FAQ for VBA solutions affected by April 2020 Office security updates

When you install one of the Microsoft Office security updates that are listed in Microsoft Common Vulnerabilities and Exposures CVE-2020-0760, you might notice that some types of Visual Basic for Applications (VBA) references are blocked, and you receive an error message.

This article provides some frequently asked questions (FAQ) to tell users and IT admins what to do if their existing VBA solution breaks.

Note This change in behavior is caused by a design change in Office. The new behavior is by design. Therefore, a fix is not necessary and no mitigation will be provided.

The following types of VBA references might be affected:

• Typelibs (*.olb, *.tlb, *.dll)
• Executable files (*.exe)
• ActiveX controls(*.ocx)

These files might be blocked if they are located on the internet or intranet servers, or if they are downloaded from the internet.

For more information about the VBA object library reference, see Check or add an object library reference.

If your existing VBA solutions have some VBA object libraries or references that are blocked, the following error message is displayed.

[Asset 4557072]

This is a standard message that indicates missing VBA object libraries. If you receive this error message, revisit your current VBA solution, and replace the blocked libraries with local ones.

Internet VBA object libraries: We recommend that you block these because they are vulnerable.

Intranet VBA object libraries: You can enable these through a GPO setting, as shown in the following image. The setting is located under User Configuration > Administrative Templates > Microsoft Office 2016 > Security Settings.

[Asset 4557082]

• Check or add an object library reference
• Library reference VBA
• Office VBA reference