Tuesday, January 16, 2018

Micropatching Brings The Abandoned Equation Editor Back To Life

How We Security-Adopted a Terminated Software Product

by Mitja Kolsek, the 0patch Team




Intro

A few days ago Microsoft's update removed Equation Editor from Microsoft Office, the official reason being "security issues with its implementation." Most Office users couldn't care less about this removal, but if you've been happily using Equation Editor to edit Word documents with mathematical formulas just days ago, you suddenly can't do that anymore. You will still see your formulas in the document but you won't be able to edit them. Instead you'll get this:





We have no idea how many users are affected, but Twitter user @glyph raises an interesting point that those who work with Equation Editor may be tempted to forego this Office update - and by extension all future Office updates -, which will leave them vulnerable to exploits published in the future.   



Worse even, affected users may decide to migrate back to unsupported versions of Office that don't receive security updates at all. This user, for instance, reports going back to Office 2000 on his Windows 10 computer. Office 2000 stopped receiving security updates in 2009.

Microsoft suggested affected users can "edit Equation Editor 3.0 equations without security issues" with Wiris Suite's MathType, a commercial application that costs $97 ($57 academic). They did not specify the basis upon which the phrase "without security issues" was provided, but MathType seems to have a clean public security record so far. Which doesn't say much as that was also true for Equation Editor until someone opened its hood.

We haven't tested MathType and can't tell how easy it is to start using it instead of Equation Editor with existing Word documents, but we don't particularly like the idea of suddenly deleting from users' computers a tool they might be using, and sending them to a store to buy a replacement.

Microsoft's unwillingness to continue supporting Equation Editor is understandable. Their manual patching of its recently discovered vulnerability reveals that, for whatever reason, their standard patching process cannot be applied to Equation Editor, and a deviation like that can be expensive. Furthermore, while they aren't new to manually patching executables, such patching can sometimes be fairly difficult to do. When you patch executable files directly, you may have to come up with a different clever space-saving hack for each patch, which can sometimes be very difficult and time-consuming. For instance, Microsoft's manual patches of Equation Editor required the patch author to invent a way to get some free space in the code for additional patch logic by de-optimizing a memory-copying routine.

So when Microsoft was faced with 8 (eight!)* new vulnerabilities in Equation Editor reported after their manual patch (one also reported by us), they gave up on the idea of continuing manual support for it.

We, on the other hand, haven't.

You see, it's much easier for us to create and support binary patches for a given executable module than it is for Microsoft. Why? Because we have a micropatch delivery agent (0patch Agent) that not only instantly downloads micropatches, but also injects them into running processes on the computer while automatically making room for the added code. So we don't have to invent a new way of making room for every micropatch we make, and can therefore focus on the patch itself. We also deliver our micropatches to agents every hour, and they are as trivial to revoke and un-apply as they are to apply. As much as we hate to repeat ourselves, this is how we believe security patching should look like in this century.

That said, we've already issued our micropatch for CVE-2018-0802, and it's been applied to all computers running 0patch Agent where the latest version of Equation Editor is still present. We're also teaming up with other security researchers who have found vulnerabilities in Equation Editor to micropatch those issues too. We urge everyone who finds additional security issues in Equation Editor to share their findings with us and help up create micropatches for them.

[Update 2/20/2018: We've just issued a micropatch for another Equation Editor vulnerability, CVE-2018-0798. Big thanks to the 360 Vulcan Team for their help with that!]


Bringing Equation Editor Back To Life


So you've installed Office Updates from January 9th 2018 and Equation Editor got removed from your computer. Specifically, the update deleted five files (including EQNEDT32.EXE) from the EQUATION folder, leaving the 1033 subfolder and EEINT.DLL inside it intact. It also unregistered Equation Editor as a local COM server by deleting CLSID {0002CE02-0000-0000-C000-000000000046} from registry. Note that Office 2016 still has several files in the EQUATION folder after the update, and in some cases, a 0-byte EQNEDT32.EXE file is left on the system.

The location of the EQUATION folder depends on both the Office version and whether it's 32-bit or 64-bit Office. These are the default locations:

  • 32-bit Office 2007, 2010 and 2013 on 32-bit Windows: C:\Program Files\Common Files\microsoft shared\EQUATION
  • 32-bit Office 2007, 2010 and 2013 on 64-bit Windows: C:\Program Files (x86)\Common Files\microsoft shared\EQUATION
  • 64-bit Office 2007, 2010 and 2013: C:\Program Files\Common Files\Microsoft Shared\EQUATION
  • 32-bit Office 2016 and 365 on 32-bit Windows: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION
  • 32-bit Office 2016 and 365 on 64-bit Windows: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION
  • 64-bit Office 2016 and 365: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION

The following images depict the before-and-after of the EQUATION folder when applying the January 2018 Office update.


Office 2010: Content of the EQUATION folder before the update


Office 2010: Content of the EQUATION folder after the update



In order to get Equation Editor back while continuing to receive future Office security updates you need to do two things:

  1. Restore deleted Equation Editor files.
  2. Re-register Equation Editor as a local COM server.
  3. Install free 0patch Agent to keep Equation Editor patched against known vulnerabilities.

Obviously, you don't technically need the last step to get Equation Editor working again, but you don't want to be vulnerable to trivial inexpensive attacks that can be delivered in any Word document you ever receive. So just to be clear, we don't recommend performing steps A and B if you don't also perform step C.


A. Restore deleted Equation Editor files

(Disclaimer: The following is not an official Microsoft-supported procedure and is not guaranteed to work or to not have unwanted side effects. In addition, future Office updates may bring additional blocking of Equation Editor and disable its use. You're doing this at your own risk.) 

Unfortunately uninstalling the Office security update that removed Equation Editor doesn't bring the deleted files back. This leaves you with two options: (a) find a copy of Office you haven't updated yet, or (b) reinstall Office from your original media and apply all updates up to and including November 2017 updates. Once you do any of these, you will find these files in the EQUATION folder (possibly along some other files in Office 2016):

  • EQNEDT32.CNT - help file index
  • EQNEDT32.EXE - Equation Editor executable
  • eqnedt32.exe.manifest - Equation Editor manifest file
  • EQNEDT32.HLP - help file
  • MTEXTRA.TTF - MathType font file

Make sure you have EQNEDT32.EXE version 2017.8.14.0, which is the latest version provided by Microsoft.

What you don't want to do is download the missing files from the Internet, as that is not only a potential violation of your license, but also a great way to get malware on your computer. So don't do that.

Once you have the above Equation Editor files at hand, copy them to the EQUATION folder from which they have been removed on a computer with all updates (including the January 2018 Office update) installed. You will need to have administrative permissions for this, and you may be prompted to overwrite an existing 0-byte EQNEDT32.EXE, which seems to be left on some systems.



B. Re-register Equation Editor as a local COM server

Registering a local COM server requires creating a valid CLSID registry key with required subkeys and values. To make it easier for you, we prepared a template .REG file that you can edit and import in your registry. To do so, follow these instructions:

  1. Download EquationEditor.reg.
  2. Edit EquationEditor.reg (right-click on it and select "Edit"), find in it the path to EQNEDT32.EXE, and change it to the actual path in the EQUATION folder on your computer where you restored the files in step A. IMPORTANT: The path should use double back slashes instead of single ones (just like in our sample reg file above), so make sure to duplicate all back slashes in your path.
  3. Import the modified EquationEditor.reg to registry by first launching the Registry Editor (regedit.exe) as Administrator, then selecting File-Import... in its menu and browsing to your EquationEditor.reg file.

Voila, if everything went well, you can now edit your equation objects in Equation Editor again, and save them back to Word files. Note that it sometimes takes up to a few minutes for this registry change to come into effect; until it does, opening an equation object will result in the "Microsoft Equation is not available" error.

If Equation Editor complains that it's missing a font, reinstall MTEXTRA.TTF.

Important: you will be able to - and are highly encouraged to - keep applying official Office updates after completing this procedure to keep future vulnerabilities in other parts of Office patched. The whole point of this blog post is to help you keep Equation Editor while keeping your Office Applications updated.

But you're not done yet! Now you have to get your Equation Editor patched. On to step C.


C. Install 0patch Agent

0patch provides free micropatches for Equation Editor (and many other software products). To install it, download and launch the installer, create a free 0patch account and register the agent to that account. You will immediately receive all Equation Editor micropatches - [Updated 2/20/2018] one for CVE-2018-0802 and one for CVE-2018-0798, but as we receive details on the other vulnerabilities, we'll issue additional micropatches.


Expected Questions

These are some of the questions we anticipate and would like to answer in advance.


Q: Why are you doing this? Equation Editor is a 17-year-old pile of insecure code and should die!

In today's "Move fast and break things" world we're accustomed to the idea that software must be perpetually and frequently replaced with new versions. In fact, much of the global software business is built on "incentivizing" users to buy a new version of a product that works just fine for them. Of course the underlying hardware is improving, and new attacks are being invented, so software code effectively does get worse in time even if it doesn't change a bit, but let's hold back for a moment.

"17-year-old code" sounds borderline outrageous to many, but we often forget that there are products we want to keep for 20 years or more. Say, medical devices. If an MRI machine running a  reasonably new, well tested operating system costs $500k, and its hardware can be serviced for 20 years, do we really want to throw it out after 10 years because it stops getting security updates from the OS vendor? Heck no. What we actually want is for it to remain immutable as much as possible for 20 years, and not get any software changes that aren't necessary for its function and security. This is hard to grasp if you're used to replacing half of your operating system every month.

Clearly, Equation Editor is not a life-critical piece of equipment and seems relatively cheap to replace. It does, however, allow for a nice demonstration how an abandoned software product can be "security-adopted" by a 3rd party, allowing its continued use without exposing one's environment to cheap public exploits.


Q: Isn't Equation Editor full of vulnerabilities and risky to use even if you patch the publicly known issues?

It's impossible to say whether any software product is "full of vulnerabilities" or not without thoroughly inspecting it. Nine vulnerabilities having been found in it in quick succession is easily explained by the fact that before Embedi decided to look under the hood, Equation Editor was shielded by a veil of obscurity. Once they've pointed out how its attack surface can be reached from a Word document, it became an easy toy to play with and apparently attracted many researchers. The additional eight vulnerabilities were most likely all low-hanging fruit, i.e., easy to find. But once we patch them, will it be easy to find the next one? No one knows, and if anyone claims to know, kindly ask them for evidence.  


Q: How long are you planning to provide patches for Equation Editor?

With the details we currently have about the known vulnerabilities in Equation Editor, it seems it should be easy for us to micropatch them. Should anyone find additional vulnerabilities in it (and since it's been removed from Office, very few will bother searching), we'll try to micropatch that too. It could happen, although unlikely, that a design vulnerability is found which would be extremely difficult to micropatch, or would require an unreasonable amount of effort on our part. In such case we too will abandon our security support. We hope this will not happen.


Q: How will we receive subsequent micropatches for Equation Editor?

As long as 0patch Agent on your computer has access to the Internet, all subsequent micropatches for Equation Editor will be automatically delivered to your computer and immediately, automatically applied to Equation Editor when it gets launched. If you happen to be using Equation Editor when a new micropatch arrives, the micropatch will get applied to it without disturbing you (i.e., you won't even have to relaunch Equation Editor). 


Outro

There you go. Let us know how this works for you - share your experience, questions and possible concerns in the comments below.

Note that we can only provide support for our micropatches (email to support@0patch.com) and not general technical support for Equation Editor. If you encounter any issues with Equation Editor that you haven't seen before, first disable 0patch Agent and see if the issue is still there. If disabling the Agent resolves the issue, please report it to us, otherwise contact Microsoft.


Cheers!

@mkolsek
@0patch


* The initial public perception after the January Patch Tuesday was that Equation Editor had a single reported vulnerability (CVE-2018-0802) when in fact it was eight of them. However, there have been no public details available on these additional issues as of this writing.




49 comments:

  1. Wow. Has it been that long? Thank you, 0patch.

    ReplyDelete
  2. It's cool that you resurrected Equation Editor! It's been around so long, it would be interesting to know how many people are affected.

    The basis of Microsoft's recommendation, "edit Equation Editor 3.0 equations without security issues with MathType" is that we (Wiris) worked with Microsoft to eliminate the security issues in MathType, and released a new version (MathType 6.9c). Of course we continue to watch this closely, and will resolve new issues in MathType if they arise.

    Also, we recommend Equation Editor users download and install the MathType 30-day trial. After the trial period, it becomes MathType Lite, which is free forever, has essentially the same features as Equation Editor, and will receive the same security updates as a MathType registered version.

    ReplyDelete
    Replies
    1. When can MathType 6.9b users expect this security update (to 6.9c)? I just tried "Check for latest version now", but received a message that I already had the latest version...

      Delete
    2. The actual user acceptance of MathType is not high, especially as Word-documents displayed by people who don't have installed MathType see only empty spaces. Therefore, in my mind, as long as Office will not contain some kind of free MathType reader (distributed by MS), it is not really a good alternative.

      Delete
    3. To answer the 1st Anonymous comment, dated 1/19, the security update has already been applied to 6.9c. Unfortunately if you check "About MathType" from the MathType tab in Word or PowerPoint, it will still report 6.9b. If you check it from within MathType itself, it should report 6.9c. We will correct this in a future release.

      To answer the second Anonymous comment, dated 1/20, the statement is only partially correct. What's correct is that MathType equations, like Equation Editor 3 equations, are dependent on fonts. If the fonts the author uses are not available on the reader's computer, the system will try to substitute an appropriate font. This, of course, already happens with the text of a document, but with text the OS (or application) is nearly always able to make a suitable substitution. With math, it's sometimes the case that the symbols used are only available in one or a few specialized fonts. This has always been somewhat of a problem, but its effect was somewhat mitigated by 2 closely-related facts. One, the main symbol font in MathType is Symbol, which is already present on every Windows and Mac computer (though the Mac version is somewhat different). Two, the second most important font for MathType equations is MT Extra. Until the January update, it was also true that MT Extra was already present on every computer with MS Office installed. With the removal of MSEE3, it's unclear if MS will continue to distribute the MT Extra font. If they don't, those who previously relied on EE for equation writing will be in a world of hurt. A related issue is that MT uses a superset of MT Extra that was distributed by MS. Thus, most of the symbols in a MT equation should be OK in a computer that has a version of MT Extra, but there will be cases where an equation uses the MT version of the font, and there will be no suitable substitution. If that's the case, there will be either empty spaces within the equation or, more likely, the symbols will be substituted with other symbols. I can't recall ever seeing a case where the entire equation was simply an empty space, unless the Word user had Picture Placeholders turned on.

      This dependence on fonts was nearly totally eliminated in versions of Office earlier than 2007, because it was possible to embed the fonts used. Office 2007 and later (Windows only) still support font embedding, but Office does not respect these fonts in anything but the text of the document, not in embedded objects such as equations.

      The MathType fonts are available for free download and use, from the MathType website. Of course, using the MathType trial, even after it's expired, also carries the full complement of MathType fonts.

      Delete
    4. It seems that neither MathType nor Microsoft's new equation tool are useful for typing science papers for publication in journals requesting use of a particular font like TimesNewRoman. Equation Editor has this feature.

      Delete
  3. Thank you very much for help !!!!

    ReplyDelete
    Replies
    1. Thanks for your feedback. We're glad to have helped.

      Delete
  4. Slight deviation from your file paths listed above.

    I am running Win 10 Ent. 64, and the file path to get to the Equation Folder was

    C:\Program Files\Common Files\microsoft shared\EQUATION

    Other than that, the EquationEditor.reg file matched this file path perfectly, and everything ran like a charm. Thanks.

    ReplyDelete
  5. C:\Program Files\Common Files\microsoft shared\EQUATION

    This was the file path that was in the .reg file, and I am running Windows 10 Ent. 64, with 64 Office 2016. This whole thing worked very well, thank you.

    ReplyDelete
    Replies
    1. Hi Crumle, thanks for your feedback, you're welcome. Are you saying that your 64-bit Office 2016 on 64-bit Windows 10 doesn't have the EQUATION folder under C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\ ?

      Delete
  6. This comment has been removed by a blog administrator.

    ReplyDelete
  7. I added the path "C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDIT32.EXE" in your reg file, added in the reg but nothing happened. It doesn't work. Am I doing something wrong?

    ReplyDelete
    Replies
    1. Hi Basil, did you also copy all the files (EQNEDT32.CNT, EQNEDT32.EXE, eqnedt32.exe.manifest, EQNEDT32.HLP and MTEXTRA.TTF) to the same folder?

      Delete
    2. Hi Basil, I forgot to mention that your path to EQNEDT32.EXE should have *double back slashes* instead of single ones. So please replace every back slash in your path with two back slashes. I will correct the blog post accordingly.

      Delete
  8. The patch didn't work. the reg file is
    [HKEY_CLASSES_ROOT\CLSID\{0002CE02-0000-0000-C000-000000000046}\LocalServer32]
    @="C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDIT32.EXE"
    I can run it from the above path but when i open a word doc equation editor isn't available. Am i doing something wrong?

    ReplyDelete
  9. Thank you for bringing back the Equation Editor back to life and for patching it.
    I have all done like I find it in your instructions. I am running Windows 7 (64 bit) and Office 2010.
    The Equation Editor runs very well however with one exception: I can not start it in "object" [german: "Einfuegen -> Objekt"] because the "MS Equation Editor" is not in the list. Do you know the reason?

    ReplyDelete
    Replies
    1. We're glad to have helped. Thank you for bringing up your issue with inserting an Equation Editor object; we've just tried it on our copy of 64-bit Office 2010 running on 64-bit Windows 7, and inserting an Equation Editor object works well here (we see "Microsoft Equation 3.0" on the list).

      Silly question: Did you restart Word after applying changes to the registry? Perhaps it has to do with the fact that you're using a German version of Office. If you can't resolve this, please contact us at support@0patch.com so we don't do this here in the comments. If we find a solution, we'll add that to the blog post for everyone else.

      Delete
    2. Good news: We've updated the registry file so it now also registers Equation Editor, and you can add a new Equation object under "Insert -> Object" in Word. Please download the REG file again, change the path to Equation Editor again as you did before, and import the REG file.

      Delete
  10. in the the downloaded EquationEditor.reg I had C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE with these double slash. I tried to replace the path both with my path C:\Program Files (x86)\Common Files\microsoft shared\EQUATION and also with the double slash version C:\\Program Files (x86)\\Common Files\\microsoft shared\\EQUATION\\eqnedt32.exe but no luck in any case. What should be right way to report path_ and most importan what am I doing wrong?

    ReplyDelete
    Replies
    1. Hi Andrea, could you please contact us at support@0patch.com with your issue? Once we fix your problem we'll update the blog post for others who might have it too.

      Delete
  11. Thanks! I noticed some of our pc's still have a working equation editor after installing the windows updates that should make it impossible to edit older equations. The about window shows equation editor version 3.1. I can't find any information about version 3.1 most websites only report that 3.0 was removed.

    ReplyDelete
    Replies
    1. 1) When Microsoft manually patched Equation Editor (see https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html), they also changed its version from 3.0 to 3.1, so 3.1 is actually the version that was brought to your computer with November 2017 updates, and was later removed in January. I hope this clears it up.

      2) It's weird that some of your computers still have Equation Editor after applying the January 2018 updates. Are you sure they have Equation Editor 3.0 (or 3.1), or is that the other, newer equation editor that has been part of Word for a while?

      Delete
    2. So, I understand, besides Equation Editor 3.0 and 3.1 there is another, newer Equation editor, part of MS Word?

      Could you be more specific about this other editor? For which software products has it been provided? Can it be installed separately or instead of the 3.0/3.1 patch to get a working Equation Editor with MS Office?

      Delete
  12. Many thanks. As a maths teacher I have been using equation editor for years. I now will be able to continue to use this program.
    How do I insert a new equation editor object? Insert - Object doesn't seem to have the option?

    ReplyDelete
    Replies
    1. You're welcome. Some users are reporting the same problem - not being able to insert a new equation editor object. While we're trying to resolve this you can use a workaround: copy an existing equation editor object from another document and paste it to your new document, then edit it as needed.

      Delete
    2. I can work with that. I added and equation object it to the default Normal template so that I can cut-and-paste as needed.
      I appreciate your reply.

      Delete
    3. Good news: We've updated the registry file so it now also registers Equation Editor, and you can add a new Equation object under "Insert -> Object" in Word. Please download the REG file again, change the path to Equation Editor again as you did before, and import the REG file.

      Delete
    4. Hello Mitja, with the new REG file, the equation editor works very well. Now I find the "Microsoft Equation 3.0" in the Object list. (see my comment from January 31 at 2:47 AM) Thank you very much!

      Delete
  13. Hello,

    I reinstalled Office 2016 and did all updates inluding Nov. 2017, so all files in the EQUATION-directory are still there.

    What should I do to and in which order to avoid that the formual editor disappears when performing the regular microsoft updates?

    I already made a copy of the EQUATION-directory.

    Thanks for a reply!

    ReplyDelete
    Replies
    1. Hi there! First apply December 2017 Office updates as well so that you get Equation Editor 3.1, then make a copy of the EQUATION directory, apply all remaining updates, and finally restore the files to the EQUATION folder and import the Registry changes as described above.

      Don't forget to also install 0patch Agent so that you won't get burned by malware exploiting known vulnerabilities in Equation Editor!

      Delete
  14. Works fine for me - thank you very much for your effort!

    I'm so fed up with paying for stuff and then not be able to use it. I bought Office 2000 way back and lately bought Office 2016. Working as a math teacher i'm a heavy user of the Equation Editor. For Microsoft it seems not even worth a hint that a paid for function of one of their programmes is going to be disabled.

    ReplyDelete
  15. I am running an old copy of Office 2007 on two laptops - one Win 7 and one Win 10 - so I have 2 questions:
    1. On the Win 7, Equation editor 3.0 is working. The version of the EQNEDT32.EXE file is 2000.11.9.0 Can I use that with 0patch?
    2. On the Win 10 machine, Equation editor has disappeared since a recent reinstallation of the OS in the computer shop, so my only available copy of the EQNEDT32 file is the above.
    What would you advise?
    Kind regards.

    ReplyDelete
    Replies
    1. Hi Donal, I would do the following:

      Windows 7:

      1) Apply November 2017 updates from Microsoft in order to get their latest version of Equation Editor (version 2017.8.14.0); We only have all micropatches for this particular version so this is important.
      2) Store all files from the EQUATION folder as described in the blog post.
      3) Apply the rest of Office updates (and keep applying them as they come in the future).
      4) Restore Equation Editor as described in the blog post.
      5) Install and register 0patch Agent.

      Windows 10:

      1) Use the files you stored on Windows 7 (step 2 above) to restore Equation Editor (these files are really the same on all Office installations).
      2) Install and register 0patch Agent.

      To verify the correctness of your setup, view the 0patch log (in 0patch Console) after launching Equation Editor to see that there are entries showing that patches are getting applied to EQNEDT32.EXE.

      Delete
  16. Hi, I did eveything you explained above and I could work with FormelEditor again. However, after a few minutes, Word crashes. Furthermore, on the heads of each word document, there is a notice, that word is not licensed. Can you help please? Thank you.

    ReplyDelete
    Replies
    1. Hi there,

      Could you please send the following to support@0patch.com, preferably from the email address you used for registering your 0patch account:

      1) Screenshot of the "Not licensed" notice
      2) Screenshot after the Word crashes (in case there's anything to see; a crash reporting window, Dr. Watson, etc.)
      3) Screenshot of the Word crashing event in the Event Viewer (open Event Viewer and find the crash under the Application event log)

      Thanks,
      Mitja

      Delete
  17. I appreciate very much your help with the well-known problems with equation editor 3.0. I followed your Blog and had some discussions with Mitja Kolsek, both helped retainig the editor with my updated Word 2007. Astonishing for me was that it only worked, when I set the path to the editor in the registry file not in my original version (C:\\Programme (x86)\\Common Files\\microsoft shared\\EQUATION\\EQNEDT32.EXE) but in the recommended version "C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE". Many thanks, Wolfgang

    ReplyDelete
  18. Thank you! It works again. And it is more important than you think. The equation editor is not only used by MS office, but also another program I bought only two years ago. After removing it from office, also this program did not work. And the answer of the software producer: Your maintenance is run out, buy the new version this will fix the problem...I'm working at an university, and we simply do not have the money to rebuy things after two years...so you saved my day!

    ReplyDelete
    Replies
    1. Thanks for the feedback, we're happy to have saved your day! Would you mind sharing the name of the product that is using Office's Equation Editor? We'd like to reach out to its users and let them know there's a way to keep it working. If you don't want to name it publicly, please email us at support@0patch.com. Thanks again!

      Delete
  19. Many thanks for your support of Microsoft Equation Editor 3.!
    Only as an aid to others who might have the same problem as me (Windows 7 Home Premium, Microsoft Office 2010):
    The file "EquationEditor.reg" changes the entries in registry path
    HKEY_CLASSES_ROOT\CLSID\{0002CE02-0000-0000-C000-000000000046}
    For me it only worked when changing the registry path
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0002CE02-0000-0000-C000-000000000046}
    Kind regards,
    Wolfgang

    ReplyDelete
    Replies
    1. Sorry, I forgot to add that I am running a 64bit Windows version, and this might be the main reason that I need the changes in the Wow6432Node-subsection. Greetings, Wolfgang

      Delete
    2. Hi Wolfgang, thanks for this tip! We're having problems reproducing this issue though. Could you please contact us at support@0patch.com so we can analyze it and update our instructions accordingly? Thanks!

      Delete
    3. Did it. It seems that it is or can be an issue for "x86 office on x64 windows". Wolfgang

      Delete
  20. Thank you very much! The removal of the equation editor from powerpoint had suddenly put me in great trouble. Your prescription worked fine and solved the problem. Bernd

    ReplyDelete
  21. Can you comment on the equation editor in Microsoft OneNote 2016?

    While Equation Editor was wiped out for other MS Office components after the Update as described in your article, the equation editor of a separate MS OneNote 2016 installation (which can be downloaded freely from Microsoft) works perfectly.

    - Is the equation editor in OneNote in any way connected to the Equation editor of the other products?

    - Does it suffer from the same vulnerabilities?

    Chris

    ReplyDelete
    Replies
    1. Hi Chris! Unfortunately I don't know which Equation Editor OneNote 2016 is/was using (it could be the deleted one or the new one that is still present in Office). If it is the deleted Equation Editor 3.0, it is surely suffering from the same vulnerabilities (and is likely just shared between Word and OneNote so it's also patched by 0patch).

      Delete
  22. It would be very helpful to and encourage anyone needing to continue using Equation Editor to apply 0Patch patches, if there was a guide here on

    1. How to download either

    Security Update for Microsoft Office 2007 suites (KB4011604) as a .cab or.exe file

    or

    Security Update for Microsoft Office 2010 (KB4011618) 64-Bit Edition as a.cab or .exe file

    or

    Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition as a.cab or .exe file

    from Microsoft

    2. How to then extract EQNEDT32.EXE_1033 from any of the above files using 7-Zip, and then rename it to EQNEDT32.EXE (version 2017.8.14.0) before putting it in the EQUATION folder instead of EQNEDT32.EXE (version 2000.11.9.0)

    ReplyDelete
  23. I purchased Office 2016 online after the update happened. My "original media" wouldn't include the related files. Is there any way to work around? Thanks!

    ReplyDelete
    Replies
    1. Preferring to err on the safe side, I'm not aware of any such way that would be sure to comply with your Office license.

      Delete