Office 2016 - July 2017 updates and MSIT TEST CodeSign CA

Heads up, Office has updated and applocker is preventing Word etc from running. The Office .exe's are no longer signed with a fully trusted MS Code signing cert. They are now signed with 'MSIT TEST CodeSign CA6', with the Root CA being 'Microsoft Testing Root Certificate Authority 2010', this is not in the Trusted Roots. The Winword.exe date stamp also has today's date. 

This has to be a mistake by MS by not codesigning correctly!!!!

There is no way I'm going to approve a TEST Cert and allow Office to work. I've prevented further updates being deployed.


 

Discussion Info


Last updated March 8, 2019 Views 1,065 Applies to:

We are facing the same issue.

With us it was foxit who told that the cert was not working when opening a pdf from outlook.

We are using applocker too but didnt put the restriction so high for the cert

I have opened a case with Microsoft will see what they will say.

Hi,

We have the same issue here and the hash has changed so Kaspersky does not trust anymore the Office Apps and block them.

Did you find a more informations?

Regards,

Hi,

the same for us with Kaspersky. We had to move to low restriction both winword.exe and excel.exe

Kaspersky Lab told us it's a problem of Microsoft Code signing cert

Best regards

A.Motta

Just got a message back from microsoft:

"

I have discussed this issue internally, and there is an ongoing investigation on why the current build did not include these certificates.

 

They are indeed the ones required by Applocker to show the publisher information for the Office 365 applications.

 

The good news is that a new build will be released tomorrow which will fix this issue. I expect that if you update the Office apps on Monday you will not experience this issue anymore.

"

Fingers crossed.

This has hit me too - bitdefender now thinks Office applications are ransomware!

I've temporarily added winword.exe etc. to its "trusted applications" list, but that's not really satisfactory.

Jim

Any word on when Microsoft will fix this?

My office was also impacted. Users who upgraded to 16.0.82229.2103 can't connect with Skype for Business. I had to switch them back to Office Communicator. Installing the Test certificate to the trusted root certificate authorities didn't help.

Hi,

Just a small update.

This problem has been fixed with us with the latest update.

We are running version 1707 Build 8326.2062 Click-to-Run Current Channel

Wim

Thanks Wim. It worked for my Skype for Business users as well, but not until after a reboot. It didn't request a reboot, but something must have been cached keeping it from working.

Look here:

https://support.flexquarters.com/esupport/index.php?/Knowledgebase/Article/View/2944/0/qodbc-all-troubleshooting---microsoft-excelaccess-3652016---invalid-certificate-errordigital-signature-errorcertificate-error