First updates released that fix the Windows VB bugs
Microsoft released updates for Windows 7, Windows 8.1, and Windows 10 version 1709, as well as Windows Server 2008, 2008 R2, 2012 and 2012 R2 that addresses the recently discovered Visual Basic bug.
The company released the monthly security updates for Windows and other company products on August 13, 2019. Then, two days later, Microsoft acknowledged that the updates released for client and server versions of Windows were causing issues with Visual Basic applications and scripts.
The company noted:
After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an "invalid procedure call error."
Microsoft did not reveal additional information about the issue at the time but the issue occurred shortly after Microsoft started to disable VBScript by default on machines running "older" versions of Windows. VBScript was disabled on newer versions of Windows a month earlier.
Microsoft released the following cumulative updates on August 16, 2019 that address the Visual Basic issues in those operating systems:
- Windows 7 SP1 and Windows Server 2008 R2 SP1: KB4517297
- Windows 8.1 and Windows Server 2012 R2: KB4517298
- Windows 10 version 1709: KB4512494
The release notes state:
Addresses an issue in which the following may stop responding and you may receive the error, "Invalid procedure callâ€:
- Applications that were made using Visual Basic 6 (VB6).
- Macros that use Visual Basic for Applications (VBA).
- Scripts or apps that use Visual Basic Scripting Edition (VBScript).
The updates for Windows 7, Windows 8.1, Windows Server 2008 R2 and 2012 R2 are not available via Windows Updates; home users need to download them manually from the Microsoft Update Catalog. Organizations find them using Windows Server Update Services (WSUS).
Here are the links to the Microsoft Update Catalog website from where the updates may be downloaded manually:
- KB4517297 for Windows 7 and Windows Server 2008 R2
- KB4517298 for Windows 8.1 and Windows Server 2012 R2
- KB4512494 for Windows 10 version 1709
Tip: you can check the August listing on the Microsoft Update Catalog to monitor update releases. There you find the links to the updates for Windows Server 2008 and 2012.
It is unclear why updates for other supported Windows 10 versions were not released as well. The update for Windows 10 version 1709 addresses other issues. It fixes the long-standing Preboot Execution Environment startup issue among other things. (thank you EP)
Closing Words
If you are affected by VB issues you may want to consider upgrading the system to the new version right away to fix the issue. Everyone else may be better off skipping the update for now; it will be included in coming patches automatically.
Link is incorrect for Win7 etc.
Which link is incorrect?
You need to amend the Windows 7/Server 2008 link to this one Martin: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4517297
At the moment it takes you to this one: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4512486
Problem is with
“Here are the links to the Microsoft Update Catalog website from where the updates may be downloaded manually:
KB4517297 for Windows 7 and Windows Server 2008 R2”
The link points to KB4512486 instead of KB4517297 .
But why tho? VB6 is 21 years old…let it die. Those bugs would be the perfect opportunity to make users get newer software and not cling on obsolete 90’s stuff with more security holes than Swiss cheese.
Same goes for VBA and VBS -> sadly they’re still widely used, but still deserve to go to hell. I bet everyone who ever had “fun” with ILoveYou or Melissa will agree with me.
Boy, you’re a weirdo and have no idea about business
Backwards compatibility is what made Windows popular and used by so many people and organizations. I personally am all for backwards compatibility. The “is 21 years old…let it die” is not an argument to ditch old software. You might have no use for it, but someone surely does.
Just because software is old doesn’t automatically make it full of security holes.
@jupe: EOL software doesn’t ever get patched, especially if it’s custom made and the maker went bankrupt a long time ago.
If anybody wants to continue using their K6-2 machine with 95OSR2 and Office 97 because “why replace if it still works” that’s fine by me, but for the love of god, keep it offline.
@Siggi : If You use Windows 7 and later, for God sake, keep them offline ! Yes, there are new malware (worms) that only affects them, not Vista, not XP a.s.o !
@Harro Glööckler : It is time for You to grow up !
The “KB4517297 for Windows 7 and Windows Server 2008 R2” link links to KB4512486 in the Microsoft catalog.
The first link for Windows 7 KB4517297 takes you to the download for the current monthly security-only rollup – KB4512486.
I was able to enter KB4517297 into the search box and find it that way – and was able to download it from there with no problem.
Please check the posted link for Windows 7
I did not try the other links.
Thanks
Thanks. Microsoft links to the wrong update on the Microsoft Update Catalog and I copied that link. Fixed it now.
The link to the new update for Win 7 is https://www.catalog.update.microsoft.com/Search.aspx?q=kb4517297
KB4517297 for Windows 7 and Windows Server 2008 R2 should read on the blog page:
KB4512486 for Windows 7 and Windows Server 2008 R2 but he link itself is fine.
Apologies Martin, my post above was not what I meant to type but glad you got the link sorted :)
As I SMQR patched on release day, I’ve updated on W8.1 and W7 both x64 and no issues encountered with VB/VBS update fixes.
sfc /verify only reports no integrity violations.
just in this afternoon of 8/19, Martin – KB4512509 update for v1803 which includes the VB6/VBA bug fixes.