1. Legacy products
  2. LEGACY: SAFETICA ONE 10

Microsoft Protected View issue with Safetica ONE Legacy

Official statement regarding Microsoft Protected View issue with Safetica ONE Legacy 

Date 14th of May 

We would like to inform you about a potential issue stemming from the recent Microsoft update which may have affected the performance of your system.  

Starting Saturday, May 11, 2024, your customers may have experienced an issue related to the latest Microsoft update, which might have impacted your customers' system performance. While this issue was isolated to customers with specific, out-of-support versions of the endpoint client—affecting less than 5% of our installed base—we deeply regret any inconvenience your customers and you might have experienced.  

While we continue to investigate the root cause of the issue, preliminary findings suggest it was caused by invalid use of the  from Microsoft resulting in invalid behavior that conflicts with Safetica. 

Description: 

  • The technical issue has rendered certain file operations and applications, including MS Excel and MS Word, unusable. 
  • This problem specifically affects endpoints running versions of Safetica older than 10.3.142, which are no longer supported. 

Timeline: 

  • Saturday, May 11 - Initial problem reports received, and investigations started. 
  • Monday, May 13 - Identified the issue was limited to an out-of-support version, and that updating to the latest 10.4 version resolved the problem. Commenced development of an interim solution for customers unable to upgrade their systems immediately. 
  • Tuesday, May 14 – Released a definition update for customers using the out-of-support version of Safetica. This update is designed to install automatically on all relevant Safetica servers and endpoints. 

ACTION NEEDED if your customers are affected:  

  • If your customers are affected by this issue, you can deactivate the Safetica client via the Safetica console to prevent any service interruptions. 
  • To resolve the issue, please update to the latest recommended and supported version, Safetica 10.4, accessible through the Safetica console. It is essential to apply this update to both Safetica servers and clients.   

We recommend the Safetica Client installed on endpoints is always updated to the latest version to prevent future issues. 

 


Detailed descriptions Office 365 issue: 

  • Issue summary: Caused by Microsoft changes distributed via latest updates. Those changes introduced an invalid use of the  that conflicts with Safetica. 
  • Detail: It is necessary that the API output parameter, lpTargetHandle, remains valid (not NULL) when hTargetProcessHandle is not NULL. In such instances, where hTargetProcessHandle represents a valid handle to a process, lpTargetHandle must correspond to a valid pointer to the address where the resulting duplicated handle will be eventually placed. Any other interpretation contradicts the documentation. However, it has come to our attention that INVALID_HANDLE_VALUE (-1) is being utilized as the value for lpTargetHandle. This action is in direct violation as such a value should never appear in place of a valid pointer, as it represents invalid memory. Any attempt to access such memory will result in a crash.