April 2017 Monthly Rollup Breaks VB6 App

Mark Berry April 12, 2017

I maintain a client-server database app written in VB6 that uses ADO and COM+/DCOM. After installing the “April, 2017 Security Monthly Quality Rollup,” the VB6 app crashes in msado15.dll and ntdll.dll when trying to write to to the database. Uninstalling the update restores full write functionality. This is verified on Windows 7 x86 and Windows 8.1 x64. The issue is also present in Windows 10 x64 but I’m not testing that further.

Let me know if you encounter a similar issue and if you find a solution!

Note that reading from the database seems unaffected; it is only writing that causes problems. In this application, only database requests that write to the database are wrapped in a COM+ transaction (“Requires New” in the component).

Windows 7

Testing on this 32-bit virtual machine, the following updates cause problems:

April, 2017 Security Monthly Quality Rollup for Windows 7 (KB4015549)

Errors in the Application event log:

Log Name:      Application
Source:        Application Error
Date:          4/12/2017 11:10:22 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Description:
Faulting application name: [CustomClient.exe], version: 1.4.0.0, time stamp: 0x530fd205
Faulting module name: msado15.dll, version: 6.1.7601.23715, time stamp: 0x58c06587
Exception code: 0xc0000005
Fault offset: 0x000c5b02
Faulting process id: 0x1790
Faulting application start time: 0x01d2b3b7e89343f2
Faulting module path: C:\Program Files\Common Files\System\ado\msado15.dll
Report Id: 4b1ad824-1fab-11e7-b2f4-0003ff3c9549

Log Name:      Application
Source:        Application Error
Date:          4/12/2017 11:10:27 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Description:
Faulting application name: [CustomClient.exe], version: 1.4.0.0, time stamp: 0x530fd205
Faulting module name: ntdll.dll, version: 6.1.7601.23714, time stamp: 0x58bf8774
Exception code: 0xc0000029
Fault offset: 0x000902f6
Faulting process id: 0x1790
Faulting application start time: 0x01d2b3b7e89343f2
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 4df2cb42-1fab-11e7-b2f4-0003ff3c9549

Windows 8.1

This 64-bit virtual machine is the development environment running Visual Basic 6. The following updates cause problems:

April, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4015550)

Even when run in the VB6 IDE, when trying to write data, rather than trap the error at a specific line number, the entire vb6.exe IDE crashed. The following errors are found in the Application event log:

Log Name:      Application
Source:        Microsoft-Windows-MSDTC Client
Date:          4/12/2017 10:32:47 AM
Event ID:      4156
Task Category: CM
Level:         Error
Description:
String message: RPC raised an exception with a return code RPC_S_INVALIDA_ARG..

Log Name:      Application
Source:        Microsoft-Windows-Complus
Date:          4/12/2017 10:33:15 AM
Event ID:      4434
Task Category: Security
Level:         Warning
Description:
A method call to an object in a COM+ application was rejected because the caller is not properly authorized to make this call. The COM+ application is configured to use Application and Component level access checks, and enforcement of these checks is currently enabled. The remainder of this message provides information about the component method that the caller attempted to invoke and the identity of the caller.Svc/Lvl/Imp = 10/6/3,  Identity = mydomain\MyUser [See “COM+ Configuration” below.]

Log Name:      Application
Source:        Application Error
Date:          4/12/2017 10:37:59 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Description:
Faulting application name: VB6.EXE, version: 6.0.97.82, time stamp: 0x403acf6c
Faulting module name: msado15.dll, version: 6.3.9600.18622, time stamp: 0x58c05749
Exception code: 0xc0000005
Fault offset: 0x000ed8dd
Faulting process id: 0x1344
Faulting application start time: 0x01d2b3b2e8d95900
Faulting application path: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.EXE
Faulting module path: C:\Program Files (x86)\Common Files\System\ado\msado15.dll
Report Id: c4b9983c-1fa6-11e7-8301-00155d266400
Faulting package full name:
Faulting package-relative application ID:

COM+ Configuration

The message in bold above, from VB6 under Windows 8.1, make it sound like an issue with a COM+ call. It says the failing component method is “Svc/Lvl/Imp = 10/6/3” but I don’t know what that is.

I believe when run from the VB6 IDE, COM works a little differently, but the “real” COM+ server, running on a Windows Server 2008 R2 machine, is configured as follows, i.e. to work at the Process level, not the Component level:

MS update issue

Likely Related

Here’s a report of an issue that is likely related to my issue:

FYI: KB4015217 breaks ADODB.Recordset Filter property

Update April 27, 2017

I’ve been hoping that some large enterprise customer would be affected by this issue and get Microsoft to fix and re-release the patch. However, using my PowerShell script to get update details, it looks like KB4015549 (for 32-bit Win7) has not changed since April 11:

MS-update-issue2



9 Comments

  1. bfuerchau   |  April 18, 2017 at 7:28 am

    This error is on all windows platforms!
    The reason is the assignment of Bookmark-Array to the Filter-Property of Recordset-Object.
    You can only do, removing the security-updates from windows.

    If you can change your vb6-apps, i can provide you a solution:
    Copy your last working msado15.dll to your application path.
    Get a pointer to the exported “DllGetClassObject”-Function and create all needed ADO-Objects with wrapperfunctions. You must du this for all ADO-Objects you need.
    If you are firm with c++ and ATL-COM, you can do this in a little COM-Class.

  2. HowCountry   |  April 19, 2017 at 2:57 am

    I can confirm that Win10 is also affected.

    On our Machines we have separated from the following:
    Win10, Ver. 1511 -> KB4015219
    Win10, Ver. 1607 -> KB4015217

    since then, … our legacy applications are working again !
    _ but with the bad feeling to be excluded from important security fixes

    thx microsoft

  3. JohnD   |  April 19, 2017 at 3:24 pm

    I started a Microsoft support call on the VB6 probelm with MSADO15.dll and the 2017 April Microsoft update.

    I provided code to show the crash when using an ADO Filter with an array of bookmarks.

    I will post here again when Microsoft gets back to me with a solution.

  4. bfuerchau   |  April 20, 2017 at 12:40 am

    The main problem is, that you can’t report an error to microsoft itself.
    The only choise is, to report this error in any forum you can find and hope, that a microsoft developer read this and feel himself responsible and qualified to solve this error.

    From one microsoft support page the answer is: any new update may have some kompatibilityproblems. You see, this is not an error that has to be solved by microsoft.

  5. Furious   |  April 20, 2017 at 3:08 am

    Win10 Ver. 1703 -> KB4015583

  6. Mark Berry   |  April 24, 2017 at 3:03 pm

    Sorry for missing comments for a few days. (Back-end WordPress problem.) bfuerchau, you can report errors via a support ticket, so I’ll be very interested to hear what JohnD finds out. I remember confirming that VB6 run-time is supported even in Windows 10, so hopefully that includes msado15.dll.

  7. Lowly_Jockey   |  April 25, 2017 at 4:27 am

    I think that KB4015067 causes the same for Vista/Server 2008…(sadly I can’t confirm – no feedback)

  8. RyanM   |  April 27, 2017 at 1:17 pm

    We have found the following patches causing this issue:

    Windows 7:
    KB4015546
    KB4015549

    Windows 8.1:
    KB4015547
    KB4015550

    Windows 10:
    KB4015221
    KB4015217

    My concern is now that as I believe patches going forward are cumulative…..assuming Microsoft were to ignore this issue this month, will May’s patch have the same issue – i.e. we have to uninstall/decline/hide it too?

  9. Mark Berry   |  April 27, 2017 at 5:15 pm

    Thanks all for your comments. See today’s update in the main post above. @JohnD, any word on your Microsoft support incident?

Leave a Reply





*