VB6 Control Security Update causes control to fail (updated)

By Laura Holzwarth

A new security update (MS12-027)  released, April 10 has been released that affects MSCOMCTL.OCX, which means this not only affects Excel, but can affect all of the Office applications including Word and Power Point.

When you enable macros in an Excel 2003, 2007, 2010 you will receive the following error messages;  

followed by



Fixit is now live

The FixIt for this issue is now live.


However, you may also follow the steps to manually fix this problem after the update by following the directions below.

Steps to follow after update

After installing the update you may need to follow the following steps to get rid of the error message listed above.

You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the “.exd” file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user’s profile and may also be in other locations, such as the following:




Scripting solution

Because this problem may affect more than one machine, it is also possible to create a scripting solution to delete the EXD files and run the script as part of the logon process using a policy. The script you would need should contain the following lines:

del %temp%\vbe\*.exd

del %temp%\excel8.0\*.exd

del %appdata%\microsoft\forms\*.exd

del %appdata%\microsoft\local\*.exd

del %appdata%\Roaming\microsoft\forms\*.exd

del %temp%\word8.0\*.exd

del %temp%\ PPT11.0\*.exd

For more information

Please see the article that applies to your version of Office.

2597112 MS12-027: Description of the security update for Microsoft Office 2003 Service Pack 3: April 10, 2012 (http://support.microsoft.com/kb/2597112)

2598041 MS12-027: Description of the security update for 2007 Microsoft Office system: April 10, 2012 (http://support.microsoft.com/kb/2598041)

2598039 MS12-027: Description of the security update for Office 2010: April 10, 2012 (http://support.microsoft.com/kb/2598039)

Comments (3)

  1. Anonymous says:


    We have numerous users reporting that Word 2007 templates which use MSCOMCTL.OCX stored on a network had stopped working after applying MS12-027 update. However the provided solution doesn´t work for us. Is there any other way around it, or do we have to wait for an update to MS12-027?



  2. Anonymous says:

    Thanks Will. Very useful.

    One thing to change though is to put the path within double quotes.

    on xp, this one didn't work (due to blank spaces):

    del %appdata%microsoftforms*.exd

    but the following worked

    del "%appdata%microsoftforms*.exd"


  3. tom says:

    Hi Will,

    we´ve got a lot of incidents coming along with the deployment of MS12-027. Can you tell us, if there´s another way (other than deleting the exd-files) to prevent this issue from occuring in the future.

    Or is it an unavoidable issue, for an application, when the next version/s of mscomctl.ocx is published? Maybe it´s sufficient to compile the VBA solution/s, that is/are dealing with the corresponding ActiveX controls before their execution?

    best regards