[German]The December 14, 2021 security updates for Microsoft Office (MSI installer version) cause issues with Microsoft Access. Only one user can still access the databases. In the meantime it is clear that the Click-2-Run versions of Office/Access are also affected by updates. Microsoft has confirmed the problems in the meantime, so I give a short overview again.
Advertising
Fix for CVE-2021-42293 causes problems
CVE-2021-42293 describes a vulnerability in the Microsoft Jet Red Database Engine and in the Access Connectivity Engine. This vulnerability allows elevation of privilege. However, Microsoft rates the exploitability of the vulnerability as low probability.
- Microsoft patched the vulnerability as of December 14, 2021 for the MSI versions of Microsoft Office 2013 and 2016 through updates KB5002104 (Office 2013) and KB5002099 (Office 2016).
- For the Click-2-Run versions of Microsoft 365, Microsoft Office 2019 and Microsoft Office LTSC 2021, on the other hand, a Click-to-Run update with corresponding fixes was rolled out – there are no individual updates.
In the blog post Patchday: Microsoft Office December 2021 updates (14.12.2021) causes Access issues, I had indeed pointed out that the two updates listed above affect access to Access databases. This is because German blog readers have reported on the blog that they are having problems with the Access engine after installing the update.
MS Access does not work anymore. Databases can now only be edited by one person at a time.
The error was confirmed by other blog readers. Other GErman users had left comments on the blog as shown below. Kommentare
We have had a problem with Access databases not working in multi-user access for some customers since the Windows update. The "file could not be locked." In other words shared access to Access databases is no longer possible.
This also affects Access 2013/2016 Runtime, which is used by some users.
Click2Run variants also affected
Within this German comment then a German user asked if Access from Office 2019/2021 and 365 was also affected. I had negated this, referring to the two updates mentioned above. The background is that Office 2019/2021 and 365 are installed as a Click2Run solution and do not receive security updates via Windows Update on Patchday (2nd Tuesday of the month).
Advertising
For the Click2Run versions of Microsoft Office (Microsoft 365 Apps for enterprise, Microsoft 365 Apps for business, Office 2016 Retail (C2R), Office 2019, Office LTSC 2021, Office 2021), there was an update of the entire Office package to the following builds on December 14, 2021:
Current Channel: Version 2111 (Build 14701.20248)
Monthly Enterprise Channel: Version 2110 (Build 14527.20340)
Monthly Enterprise Channel: Version 2109 (Build 14430.20380)
Semi-Annual Enterprise Channel (Preview): Version 2108 (Build 14326.20692)
Semi-Annual Enterprise Channel: Version 2102 (Build 13801.21086)
Semi-Annual Enterprise Channel: Version 2008 (Build 13127.21842)
Office 2021 Retail: Version 2111 (Build 14701.20248)
Office 2019 Retail: Version 2111 (Build 14701.20248)
Office 2016 Retail: Version 2111 (Build 14701.20248)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20204)
Office 2019 Volume Licensed: Version 1808 (Build 10381.20020)
Hier im Blog wurde daher kurze Zeit nach der Frage aus der Leserschaft des Blogs bestätigt, dass auch die Click2Run-Varianten nach einer Aktualisierung von diesem Bug betroffen sind.
Microsoft confirms the issues
Based on the initial feedback, I then informed Microsoft via Twitter and referred to the English-language blog post of mine. A short time later, Microsoft then added the following entry to the support posts for KB5002104 (Office 2013) and KB5002099 (Office 2016).
After this update is installed, databases that are stored on a network share can't be accessed by multiple users simultaneously. Microsoft is aware of this issue and will update this KB when a fix is available.
The only remedy in these two cases is to uninstall the above-mentioned security updates KB5002104 (Office 2013) and KB5002099 (Office 2016). Heinrich Moser gives the following command for the updates of the Click2Run versions of Microsoft Office (Office 365/2016 C2R/2019) distributed on December 14, 2021 in the Current Channel in this German comment to reinstall the previous version:
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user updatetoversion=16.0.14701.20226
This is the build rolled out on December 3, 2021 (see). It is not necessary to restart the machines. On Microsoft Answers there is also this thread on the subject. MVP Daniel Pineault has also published a post here with corresponding references.
Addendum: Shortly after writing this article, Microsoft has released Version 2111: December 16 Build 14701.20262 and wrote:
This update fixes an issue that would prevent multiple users from opening a database on a network file share.
But this support article hasn't been updated till yet.
Similar articles:
Microsoft Office Patchday (December 7, 2021)
Microsoft Security Update Summary (December 14, 2021)
Patchday: Windows 10 Updates (December 14, 2021))
Patchday: Windows 11-Updates (December 14, 2021)
Patchday: Windows 8.1/Server 2012-Updates (December 14, 2021)
Patchday: Updates für Windows 7/Server 2008 R2 (December 14, 2021)
Patchday: Microsoft Office December 2021 updates (14.12.2021) causes Access issues
Update fixes Windows AppX installer 0-day vulnerability CVE-2021-43890 (used by Emotet)
Thank you for this thorough summary. At the moment it appears Microsoft still hasn't rolled out any standalone or bundled update to resolve this for VOLUME LICENSED versions of Office 2016 (only 365, Retail 2016, and Volume 2019+). This update has broken critical network-shared databases in my organization, and because 2099 was meant to fix vulnerabilities IS will understandably be hesitant to revert.
.20262 did not fix this issue. We are currently holding at .20226. ALL of our databases are now broken and causing much hardship in our organization. It's now been over a week. WTF Microsoft??? How could you have done this…and not fixed the issue immediately.