[German]Users of Excel 2013 and Excel 2016 have been suffering since April 2018 patchday from a bug that crashed the program when accessing charts . But there are hotfixes to fix the problem.
History: The Excel security update April 2018
In April 2018 Microsoft released the security updates KB4018319 and KB4018288 for patchday.
- Office 2016: Description of the security update for Office 2016: April 10, 2018 (KB4018319)
- Office 2013: Description of the security update for Office 2013: April 10, 2018 (KB4018288)
Both security updates fix vulnerabilities in Microsoft Office that could allow remote code execution when a user opens a specially crafted Office file. I mentioned the updates in the blog post Patchday Microsoft Office Updates (April 10, 2018). There is a similar security update for Office 2010, which is not discussed here.
Excel crashes after April 2018 update
However, after installing these two security updates, the MSI installer versions of Microsoft Excel 2013 and Excel 2016 (probably also under Excel 2010) experienced crashes. German blog reader Tobias L. informed me about the problem by mail (see blog post Troubleshooting Microsoft April 2018 Updates). When opening Excel workbooks that contain a diagram, an access error 0xc0000005 (Access denied) occurs in the chart.dll module for some documents. At reddit.com there is this thread that describes the problem. Here is an excerpt of the text:
unable to determine so far what it is about the specific chart in our workbook that is causing the recently updated chart.dll and oart.dll files to crash excel, but it looks like the recent office updates are to blame. uninstalling KB4018319 for Office 2016 and KB4018288 for Office 2013 resolves the issue.
posting here in case anyone else runs into this.
crash events are slightly different between office 2016 and 2013. Office 2016 references chart.dll and 2013 references oart.dll.
The crash occurs when accessing the library files chart.dll and oart.dll. The error is described in the Technet in this thread. Here is the (still German) error text of the crash log:
Name der fehlerhaften Anwendung: EXCEL.EXE,
Version: 16.0.4678.1000, Zeitstempel: 0x5aa7e7ca
Name des fehlerhaften Moduls: chart.dll,
Version: 16.0.4678.1000, Zeitstempel: 0x5aa7e891
ID des fehlerhaften Prozesses: 0x14d0
Startzeit der fehlerhaften Anwendung: 0x01d3d722a5bc6843
Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Microsoft Office\Office16\chart.dll
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: …
Within this thread other users confirmed the bug. However, not every workbook with a diagram crashes and it seems to spare the click-to-run installations (they don’t get the updates). After uninstalling updates KB4018319 and KB4018288 the problem is gone.
There is a post in the Technet forum thread where a Microsoft moderator reports that Microsoft has investigated the problem and found a cause.
(Error in Excel charts, Source: Microsoft)
The issue occurs, according to the above screenshot, if the legends of axis entries in the graphic have empty values. A user describes a workaround on the Internet:
- Uninstall and then reinstall the affected Office installation, but allow updates only until before the update.
- Once you have a working state again, save copies of the above DLL files to a safe place.
- Then install the April 2018 security update. As soon as the error returns, copy the backed up copies of the DLL files back.
In other words, the vulnerability fixed with the update is back – and simply uninstalling the security updates also helps. That all happened in April 2018, so it was the hope that the May or June patchday would fix the bug.
Just a hotfix for the issue
However, Microsoft did not release a bug fix update via Windows Update for Office on patchday in May or June 2018 (at least I did not find any accommodation). On May 23rd 2018, Microsoft published two KB articles about that issue and a fix which you can download for the affected Office versions. Here are the links to the KB articles with the fixes and download links.
Bot kb articles describes the fixes as: When you work with charts that contain filtered content in an Office 2016/2013 document, the Office application crashes. This issue occurs after you install update [mentioned above]. During last weekend, somebody mentioned the fixes within the forum posts mentioned above. I did not recognize that, because I’m not using these Office versions. But German blog reader Tobi L. contacted me today via mail an pointed that out. Tobi wrote:
on the topic with the Excel crash for sheets with diagrams (see mail history) I have now been informed about these KBs, which are already one month old:
For Office 2010 there is probably nothing, the problem also exists there, but the creators of the bug don’t care.
Unfortunately, the solution is only offered as a hotfix, i.e. although every Office 2016 MSI installation (click to run probably doesn’t have the problem) might be affected by the bug, Microsoft doesn’t see itself providing this fix via the update catalog, let alone pushing it directly to the WSUS.
In other words, the admins of this world who stupidly chose the MSI version of Office 2016 at that time (I’m ashamed to raise my hand) are now waddled off by being allowed to take care of how they deploy the hotfix on their computers and then report or monitor it.
Unfortunately I haven’t found more detailed information about the KBs, which was released right now to fix the problem. Unfortunately, I fear that the affected chart.dll will simply be replaced with an old, insecure one, which would explain why the fix is not released globally, but only for people who are really bothered by this problem, but that is just an assumption on my part ;-)
The origin of the diagram issue at that time was security update KB4018319 for Excel, where also only the DLL was exchanged and which led to the mentioned Excel app crashes, as soon as diagrams with certain conditions were in the Excel document.
Tobi L. then expresses the hope that I can find out something else about the hotfix. This is too much of an honor, I no longer have contacts to the Microsoft product groups. And what comes across in the Microsoft Answers forums can be classified as ‘for the wast paper basked’. But maybe it helps the one or other affected person who hasn’t noticed about the hotfixes yet.
Patchday Microsoft Office Updates (April 10, 2018)
Troubleshooting Microsoft April 2018 Updates
Windows 10 April Update: Bugs and Issues
Nice? Microsoft fixes an old Excel select issue
Security-Update KB3191855 fixes Excel bug
Security Update KB 3178690 crashes Excel 2010
December Update blocks ActiveX/Macro execution in Excel 2013