[German]Windows users depending on old CHM help file format are running into a serious issue after installing May 2018 update. Windows (from Windows 7 up to Windows 10) blocks viewing these files, if they are located on network shares. Here are a few details.
Advertising
A user query
I need to confess, I wasn't aware of this issue, because I am not using CHM help files frequently. A German blog reader, however, send me a mail that drew my attention to the topic.
I work for the company xyz …., and we provide the help to our customers once as manual (PDF) and once as online help (*.chm files à F1 key à appropriate help topic).
Unfortunately, customers have had problems with this since the Microsoft update KB4103727, help cannot be called.
Do you know something about it – in the best case, of course, a solution? (where the solution to uninstall the update is out of the question).
These are, of course, two problems. First the display of .CHM help files and the second, calling help via F1 function key. It looks like both features have been disabled by updates.
Update KB4103727 has been released on May 8, 2018 for Windows 10 V1709 (see Windows 10 security updates May 8, 2018). This update fixes some security issues in Windows.
Users of Windows 10 V1803 experience the same problem with update KB4103721, under Windows 7 the update KB4103712 is seen as the cause. The description of both update packages provides a direct reference to the change: Security updates for Internet Explorer, Windows apps, Windows kernel, Microsoft graphics component, Windows storage and file systems, HTML help, and Windows Hyper-V.
Searching the web
Within this Microsoft Technet forum thread a user already outlined the problem. After installing update KB4103727 it is no longer possible to open CHM files under Windows 10 V1709. It becomes apparent that viewing the content of CHM files from a network share is no longer possible.
The background is that CHM files are HTML documents and pose a latent security risk. Microsoft therefore internally sets Internet zone bits for CHM files at network level. The files are then considered as unsafe and are no longer viewable.
Advertising
A simple test helps to check, whether this is the cause: Just move the CHM file to a local folder. Right-click on it, go to Properties and make sure that the Allow button is not displayed on the General tab or, if available, click on the button. This deletes the Internet zone bit of the file. Then the CHM file should be viewable again.
In Microsoft's Technet forum a user proposes a workaround within this thread using symbolic links.
mklink /D c:\MyHelp \\myserver\helpfiles
This allows a network link to be mirrored to a local folder, allegedly eliminating the problem.
At reddit.com is also a thread about this topic with the result, that the MaxAllowedZone and UrlAllowedList group policy entries no longer work. Within this thread I found a mention, that Microsoft support is aware of this and should fix it with the June update. A workaround looks like this:
Copy the following 3 DLLs from an unpatched computer to the System32 directory on a test system. Take possession of the DLLs and grant full access beforehand. Testing and feedback.
hhctrl.ocx
itircl.dll
itss.dll
For 64-bit Windows, the files must also be copied to the SysWOW64 folder. Let's see if Microsoft fixes this in June 2018.
Similar articles:
Update fixes Windows 8.1 WinHlp32 problem (KB917607)
Windows 8.1: WinHelp32.exe issue after December Patchday?
Advertising
Does the Win7 KB4103718 update do the same thing to CHM help files as it did with KB4103712?
hi, wurde das Problem im June Patchday behoben? vielen dank
As far as I know, the issue hasn't been fixed in June 2018 Patchday.
We filed a support case with Microsoft in May. Here is the update I received today.
—
We understand that the problem has impacted your business due to a recent update. The decision to stop access to HTML help files over a network location was due to a Security vulnerability. While the product team is investigating the impact of the changes I cannot commit to you that we will be able to come up with a possible fix anytime soon nor do I have an ETA. This means that the decision to roll back the update is also not something I can commit on. In my view as this is a security vulnerability it may not be in the best interest to keep it unpatched by rolling back the update. I would not recommend it to you either to uninstall the update.
Thx for your feedback – it confirms my worsest fears.
IMHO. This risk is totally acceptable!
What is the different between CHM of (c:) local storage or (LAN) network storage ?
Nothing! The executed HTML (CHM) file can take in both situations risk (java, javascript, ocx, or other) code.
regards
Henrik