Windows Update To Fix Critical 'Wormable' Flaws May Break VB Apps (zdnet.com) 20
"This week's Windows updates fix critical 'wormable' [Bluekeep] flaws but may also break Visual Basic apps, macros, and scripts," warns ZDNet:
"After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an 'invalid procedure call error'," Microsoft says. The issue affects all supported versions of Windows 10, Windows 7, Windows 8.1, and their corresponding server versions. "Microsoft is presently investigating this issue and will provide an update when available," the company said.
Microsoft didn't offer an explanation for the problem but it did flag earlier this month that it will move ahead with sunsetting VBScript, by disabling it in IE11 by default via an update in this week's patch. "The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13, 2019," Microsoft warned in a blog post. The change brought these versions of Windows in line with Windows 10. However, it's not clear that the issues under investigation are related to this measure. Regardless of the cause, the error could be a hassle for organizations that rely on Microsoft's various incarnations of Visual Basic...
In a blog post shared by Slashdot reader CaptainDork, Microsoft warned that "any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction."
"The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."
Microsoft didn't offer an explanation for the problem but it did flag earlier this month that it will move ahead with sunsetting VBScript, by disabling it in IE11 by default via an update in this week's patch. "The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13, 2019," Microsoft warned in a blog post. The change brought these versions of Windows in line with Windows 10. However, it's not clear that the issues under investigation are related to this measure. Regardless of the cause, the error could be a hassle for organizations that rely on Microsoft's various incarnations of Visual Basic...
In a blog post shared by Slashdot reader CaptainDork, Microsoft warned that "any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction."
"The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."
Well, that'll be a problem (Score:4, Interesting)
Re:Well, that'll be a problem (Score:4, Funny)
Be nice if there was an open-source VBScript engine.
Re: (Score:2)
Re: (Score:2)
Microsoft's QA strikes again? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Windows Hydra.
QA? (Score:2)
MS has QA again? When did that happen? :P
I don’t see anything at all (Score:2)
Re: I don’t see anything at all (Score:2)
Re: (Score:2)
Re: (Score:2)
Sandbox (Score:3)
This is why I have a Windows XP virtual machine for running legacy junk. It doesn't see the internet except for Microsoft Update and antivirus updates. I get stuff in and out via shared drives. At this point, I think the XP mode VM thing Microsoft did for a while (in Vista?) is a good idea. Instead of maintaining backwards comparability with everything in 10, get rid of all the cruft and VM the old stuff. Just firewall the heck out of it - make it only see intranet addresses.
Re: (Score:3)
if you break VBS you also break HTA apps (Score:3)
We have a couple of HTA and VBS apps out there. We made them in scripts so that we don't have black box EXE that requires a special compiler environment and not loosing the source code. Now I'm expecting a shit-tonne of tickets for these simple little in-house apps not working. God knows how many COTS apps that have helper scripts written in VBS too. MANY installation packages (MSI, EXE, NSIS, etc) also use VBS to handle dinky things at install time.
This sun-setting of VB Script is news to me. This is how you make people want to run other OS' than Windows.
Re: (Score:2)
yea this is news to me also, *looks over at a bunch of decade old tools* i'm glad i don't work in IT and support others anymore, but it looks like i need to allocate some time to upgrade/rewrite a a bunch of my personal custom tools.. now to pick a language........
Clear as mud,... (Score:2)
How exactly would a worm propagate here? - how does someone else run VB on my machine? Doesn't sound very wormy to me.
Resolving Confusion. (Score:2)
This month's patches fix a wormable flaw in RDP. (Not publicly disclosed or exploited per telemetry.)
There is a defect in this month's patches that cause some VBscripts to throw an error. Microsoft has flagged the latter as a known issue, and indicated they will be fixing it.
You can mitigate the RDP vulnerability by turning on RDP NLA.