all external references but the GPO details (see above) suggest that links to trusted sites will still work.

Who gets it?

According to Microsoft, the change applies to; Office 365, Office 2016, Office 2013 and Office 2010.

We assume the omission of Office 2019 is a mistake. Just one of the problems with the documentation of this major change.

NSA discovered security bug that can affect Microsoft Office

Windows update causes Office VBA to fail

 

subs profile e1563205311409 - April 2020 updates for Office come with a warning
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address