none
EMF graphics specification & security patch RRS feed

  • Question

  • The KB4503269 security patch, which was included in the KB4503292 2019-06 monthly rollup, appears to have dropped support for a little-used portion of the EMF graphics file specification such that certain EMF files can no longer be viewed by Windows 7 (perhaps other versions as well; I've only tested 7).

    Specifically, section 2.3.7.8 of the EMF specification describes that a font should be specified with a "LogFontExDv" object but then goes on to say "A LogFont object (section 2.2.13) MAY<74> be present instead."  After applying the above security patch, programs such as Office display a blank image when provided with an EMF file that uses a LogFont object instead of a LogFontExDv object.  While EMF files with LogFont are not generated by Microsoft programs anymore (see note <74>), old EMF files still exist and non-Microsoft programs (e.g., Inkscape) may still generate such seemingly-compliant files that are no longer viewable.

    Assuming I am not misinterpreting the specification, is there a way to either 1) patch the patch or 2) update the specification?

    Wednesday, June 26, 2019 3:07 PM

Answers

  • Upon investigation, we have confirmed that the security fix in 2019.06 is causing a regression issue with MREXTCREATEFONTINDIRECTW whereby LOGFONT is not being played back. Although modern Windows do not generate such LOGFONT record, we understand that third-party implementations may be generating this type of record.

    The product group is working with the right people for a patch. While I do not have any control over the evaluation and release process, this is being dealt with priority and I have raised the versions you reported to the engineering team. Please stay tuned for the next monthly patch cycles.

    Thank you,

    Edgar 

    Wednesday, July 17, 2019 7:32 PM
    Moderator

All replies

  • Hi Grrrats:

    I have alerted the open specifications team regarding your inquiry. A member of the team will be in touch soon.


    Regards, Obaid Farooqi

    Wednesday, June 26, 2019 10:42 PM
    Owner
  • Hello Grrrats,

    I am investigating this and will follow-up you as soon I have an update.

    Thanks,

    Edgar

    Tuesday, July 2, 2019 7:46 PM
    Moderator
  • Thank god I finally found this. This patch breaks our software in several ways and we were starting to get user complaints since like 2 weeks ago!

    We have been using Inkscape too, to create some EMF resource files.

    But: the error also manifests when we copy a user-control to the clipboard, i.e. we're passing a metafile DC to the paint routine and export that to the clipboard. So while we could probably modify the EMF resources, I'm not aware how we could prevent the copy to clipboard problem.

    Just some keywords, so this can be found by others: Metafile, EMR_EXTCREATEFONTINDIRECTW, EMREXTCREATEFONTINDIRECTW
    • Edited by msohn2113 Wednesday, July 3, 2019 11:55 AM added search keywords
    Wednesday, July 3, 2019 11:52 AM
  • Hi,

    How does the playback of the LogFont record look like on Windows 10 (with most recent updates)?

    Thanks,

    Edgar

    Monday, July 8, 2019 3:32 PM
    Moderator
  • Hi,

    I do not have access to a Windows 10 machine (I work at a university still primarily on windows 7), but I would be happy to send / attach a test EMF file if you could tell me how to do so (this thread is my first posting on MSDN forums and I don't see a way to attach a file).

    Thanks for investigating,

    Philip

    Monday, July 8, 2019 7:45 PM
  • Hi,

    Please send a test EMF file to my attention at this address: dochelp < at > Microsoft <dot > com

    please mention this thread.

    Thank you,

    Edgar 

    Monday, July 8, 2019 8:08 PM
    Moderator
  • Hi,

    excuse me chiming in again, but since this problem highly affects us as well, I want to share what we found out:

    PlayEnhMetafileRecord will return false for a EMR_EXTCREATEFONTINDIRECTW with a LogFont structure. Calling GetLastError afterwards returns ERROR_INVALID_FUNCTION. We log these errors and got user reports on Win7 as well as Win10 with the exact same behaviour.

    As a workaround we now create our own EMR_EXTCREATEFONTINDIRECTW with a LogFontExDv struct and copy the values from the LogFont to the LogFontExDv, leaving everything else at 0.

    It seems this was introduced whiling fixing CVE-2019-1010 and that would mean the corresponding Win10 update is KB4503291.

    Hope this helps

    Sebastian

    Tuesday, July 9, 2019 9:38 AM
  • Hi Sebastian, Philip,

    Thank for the clarification. As I requested earlier, can you provide a test EMF file which contains the EMR_EXTCREATEFONTINDIRECTW with a LogFont structure. Please send the message to my attention at this address: dochelp < at > Microsoft <dot > com. Please mention this thread.

    Thank you,

    Edgar 

    Tuesday, July 9, 2019 2:46 PM
    Moderator
  • Thanks Philip. I did receive the sample test files.

    We are looking into this.

    Regards,

    Edgar

    Tuesday, July 9, 2019 8:02 PM
    Moderator
  • Upon investigation, we have confirmed that the security fix in 2019.06 is causing a regression issue with MREXTCREATEFONTINDIRECTW whereby LOGFONT is not being played back. Although modern Windows do not generate such LOGFONT record, we understand that third-party implementations may be generating this type of record.

    The product group is working with the right people for a patch. While I do not have any control over the evaluation and release process, this is being dealt with priority and I have raised the versions you reported to the engineering team. Please stay tuned for the next monthly patch cycles.

    Thank you,

    Edgar 

    Wednesday, July 17, 2019 7:32 PM
    Moderator
  • Dear Edgar A Olougouna,

    Do you know when a patch will come out?
    We have the same problem with our PowerPoint slides.

    Both Windows 8.1 and Windows 10 OS are affected by this problem.After installing one of the following updates,

    KB4503327, KB4503267, KB4503290, KB4503276, KB4503283, KB457448, KB4507457, KB4507463

    (EMF) background will no longer be visible. On the printout background is blue instead of white.

    Thanks in advance.

    Best regards

    Dmitri

    Wednesday, July 31, 2019 1:16 PM
  • Thank you very much!

    The error has been fixed!

    Monday, August 26, 2019 7:04 AM
  • Does not seem to be fixed for me, after updating today Word will not show any emf graphics which are produced using Inkscape 0.92 if they contain text. It only works now when the text is created as polygon.

    • Edited by andemwue Wednesday, August 28, 2019 12:23 PM
    Wednesday, August 28, 2019 11:10 AM