[German]Microsoft has also released updates for Office 2016 on patchday, September 12, 2023, that are supposed to eliminate vulnerabilities. I got now reports, the Office 2016 update KB5002457 is causing issues and Office can no longer be used. The only solution is to uninstall this update.
Advertising
Office 2016 Update KB5002457
Update KB5002457 is supposed to fix two spoofing vulnerabilities in Microsoft 2016 for MSI installations. These are the following two vulnerabilities:
- CVE-2023-36767: Microsoft Office Security Feature Bypass vulnerability; CVSS 3.1 Score 4.3; Important; A vulnerability exists in the attachment preview that opens when the user clicks on mail attachments in Microsoft Outlook. The attacker would be able to bypass the protection in Outlook that prevents the upload and download of a potentially dangerous extension. While Microsoft cannot rule out impacts to confidentiality, integrity and availability, it classifies the ability to exploit this vulnerability on its own as limited. An attacker would have to combine this vulnerability with other vulnerabilities to carry out an attack.
- CVE-2023-41764: Microsoft Office Spoofing vulnerability; CVSS 3.1 Score 4.8; Moderate; To exploit the vulnerability, a user must open a specially crafted file (e.g., provided via email or a web link). Thus, exploitation requires the active cooperation of the user by opening the file and could lead to a complete loss of integrity. The vulnerability could allow an unauthenticated attacker to inject malicious content into a document that then passes authentication checks if a partial signature is present.
These vulnerabilities have also been addressed in other versions of Office (KB500247 for Office 2013), as well as in the Click-2-Run versions of current Office versions and Office 365.
Probleme mit dem Update
Within my German blog, user PhSt has reported problems after installing Office 2016 update KB5002457. He sees more and more errors like this:
The ordinal 1539 could not be located in the dynamic link library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso.dll.
This is a 32-bit Office installation, and the appwiz.cpl module can also trigger the error message "The operating system is not presently configured to run this application.". In follow-up comments, other administrators confirmed this error pattern and confirmed also that uninstalling update KB5002457 fixes the problem. However, not all installations are affected, as I could see from the comments – the reason why there are issues on some systems is currently unknown. I assume that Office 2013 and its Click-2-Run counterparts, as well as Office 365, may also be affected.
Advertising
This explains the error.
Description of the security update for Office 2016: September 12, 2023 (KB5002498)
Perfect, was looking for this and had my problems solved. Many thanks!
Thanks Problem Resolved….
Thank you so much!!
Thanks! It helped!
Method 2 was helpful in my case. Thank you
Had same issue:
"The ordinal 1539 could not be located in the dynamic link library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso.dll.".
Uninstalling KB5002457 also fixed the issue for me.
However, KB5002498 appears to be the correct security patch going forward with KB5002457 installed as a prerequisite.
Thank you.
This helped me to fix user's issue today! Thank you so much!
I did not remove KB5002457
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-office-2016-september-12-2023-kb5002498-718ee6f9-6f7b-410e-a32f-65548ebe233a
really useful. thank you
Great many thanks.
but this KB can't be uninstalled by wusa /uninstall /KB:
damned