{"id":9378,"date":"2017-09-20T05:07:37","date_gmt":"2017-09-20T13:07:37","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/20\/news-3151\/"},"modified":"2017-09-20T05:07:37","modified_gmt":"2017-09-20T13:07:37","slug":"news-3151","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/20\/news-3151\/","title":{"rendered":"Outlook security patches intentionally break custom forms"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security4-100734735-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Woody Leonhard| Date: Tue, 19 Sep 2017 06:37:00 -0700<\/strong><\/p>\n<p>When Microsoft released its Outlook security patches on Sept. 12, several readers complained that their custom form <a href=\"https:\/\/www.computerworld.com\/article\/3225844\/microsoft-windows\/outlook-2010-tower-of-babel-patch-kb-4011089-breaks-vbscript-print.html\">printing capabilities disappeared<\/a>. Ends up the bug that broke VBScript printing isn\u2019t a bug at all.<\/p>\n<p>Microsoft announced over the weekend that it intentionally disabled scripts in custom forms, and those with printable custom forms need to make manual Registry changes to bring the feature back.<\/p>\n<p>Those of you who have installed any of this month\u2019s Outlook security patches:<\/p>\n<p>will have to <a href=\"https:\/\/support.office.com\/en-us\/article\/Custom-form-script-is-now-disabled-by-default-bd8ea308-733f-4728-bfcc-d7cce0120e94\" rel=\"nofollow\" target=\"_blank\">dive into the Registry<\/a> if you want to enable any custom form scripts, including the VBScript printing capability. It\u2019s complicated, and the method varies, depending on which version of Office you\u2019re using and the bittedness of Windows and Office. Diane Poremsky has detailed instructions on her <a href=\"https:\/\/www.slipstick.com\/outlook\/custom-form-security\/\" rel=\"nofollow\" target=\"_blank\">Slipstick Systems site<\/a>.<\/p>\n<p>Of course, Microsoft didn\u2019t tell us about the change when it released the security patches. To this date, there\u2019s no notice in the associated KB articles either.<\/p>\n<p>The change is intended to make it harder for bad guys to break into your computer. That\u2019s a noble goal, but it sure could\u2019ve been communicated in a much better way.<\/p>\n<p>Those of you running Office Click-to-Run either have the bug, or you\u2019re about to get it. Current Channel, Semi-Annual Channel and Insider Slow got the bug, er, new behavior in Sept. 18\u2019s 16.0.8431.2079. Deferred Channel got it in 16.0.8201.2193. Deferred Extended and Insider Fast apparently don\u2019t have the new feature just yet.<\/p>\n<p>The other bug <a href=\"https:\/\/www.computerworld.com\/article\/3225844\/microsoft-windows\/outlook-2010-tower-of-babel-patch-kb-4011089-breaks-vbscript-print.html\">I talked about last week<\/a>, where the Office 2007 and 2010 patches started showing Swedish menus in the Hungarian language version, Portuguese in Italian, Swedish in Slovenian, Spanish in Italian, and many more, hasn\u2019t been fixed. The <a href=\"https:\/\/www.slipstick.com\/outlook\/updates\/outlook-20072010-menus-wrong-language\/\" rel=\"nofollow\" target=\"_blank\">Slipstick Systems site<\/a> has a complex workaround.<\/p>\n<p><em>Vent your spleen on the <a href=\"https:\/\/www.askwoody.com\/\" rel=\"nofollow\">AskWoody Lounge<\/a>.<\/em><\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3226744\/security\/outlook-security-patches-intentionally-break-custom-forms.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security4-100734735-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Woody Leonhard| Date: Tue, 19 Sep 2017 06:37:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>When Microsoft released its Outlook security patches on Sept. 12, several readers complained that their custom form <a href=\"https:\/\/www.computerworld.com\/article\/3225844\/microsoft-windows\/outlook-2010-tower-of-babel-patch-kb-4011089-breaks-vbscript-print.html\">printing capabilities disappeared<\/a>. Ends up the bug that broke VBScript printing isn\u2019t a bug at all.<\/p>\n<p>Microsoft announced over the weekend that it intentionally disabled scripts in custom forms, and those with printable custom forms need to make manual Registry changes to bring the feature back.<\/p>\n<p>Those of you who have installed any of this month\u2019s Outlook security patches:<\/p>\n<ul>\n<li>Outlook 2007 <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4011086\/descriptionofthesecurityupdateforoutlook2007september12-2017\" target=\"_blank\" rel=\"nofollow\">KB 4011086<\/a><\/li>\n<li>Outlook 2010 <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4011089\/descriptionofthesecurityupdateforoutlook2010september12-2017\" rel=\"nofollow\" target=\"_blank\">KB 4011089<\/a><\/li>\n<li>Outlook 2013 <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4011090\/descriptionofthesecurityupdateforoutlook2013september12-2017\" rel=\"nofollow\" target=\"_blank\">KB 4011090<\/a><\/li>\n<li>Outlook 2016 <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4011091\/descriptionofthesecurityupdateforoutlook2016september12-2017\" rel=\"nofollow\" target=\"_blank\">KB 4011091<\/a><\/li>\n<\/ul>\n<p>will have to <a href=\"https:\/\/support.office.com\/en-us\/article\/Custom-form-script-is-now-disabled-by-default-bd8ea308-733f-4728-bfcc-d7cce0120e94\" rel=\"nofollow\" target=\"_blank\">dive into the Registry<\/a> if you want to enable any custom form scripts, including the VBScript printing capability. It\u2019s complicated, and the method varies, depending on which version of Office you\u2019re using and the bittedness of Windows and Office. Diane Poremsky has detailed instructions on her <a href=\"https:\/\/www.slipstick.com\/outlook\/custom-form-security\/\" rel=\"nofollow\" target=\"_blank\">Slipstick Systems site<\/a>.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3226744\/security\/outlook-security-patches-intentionally-break-custom-forms.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,11619],"class_list":["post-9378","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-software"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9378"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9378\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9378"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}