It was a Microsoft Word (VBA) application written back in 2001.
Essentially what it does is:
- user selects a letter type.
- the user then enters some customer reference numbers.
- the VBA application does an Oracle database lookup to convert those customer reference numbers into names and postal addresses.
- which the VBA then uses to “mail merge” into whatever number of letters need to be sent out.
And it was broken.
I had a feeling that writing about patch management policy would come back to bite me (and it did).
Here’s what the broken application looks like:
and the working one:
The most visible difference is the little boxes on the screen:
So let’s fire up the VBA editor and find out what they are:
Masked Edit Boxes.
From there, it was a short hop, skip, and a jump to find this article:
Visual Basic 6 Controls stop working after Security Advisory 960715
Ah, yes, we’d just finished applying a Microsoft Security patch, this one in fact (MS09-032). As an aside, we would have bitten in the ass, had we applied the earlier MS08-070 patch as well.
The work-around, we’ll rollback the security patch until we find a solution.
The sort of solutions we’ll be looking at:
- Work though the steps outlined in Visual Basic 6 Controls stop working after Security Advisory 960715
- Selectively “un-kill” the kill bits, by using Jesper Johansson’s SlayOCX VBscript, which you can read about here and download the latest version here.
- Having the Microsoft Word VBA application fixed, or re-written.
Update: Oh the irony! A year ago today I wrote about “Things to remember when hunting bugs.”
Related posts:
Broken websites, and Microsoft update KB2661254
VBscript to uninstall a Microsoft security patch
“The operating system is not presently configured to run this application”
Powered by YARPP.