The location of the EQUATION folder depends on both the Office version and whether it's 32-bit or 64-bit Office. Note that Office 2016 still has several files in the EQUATION folder after the update, and in some cases, a 0-byte EQNEDT32.EXE file is left on the system.
It also unregistered Equation Editor as a local COM server by deleting CLSID from registry.
Specifically, the update deleted five files (including EQNEDT32.EXE) from the EQUATION folder, leaving the 1033 subfolder and EEINT.DLL inside it intact. So you've installed Office Updates from January 9th 2018 and Equation Editor got removed from your computer. We urge everyone who finds additional security issues in Equation Editor to share their findings with us and help up create micropatches for them. We're also teaming up with other security researchers who have found vulnerabilities in Equation Editor to micropatch those issues too. That said, we've already issued our micropatch for CVE-2018-0802, and it's been applied to all computers running 0patch Agent where the latest version of Equation Editor is still present. As much as we hate to repeat ourselves, this is how we believe security patching should look like in this century. We also deliver our micropatches to agents every hour, and they are as trivial to revoke and un-apply as they are to apply.
So we don't have to invent a new way of making room for every micropatch we make, and can therefore focus on the patch itself. Why? Because we have a micropatch delivery agent ( 0patch Agent) that not only instantly downloads micropatches, but also injects them into running processes on the computer while automatically making room for the added code. You see, it's much easier for us to create and support binary patches for a given executable module than it is for Microsoft.
So when Microsoft was faced with 8 (eight!)* new vulnerabilities in Equation Editor reported after their manual patch ( one also reported by us), they gave up on the idea of continuing manual support for it.
Patch author to invent a way to get some free space in the code forĪdditional patch logic by de-optimizing a memory-copying routine. Instance, Microsoft's manual patches of Equation Editor required the You patch executable files directly, you may have to come up with aĭifferent clever space-saving hack for each patch, which can sometimesīe very difficult and time-consuming. Furthermore, while they aren't new to manually patchingĮxecutables, such patching can sometimes be fairly difficult to do. Reveals that, for whatever reason, their standard patching processĬannot be applied to Equation Editor, and a deviation like that can beĮxpensive. Their manual patching of its recently discovered vulnerability Microsoft's unwillingness to continue supporting Equation Editor is understandable. Tool they might be using, and sending them to a store to buy a Particularly like the idea of suddenly deleting from users' computers a Instead of Equation Editor with existing Word documents, but we don't Haven't tested MathType and can't tell how easy it is to start using it Which doesn't say much as that was also true for Equation Editor until someone opened its hood. They did not specify the basis upon which the phrase "without security issues" was provided, but MathType seems to have a clean public security record so far. Microsoft suggested affected users can "edit Equation Editor 3.0 equations without security issues" with Wiris Suite's MathType, a commercial application that costs $97 ($57 academic). Office 2000 stopped receiving security updates in This user, for instance, reports going back to Office 2000 on his To unsupported versions of Office that don't receive security updates atĪll. Worse even, affected users may decide to migrate back Word forever, macros enabled and all, if not… Here? I promise you ten thousand math teachers will just run unpatched
Help him out, tweeps: is there a migration path My cousin, a high school math teacher, wrote all his lesson plans