Microsoft Security Bulletin MS12-060 (update to MS12-027) disables VBA Scripts (released 08-14-2012)


	Applies To

	Product(s):	Bentley AECOsim Building Designer, Bentley Architecture, Bentley HVAC, Bentley Structural Modeler
	Version(s):	V8i and V8 XM Edition
	Environment:	N/A
	Area:	N/A
	Subarea:	N/A
	Original Author:	Jeffrey Ashley, Bentley Technical Support Group

Overview

Updated 08-14-2012

Microsoft Security Bulletin MS12-060, released August 14, 2012, (update to MS12-027) re-introduces the problem executing VBA scripts within Bentley Structural Modeler XM & V8i, Bentley Structural Modeler XM & V8i and AECOsim Building Designer V8i original cause by applying MS12-027 security update. The issue may also be present in other Bentley applications that use VBA scripts.

Symptoms:

The symptoms that you have been affected by Microsoft Security Bulletin MS12-060 update or the original MS12-027 is you may receive one of several variation of a VBA error, in the message center of Bentley Structural Modeler XM & V8i, Bentley Structural Modeler XM & V8i, AECOsim Building Designer V8i or other Bentley applications. Error messages include but are not limited to:

VBA interface error: unable to run macro - invalid procedure name (error when placing Structural joist girder / bar joist / analysis Import/export)
VBA interface error: unable to run macro - 0x80040552 (error when placing Structural steel truss)
Cannot run VBA module
Placement of Mechanical Content does not display any graphics (in dynamics) after the initial placement point.
Object library invalid or contains references to object definitions that could not be found
Element not found
Cannot insert object

To verify the issue is the result of Microsoft Security Bulletin MS12-060 or MS12-027, please review the Microsoft Updates applied to your computer and determine whether any of the corresponding Service Packs lists either Microsoft Security Bulletin MS12-060 Critical or Microsoft Security Bulletin MS12-027 - Critical were recently applied.

The following are the most commonly applied Service Packs that can cause the reported issue with VBA scripts within Bentley Application

Microsoft Office Suites and Software

Microsoft Office 2003 Service Pack 3 - (Windows common controls)(KB2597112)
Microsoft Office 2003 Web Components Service Pack 3 - (Windows common controls)( KB2687323)
Microsoft Office 2007 Service Pack 2 - (Windows common controls)( KB2687441)
Microsoft Office 2007 Service Pack 3 - (Windows common controls)( KB2687441)
Microsoft Office 2010 Service Pack 1 (32-bit editions) - (Windows common controls)(KB2597986)

For a complete list of Service Packs or Updates that are associated with the Microsoft Security Bulletin MS12-060, please reference http://technet.microsoft.com/en-us/security/bulletin/ms12-060

Cause:

Microsoft Security Bulletin MS12-060 - Critical
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)

This security update resolves a privately reported vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

Resolution:

Please reference the following Microsoft Support Article (Article ID: 2703186) for the resolution to this issue:

To resolve the issue, you must run the “Fix It” option in Microsoft article.

Created by Phil Chouinard
When: Mon, Nov 26 2012 6:17 PM
Last revision by Stephen Brown
When: Tue, Apr 14 2015 8:31 AM
Revisions: 7
Comments: 0

Recommended