[German]A brief warning for users are using Windows application accessing MS Access 97 databases. Windows security updates from January 8, 2019, breaks access to MS Access 97 databases (affects all Windows versions). An “unknown database format” error occurs. Here are some more details. Update: Microsoft has confirmed this issue.
First user messages
The first message on this issue reached me from blog reader Ollat in this comment within my German blog (thanks for that). He wrote:
Caution! Since the update our software does not work anymore, which uses itself with Access 97 databases.
Are there similar cases? Can’t find anything on the net…
He linked to this forum post, where he blamed Windows 10 update KB4480116 and the Windows 7 update KB4480970, released on January 8, 2019. The post is written from the developer’s point of view and contains the following information.
After installing in Windows 10 the KB4480116, our application ( developed in VS2010 with Microsoft Access 97 database MDB ) detects an error “unknown database format” when accessing to Access 97 database. The exception starts on msvc100.dll provided by VS 2010. Removing the KB4480116 the issue disappears. How I can get support for this accident ?
The same problem we have on Windows 7 after the KB4480970 installation of January 8th
Addendum: Later on I received the information, that this error occurs, if a database has fieldnames with more than 32 characters. Another user wrote, that he received a ‘Runtime Error 3343 Unrecognized database Format’. Within the forum thread it is advised to convert the Access 97 database to the Access 2007 database format. But this is not possible for customers, who don’t have access to the source code. I also discussed this idea within the comments of my German blog. There was the feedback, that it will be risky, to convert a bigger Access 97 data base to the new Access 2007 data base format. It can end in a night mare (mission impossible), because the runtime environment for the later version of data base drivers has significant changed.
German blog reader Ollat also noticed, that the data base error “unknown database format” only occurs, if data table fields are longer as 32 characters.
Later I found at Microsoft Answers this forum thread, obviously startet from the same developer (I guess, it’s blog reader Ollat).
There are Workarounds
Uninstalling the Windows January 2019 updates will cure the issue. But this is risky, because those updates fixes critical vulnerabilities (for instance a PowerShell remote execution flaw). Within this MS Answers forum thread another user posted a (less riskier) workaround. Someone simply replaced the msrd3x40.dll v4.0.9801.7 from January 8, 2019 with an older version 4.0.9801.5 (from 25/09/2018). After that the Access 97 database was readable again. The DLL is located in the Windows subfolder syswow (see also this Microsoft article).
Note: The file msrd3x40.dll belongs to the Jet Database Engine, as you can see within this Microsoft document.
The problem: Microsoft has updated the msrd3x40.dll file to fix vulnerabilities in the Jet Database Engine (see my blog post Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019 for instance). If an old version of the DLL is now copied to the Windows subfolder syswow, the Jet Database Engine vulnerability is still open (the patch is neutralized).
So you have two worse choices: Either you have to uninstall the complete security update (see below) and are unpatched. Or you can replace the DLL, and probably rip open the Jet Database Engine vulnerability. Unfortunately, Microsoft has not yet listed this as a known issue.
But there is another workaround user AJakobs mentioned within this MS Answers forum thread. He mentioned, that it’s possible to change the string defining the used Data Source Provider from:
AJakobs observed, that the Data Access Object interface (DAO 3.51) was able to access the Access 97 database, also after the Windows January 2019 patches has been installed, whilst the newer DAO 3.6 failed also with a data base format error.
All Windows January 2019 Updates affected
At German site administrator.de a user has published this post, mentions all Windows January 2019 Updates are affected. So I went into my blog and checked the update description for Windows 7 up to Windows 10. Indeed, alle security updates enlisted below are patching the Jet Database Engine.
- KB4480116 for Windows 10 Version 1809
- KB4480966 for Windows 10 Version 1803
- KB4480978 for Windows 10 Version 1709
- KB4480973 for Windows 10 Version 1703
- KB4480961 for Windows 10 Version 1609
- KB4480962 for Windows 10 Version 1507
- KB4480963 (Monthly Rollup) for Windows 8.1
- KB4480964 (Security Only) for Windows 8.1
- KB4480970 (Monthly Quality Rollup) for Windows 7 SP1
- KB4480960 (Security-only update) for Windows 7 SP1
Some of these updates are also available for the respective server counterparts. Details as well as the changes to the Jet Database Engine are mentioned in the following linked blog posts.
Note: I’ve escalated this MS answers forum thread to Microsoft’s moderators. Let’s hope, they bring the issue to attention of their software developers.
Addendum: Microsoft has confirmed the bug within the know issue section in the kb articles of all Windows security patches. Will write a follow up article, that also sheds light to Microsoft’s recommendation (and the pitfalls).
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200)
Microsoft explains the Windows 7 KMS activation issue
Network issues with updates KB4480970 and KB4480960