Ask a new question

Office 2016 - July 2017 updates and MSIT TEST CodeSign CA

Heads up, Office has updated and applocker is preventing Word etc from running. The Office .exe's are no longer signed with a fully trusted MS Code signing cert. They are now signed with 'MSIT TEST CodeSign CA6', with the Root CA being 'Microsoft Testing Root Certificate Authority 2010', this is not in the Trusted Roots. The Winword.exe date stamp also has today's date. 

This has to be a mistake by MS by not codesigning correctly!!!!

There is no way I'm going to approve a TEST Cert and allow Office to work. I've prevented further updates being deployed.


18 people found this helpful

Was this discussion helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this discussion?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this discussion?

Thanks for your feedback.

We are facing the same issue.

With us it was foxit who told that the cert was not working when opening a pdf from outlook.

We are using applocker too but didnt put the restriction so high for the cert

I have opened a case with Microsoft will see what they will say.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi,

We have the same issue here and the hash has changed so Kaspersky does not trust anymore the Office Apps and block them.

Did you find a more informations?

Regards,

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi,

the same for us with Kaspersky. We had to move to low restriction both winword.exe and excel.exe

Kaspersky Lab told us it's a problem of Microsoft Code signing cert

Best regards

A.Motta

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Just got a message back from microsoft:

"

I have discussed this issue internally, and there is an ongoing investigation on why the current build did not include these certificates.

 

They are indeed the ones required by Applocker to show the publisher information for the Office 365 applications.

 

The good news is that a new build will be released tomorrow which will fix this issue. I expect that if you update the Office apps on Monday you will not experience this issue anymore.

"

Fingers crossed.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

This has hit me too - bitdefender now thinks Office applications are ransomware!

I've temporarily added winword.exe etc. to its "trusted applications" list, but that's not really satisfactory.

Jim

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Any word on when Microsoft will fix this?

My office was also impacted. Users who upgraded to 16.0.82229.2103 can't connect with Skype for Business. I had to switch them back to Office Communicator. Installing the Test certificate to the trusted root certificate authorities didn't help.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi,

Just a small update.

This problem has been fixed with us with the latest update.

We are running version 1707 Build 8326.2062 Click-to-Run Current Channel

Wim

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thanks Wim. It worked for my Skype for Business users as well, but not until after a reboot. It didn't request a reboot, but something must have been cached keeping it from working.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Look here:

https://support.flexquarters.com/esupport/index.php?/Knowledgebase/Article/View/2944/0/qodbc-all-troubleshooting---microsoft-excelaccess-3652016---invalid-certificate-errordigital-signature-errorcertificate-error

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Discussion Info

Last updated October 5, 2021 Views 1,284 Applies to: