Patch/Configuration Management, Vulnerability Management

Microsoft Word users fuming as abnormal update borks macros

A security update for Windows 10 has left users furious as the patch has removed templates and macros in Microsoft Word.

The trouble started when users installed Windows 10 Cumulative Update KB3124200. This caused the word processor's Normal.dotm template to be renamed. This then led to the creation of a new Normal template.

Users vented their rage on the Microsoft Office forum website.

“The template has just been wiped without my intervention and reset to a factory default, losing all my settings, macros etc.  This has happened before (I saved a spare 'Normal' after that, which seems to have vanished),” said user Alexander Howard. “Why is this happening and how can I stop it?  Is there a keypress perhaps which I inadvertently used?  (Erm, it has changed the keyboard to an American one too!)”

The problem appears to affect anyone who has customised Word using macros, changed corrections or autotext. The Normal document template stores settings pertaining to the user. Word recreates the normal template if it cannot find a copy or that copy is corrupted. The issue appears only to affect users of Word 2016.

According to a posting by a Microsoft engineer, the team “identified a problem that occurs after the latest update (version 16.0.6366.nnnn) to Office is applied. After the update, Word will rename the existing Normal.dotm to ‘Normal.dotm.old' during startup (or NormalEmail.dotm in the case of Word as the email editor for Outlook).”

Rob_L, a group engineering manager, said: “This means that all of the content in that original Normal.dotm (macros, autotext entries, styles, etc.) will no longer be loaded by Word, and when Word shuts down, a new “clean” Normal.dotm will be created.”

He added: “All of the original customizations/content that was present in Normal.dotm are preserved, but they are now in a different file in your Templates directory.”

Ian Trump, security lead at Logicnow, told SCMagazineUK.com that Microsoft is “rushing, trying to stay ahead of both cyber-criminal exploits and correcting bugs in the popular office suite”.

“This is the third patch to alter a component of Office in the last couple of months (Outlook X2 and now Word). Clearly, Microsoft is trying hard to build better software, but the complexities and hooks of applying that software into the Operating System is proving a challenge.”

Trump said that organisations must “absolutely test patches and have a strategy in place for when a patch goes wrong. That strategy must include monitoring social media, SANS, Twitter and Slashdot for information related to bad patches”.

“Microsoft and other vendors need to up the game for patch reliability, or they run the risk of having IT Admins not patch their systems in a timely manner and lose more machines to cyber-criminals,” he said.

Mark James, security specialist at IT Security Firm ESET, told SC that possibly Microsoft's QA processes had not spotted the problem because of issues within its testing environment.

“As the file is recreated on startup, if no prior instructions were kept in their test file and timestamps were not monitored, it is quite possible this was missed in the excitement to release. Luckily for them, this is a rather insignificant issue but to be honest I would expect the Microsoft QA process to be faultless by now – it's not like they have not had a lot of practise.”

James said that in an ideal situation, all patches and fixes should go through a testing process before they are unleashed onto a production environment.

“It's not always practical and you can't always test 100 percent to make sure every update is fit for purpose, but this type of issue would have been found sooner rather than later.”

Fortunately, it is simple for users to recover the lost template files. As James explained, the previous normal.dotm file has simply been renamed so renaming it to the original name should restore functionality. “Make sure Outlook or Word is closed, press the Windows key + r and type ‘%appdata%MicrosoftTemplates' in the box.

“In the directory you should see a number of files, check your file name and the dates they were renamed, rename your current file just in case you need it back, and then rename one of the old ones to the correct name [normal.dotm]and try Word or Outlook. Then hold your breath and wish for the best – there is a good chance all your AutoText blocks, Styles, Macros, etc. have returned.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.