{"id":36384,"date":"2024-11-14T00:52:30","date_gmt":"2024-11-13T23:52:30","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=36384"},"modified":"2024-12-03T01:54:07","modified_gmt":"2024-12-03T00:54:07","slug":"excel-2016-can-no-longer-load-add-ins-after-nov-2024-update-kb5002653","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/11\/14\/excel-2016-can-no-longer-load-add-ins-after-nov-2024-update-kb5002653\/","title":{"rendered":"Excel 2016 can no longer load add-ins after Nov. 2024 update KB5002653"},"content":{"rendered":"

[German<\/a>]On November 12, 2024, Microsoft released the security update KB5002653 for Microsoft Excel 2016 (MSI version) to close various vulnerabilities. After installing the update, add-ins can no longer be loaded.<\/p>\n

<\/p>\n

Update KB5002653 for Microsoft Excel 2016<\/h2>\n

\"\"I mentioned it briefly in the blog post Patchday: Microsoft Office Updates (November 12, 2024)<\/a>. Microsoft has released the security update KB5002653<\/a> for Microsoft Excel 2016 (MSI version) on November 12, 2024.<\/p>\n

This security update is intended to close the Remote Code Execution vulnerabilities CVE-2024-49026<\/a> (Improper Neutralization of Special Elements used in a Command ('Command Injection')), CVE-2024-49027<\/a> (Use After Free, CVSS 3.1 Score 7.8),\u00a0CVE-2024-49028<\/a> (Out-of-bounds Read), CVE-2024-49029<\/a> (Use of Uninitialized Resource) und CVE-2024-49030<\/a> (Heap-based Buffer Overflow). All of the RCE vulnerabilities were rated as important with a CVSS 3.1 score of 7.8.
\nThe vulnerabilities can also be found in the Click-2-Run versions of Microsoft Excel and were closed there with the updates from November 12, 2024.<\/p>\n

Excel 2016 can no longer load add-ins<\/h2>\n

A blog reader contacted me by email on November 13, 2024 and noted that after installing the KB5002653<\/a> update, no add-ins are loaded when Excel is started (I mentioned this in the article Patchday: Microsoft Office Updates (November 12, 2024)<\/a>). However, this does not seem to be an isolated case.<\/p>\n

Analyzing this error<\/h2>\n

In this comment,<\/a> German blog reader kheldorn<\/em> reports the same error. Since installing the Office updates for Office 2016, he has also noticed problems with add-ins loading. The reader looked in the Event Viewer under \"Microsoft Office Alerts\" under \"Applications and Services Logs\". For example, Excel tries to load the file:<\/p>\n

\"C:\\Users\\username\\AppData\\Roaming\\Microsoft\\AddIns\\LASSIST.XLA\"<\/pre>\n
although this was actually named \"VLASSIST.XLA\". This can be seen in entries found in the Event Viewer:<\/p>\n
Microsoft Excel\r\n\r\nWir konnten 'C:\\Users\\username\\AppData\\Roaming\\Microsoft\\AddIns\\LASSIST.XLA' nicht finden. Wurde das Objekt vielleicht verschoben, umbenannt oder gel\u00f6scht?\r\n\r\nP1: 100202\r\nP2: 16.0.5474.1000\r\nP3:\r\nP4:<\/pre>\n
The reader has found out that manually removing the wrong add-in entry and then adding the add-in again temporarily fixes the problem. The add-in can be reloaded and then works for a short time.<\/p>\n
There are workarounds<\/h2>\n
After restarting Excel 2016, however, the error is there again, the add-in cannot be loaded because it is being searched for with the wrong file name. If you rename the file to \"LASSIST.XLA\", for example, Excel 2016 loads the add-in correctly as long as it is included with the name \"VLASSIST.XLA\". This is probably the better option than uninstalling update KB5002653<\/a>.<\/p>\n
There is a 2nd workaround, if the drive letter in the path to the add-in is cut off. German reader viebrix has<\/a> outlined a workaround. Simply connect the drive with double letters as a network drive and register the add-in there. Then the first letter is removed by the bug and the add-in can be loaded again.<\/p>\n
There is also a 3rd workaround via a registry entry. It should also be possible to adjust the path to the add-in in the registry. There is a user-defined setting under:<\/p>\n
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\office\\16.0\\excel\\options<\/pre>\n
German blog reader MB has described this workaround in this German comment<\/a> – I can't say whether it always works (as outlined here<\/a>) – the problem is that it no longer works when Microsoft rolls out a fix.<\/p>\n
Reports on reddit.com and MS Answers<\/h2>\n
The bug is affecting more users. Blog reader kheldorn<\/em> pointed in a comment to the reddit.com post Office addins broken after updates ?<\/a>,\u00a0where another user reports this error in Microsoft Excel 2016 and asks if anyone else is affected. There kheldorn<\/em> has added his findings above.<\/p>\n
There is a second reddit.com post KB5002653 breaks Excel xla & xlam add-ins<\/a>,\u00a0where this error pattern is also described. The thread starter notes that when testing KB5002653 (security update for Excel 2016), it was found that loading xla(m) Excel add-ins is broken. Excel does not load the add-ins because the first character of the path to the add-ins file is truncated. This leads to the add-in file not being found. Thanks to kheldorn<\/em> for the hint.<\/p>\n
Addendum:<\/strong> After publishing this blog post, I've found also a thread Unable to run Excel Add-ins after (KB5002653) latest patch<\/a> on Microsoft Asnwers.<\/p>\n
Microsoft confirms the bug<\/h2>\n
According to this German comment<\/a> from reader kheldorn<\/em> Microsoft ha confirmed the bug in the support article Description of the security update for Excel 2016: November 12, 2024 (KB5002653)<\/a> in the \"Known issues\" sections.<\/p>\n
After you install this update, Excel add-ins that were enabled the last time you used Excel may not load properly\u00a0when you open Excel.<\/p><\/blockquote>\n
The workaround Microsoft is proposing: To work around this issue, open the add-ins manually by double-clicking them or selecting\u00a0File<\/b>\u00a0>\u00a0Open<\/b>.<\/p>\n
Addendum: An update to fix this bug has been released (see\u00a0Update KB4484305: Fix for Excel 2016 add-in loading bug<\/a>.<\/p>\n
Similar articles:
\n<\/strong>Microsoft Security Update Summary (November 12, 2024)<\/a>
\nPatchday: Windows 10\/Server Updates (November 12, 2024)<\/a>
\nPatchday: Windows 11\/Server 2022 Updates (November 12, 2024)<\/a>
\nPatchday: Windows Server 2012 \/ R2 and Windows 7 (November 12, 2024)<\/a>
\nPatchday: Microsoft Office Updates (November 12, 2024)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
[German]On November 12, 2024, Microsoft released the security update KB5002653 for Microsoft Excel 2016 (MSI version) to close various vulnerabilities. After installing the update, add-ins can no longer be loaded.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,11,1547,22],"tags":[13,47,2879,69,195],"class_list":["post-36384","post","type-post","status-publish","format-standard","hentry","category-issue","category-office","category-software","category-update","tag-excel","tag-issue","tag-patchday-11-2024","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=36384"}],"version-history":[{"count":7,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36384\/revisions"}],"predecessor-version":[{"id":36535,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/36384\/revisions\/36535"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=36384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=36384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=36384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}