This week’s Microsoft Security update includes a breaking change to MSComCtl.ocx located on most computers in C:\Windows\SysWow6432\mscomctl.ocx.  The update has a different title / KB # depending on the version of Microsoft Office you have installed.  The ones that I have encountered so far include:

Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition: Link:
https://support.microsoft.com/en-us/kb/2881029

Security Update for Microsoft Office 2013 (KB3039794) 32-Bit Edition: Link: https://support.microsoft.com/en-us/kb/3039794 

Security Update for Microsoft Office 2016 (KB2920727) 32-Bit Edition: Link: https://support.microsoft.com/en-us/kb/2920727

In all cases, the update replaces mscomctl.ocx with a new version 6.01.9846.

Microsoft had previously “broken” this control before, however last time it happened, the issue was with the registry.  A simple work around of registering an old version and re-registering the current version typically worked to fix the issue.

This time, that work around does not appear to work.

Users of Blue Link Elite that are affected will see an “Object doesn’t support this property or method” error message when they launch the software: “The OpenForm action was canceled” followed by:

clip_image001

As of this writing, the temporary work around is to un-install this update.  Blue  Link is working on a permanent fix that will allow the application to work with the new version of the control in place.  Until then, the approach to remove the update is different depending on the version of the operating system that you have installed.

How to Remove and Block the KB on different Windows Versions

Windows 10 / Office 2016 32-bit example

To remove the already installed update type “View installed updates” into your search bar and open the View installed updates applet:

image

Select the Security Update for Microsoft Office _____ (KB_______) that matches your version of Office and the KB# that updates mscomctl.ocx, then click the Uninstall button at the top of the screen.

Note: Depending on your windows update settings, it may almost immediately attempt to RE-INSTALL the update, so it is important that when this step is complete that you do not unnecessarily delay before performing the next step of blocking the update.

To Block the update on Windows 10 you now have to download a special tool since Microsoft removed the built-into-the-os version of the feature.

If running Windows 10, you’ll have to download the wushowhide.diagcab file from here:

https://support.microsoft.com/en-us/kb/3073930 

image

Click Next, To Block the update if already un-installed, choose the hide option and then you’ll be presented with a list of updates that have NOT YET BEEN APPLIED to your machine.  If the KB is in this list, you may selected it and then click through the wizard.  This will prevent it from being auto-reapplied:

image

image

image

The procedure on Windows 8.1, and Windows 7 is different.  This blog will be updated on a regular basis as new information is made available.

Note: If you can figure out a way to restore functionality without removing the update please post a comment below.

 

UPDATE: 2016-02-09: Orphaned Registry Keys are the issue

What we have been able to determine is that as Microsoft patches the mscomctl.ocx file new GUIDs get created.  The old GUIDs then become pointers to the new GUIDs, but on some cases, those old GUIDs are still pointing to other GUIDs which now no longer exist.  To fix that problem, those old invalid pointer GUIDs need to be deleted, but Microsoft’s installer for the KB does NOT detect and delete the bogus pointers successfully resulting in the controls not working.

One of our developers has created a utility that will crawl through the mscomctl related registry keys, deleting most.  When that utility is done running he has instructed us to then copy/paste some additional registry deletion commands to an admin command prompt.

Since I don’t expect readers of this blog to simply trust running a .net executable I’ve asked the developer to give me the files and the source code so that we can post it here. 

UPDATE: 2016-04-20: I wasn’t able to get the source code, but I am making a version available for download here.

It should go without saying that you should of course BACKUP your registry before you run any kind of registry script as a best practice.  I cannot assume any responsibility for your actions running deletion scripts against the Windows registry.  That said, our techs are now able to follow these steps and have this issue fixed 99% of the time using the latest security fix version of mscomctl.ocx:

Step 1: unregister the current file: From an Administrator command prompt:

  • change to the folder containing the mscomctl.ocx file (C:\WIndows\System32\ if 32-bit or C:\Windows\SysWow64 on a 64-bit machine).
  • regsvr32 /u mscomctl.ocx

Step 2: Run the BLRegClean_Net.exe utility (Source code coming soon).

Step 3: BACKUP YOUR REGISTRY (if this is the first time you’re trying this for example)

From an administrator command prompt run the following additional deletion statements.

reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{627C8B79-918A-4C5C-9E19-20F66BF30B86}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}" /f
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{95F0B3BE-E8AC-4995-9DCA-419849E06410}" /f

Step 4: Re-Register the mscomctl.ocx file

  • change to the folder containing the mscomctl.ocx file (C:\WIndows\System32\ if 32-bit or C:\Windows\SysWow64 on a 64-bit machine).
  • regsvr32 /u mscomctl.ocx

In most cases these steps alone are sufficient to solve the problem.

In the cases where this has not worked, the technique of register an older version of mscomctl.ocx and then re-register the current version has worked after performing the steps above.

 

Advertisements