Partilhar via


Visual Basic for Applications and SHA2

I was recently helping a customer deploy a SHA-256 based PKI.  As part of the retirement of their old PKI, we reissued the code signing certificates used by their developers.  We found that the Visual Studio 2010 developers had no issue with the new code signing certs, but the Visual Basic of Application developers could not select the new SHA-256 certificate.  Working with the good folks in Premier Support, we discovered there was a bug in VBA.

Last week we released a hotfix for Office 2010, KB 2598139, that addressed this bug in Office 2010.  This hotfix corrected the issue with the certificate selection box (Tools | Digital Signature) and the handling of VBA macros signed with SHA2 certificates.

In order to properly use SHA2 code signing certificates, this hotfix would need to be installed on both the developer computers and the end-users computers.  As this is a QFE, the standard warning applies: ...this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix only to systems that are experiencing the problems described...   In order to download this hotfix, click the “View and request hotfix downloads” button on the top of the KB article.

-Adam Stasiniewicz

Comments

  • Anonymous
    October 28, 2015
    Thanks for this article. Glad to know we can do sign 2010 using hotfix. But we can't do Office 2007+SHA-2, explained below
    Can't digitally sign VBA projects in Office 2007 by using an SHA256 code-signing certificate
    https://support.microsoft.com/en-us/kb/3090063