Windows Security Patch Issued February 13, 2007

by Microsoft Can Cause Text Truncation

with BarTender v7.10, 7.50 and v7.51

The following repeats information from Seagull Scientific's website with some additional information added specifically for Citizen's customers. The original can be found at:
http://www.seagullscientific.com/newsletter/2007_winter/WindowsSecurityPatch.htm

Microsoft released a Windows Security Patch on February 13, 2007 that actually changes the way a Windows-provided text component works. As a result, two very-well tested and long-used past versions of BarTender will now "cut off" keyboard-entered data in certain situations. The problem and four available workarounds are discussed below.

BarTender 7.7x is not affected by this problem. This includes version 7.70 (first released in July of 2005) through 7.75 service release 2 (first released in January of 2007).

The latest version of the CD supplied by Citizen is marked "version 3.11, Made in UK" OR "JM74956-01F, Made in China". These contain version 7.75 of BarTender Ultralight and are not affected by this issue. However, these were released in January 2007 so it is extremely likely there are older CDs still in the channel and being sold at this moment.

From time to time, Microsoft issues minor Windows Security Patches to address bugs and possible security vulnerabilities. These patches can be installed automatically by internet-equipped Windows workstations, or they can be installed manually by an I.T. manager or technician.

Windows patches typically only correct problems. Unfortunately, Windows Security Patch KB918118, released by Microsoft on February 13, 2007, also changes the functionality of the "DLL" named RICHED20.DLL, which is provided for programmatic use by Windows software for editing text. The change to the DLL, which has been a standard part of Windows since the release of Windows XP, adversely affects the versions of BarTender listed below.

More details about the patch are available from Microsoft at

http://support.microsoft.com/?kbid=918118.

The Microsoft patch was evaluated by Seagull and found to cause the text truncation problem on the following Windows operating systems:

• Windows XP (SP2 was tested)
• Windows 2003 Server (SP1 was tested)

The problem was not seen with Windows 2000 (SP4 was tested).

BarTender 7.10, 7.50 and 7.51 each exhibited the problem on one or both of Windows XP and Windows 2003 Server. (Only v7.75 SR2 is approved for use on Windows Vista.)

• BarTender v7.10 (First shipped by Seagull in June of 2003):
  Text truncation was seen on both XP and 2003 Server.
• BarTender v7.50:
  Text truncation was seen on Windows XP only.
• BarTender v7.51 (Last shipped on July 4th, 2005):
  Text truncation was seen on Windows XP only.

BarTender users that are simply printing existing label formats will not experience any problems.

The problem occurs only when the Modify dialog is used to make any changes to a label object that is also configured to print Screen Data of more than 9 characters. ("Screen data" is static data that you enter at the keyboard when using the Modify dialog, in contrast to the changing data read from a database.) The symptom, which is the loss of all screen data beyond the 9 allowable characters per screen data "sub-string," affects both text and bar code objects.

You will experience this truncation of anything beyond 9 Screen Data characters if you double-click on a text or bar code object to bring up the Modify dialog, then make any changes to the object, and then click "Ok."

Character strings read from a database or a text file are not affected and can therefore continue to be any length. Also, users that have a label object set to "Prompt at Print Time" can enter in any length of text into the prompt screen without truncation.

We only release software after extensive testing on numerous "current" versions of Windows. In addition, we follow "best practices" development standards to maximize the likelihood of our products being compatible with future Windows service releases and even new versions of Windows. Unfortunately, not all events and trends can be anticipated in advance, which prevents us from guaranteeing future compatibility. In this case, the DLL in question was first released in the year 2002 and we have offered four possible workarounds. Only paid software upgrades will be available.

BarTender v7.70 through v7.75 does not have the problem. Further more, because v7.75 service release 2 is also Windows Vista compatible, this may be a particularly good opportunity to upgrade to the latest version of BarTender. Please see the appropriate White Papers regarding details on what is new in the various versions of 7.7x. You can also find details on How to Upgrade on our web site. Alternatively, there are four workarounds available for the text truncation problem.

Option 1: Use the I-Bar Edit Tool for Editing Screen Data
The problem is limited to use of the Modify dialog. You can still modify your screen data without problems by using the I-Bar edit tool in the main BarTender toolbar. Anytime you simply must use the Modify dialog to change a label object, the quickest way to put back any truncated Screen Data is by using the I-Bar edit tool.

Option 2: Use Print-Time Data Prompts
If you are frequently changing the Screen Data for a label object, you may wish to take advantage of BarTender's customizable pop-up dialogs for data prompting at print-time. The text entered into print-time data prompts may be of any length. For more information, search on "prompt at print time" in BarTender's help system.

Option 3: Copy the Original DLL into the BarTender Folder
Seagull Scientific has made the original RICHED20.DLL file available on its web site (please see link below). By copying it into your BarTender folder, you regain the original text editing functionality in BarTender while retaining the patched DLL provided by Microsoft for use by the rest of Windows.

We feel comfortable describing this option not because the original DLL has been in use since the year 2002, but because we cannot define a scenario under which BarTender could be "tricked" into exploiting the vulnerability as described by Microsoft. However, we must mention that we cannot simply rule out the possibility of an unknown vulnerability to the DLL.

As has been described by Microsoft, the potential vulnerability has to do with users attempting to open virus-infected RTF (rich text) files using the DLL. However, BarTender only uses the DLL for editing text on screen and simply does not programmatically use it to load files. This is why we cannot come up with a theoretical method by which the exploitation mechanism would be possible through use of BarTender.

The original DLL can be downloaded from:

ftp://ftp.seagullscientific.com/BarTender/Hotfix/MS918118_BarTender_Patch/riched20.dll.

The tables below list the folders into which the various editions of BarTender were installed by default. (We recommend that you download the original DLL directly into the appropriate BarTender application folder in order to eliminate the possibility of getting the two versions of the DLL confused with each other.)

 BarTender Version 7.10

 BarTender Version 7.50

 BarTender Version 7.51

Option 4: Uninstall the Windows Patch
Lastly, you can uninstall a Windows security patch by using the Add/Remove Programs utility of the Windows Control Panel. This is quick and easy, but it leaves your Windows system more vulnerable to an attack by a virus-infected RTF file.