Excel 2013 security patch KB3115262 disabled functionality in PeopleSoft

Excel patch KB3115262 disabled the Oracle PeopleSoft "download a grid to Excel" functionality.  PeopleSoft writes an HTML file with an extension of .XLS.  Previously Excel would offer to open the file with a warning that the file content did not match the extension.  If you clicked 'Yes' it would open the spreadsheet.  After installing the security patch, Excel ignores the open request.  Downloading the file and attempting to open in Excel results in Excel not opening anything or producing an error message.

Excel 2010, 2013, and 2016 are affected.  Is there any relief from this overly broad patch other than uninstalling it (made more difficult for Windows 10 users)?

If you wish to reproduce the problem, the contents of a file produced by PeopleSoft are:

<!DOCTYPE html>
<html class='pc ie win psc_dir-ltr psc_form-xlarge' dir='ltr' lang='en'>
<!-- Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. -->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><body><table border='1' cellpadding='3' cellspacing='0'>
<th>*Permission List</th><th>Description</th><th>View Definition</th></tr>
<td  >HCCPAMSS12</td>
<td  >Absence Management MGR Fluid</td>
<td  >View Definition</td>
<td  >HCCPSC1040</td>
<td  >Shared Components Hidden</td>
<td  >View Definition</td>


The Excel team has released a change in HTML/XLS file behavior in today’s security update for Excel 2010, 2013, and 2016. Excel will warn about the mismatch between the file extension and HTML content, but will now open the workbook in Protected View as an additional layer of security. If you trust the workbook, you can then enable editing. XLA and XLAM files are not part of this change, they will continue to not open in Excel.


How do I get the update? It depends on which version of Officeyou have.


Issue recap:

The Excel team has made a change in the behavior of certain file types to increase security. This change came in the security updates KB3115262, KB3170008, and KB3115322. Previously, when you tried to open an HTML, XLA, or XLAM file with an .XLS file extension from an untrusted location, Excel would warn about the mismatch between the file extension and content, but would still open the workbook without Protected View security. After the security updates Excel no longer will open the workbook because these files are not compatible with Protected View and there is no warning or other indication it was not opened.


Workarounds for .xla and .xlam files: https://support.microsoft.com/kb/3181507


Thank you for your patience and input—community suggestions drove our decision to change this behavior in a way we hope will be much better for your workflows!

2 people were helped by this reply


Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.


Question Info

Last updated December 16, 2019 Views 1,080 Applies to: