A customer who is using Richtext (RTF) covers reports a problem that these covers are not used anymore since applying the Microsoft March 2021 security patches. Normal, non-Richtext covers are not affected by the problem. The problem might be related to different modules using the RTF Cover functionality, e.g.
- TCOSS does not include anymore RTF covers in FAX messages being sent out
- KCS TCFW Client does not resolve the Image view correctly for a message which uses a RTF cover
- IPPrinter does not include anymore the RTF cover when printing e.g. Delivery/Nondelivery notifications using RTF covers
For resolving RTF covers, KCS uses the C:\TOPCALL\SHARED\TCRTF.DLL and Microsoft's C:\Windows\SYSWOW64\riched20.dll.
Additionally the device context of the TOPCALL FAX to TCRTF printer is used for rendering the RTF cover. A printer specific security
issue, which was addressed by Microsoft March 2021 patches is the reason so that RTF covers cannot be resolved anymore.
The vulnerability addressed by Microsoft is explained in this vulnerability report:
You will also find some more information about the issues fixed within the section Improvements and Fixes of this Microsoft article:
As a workaround for this security issue, Microsoft recommended to stop the Print Spooler service and set it's startup mode to Disabled.
On some servers this workaround might be still in place, even if the Microsoft patches, which were causing the issues with RTF covers are already replaced by newer Microsoft patches. In such a case RTF covers are still not correctly resolved or skipped completely.
Step 1. Check, if the Spooler service is running and configured to Automatic startup:
- Start Services.msc or select the Services entry from the Administrative tools in Windows Start menu
- Navigate to the Print Spooler service and check if the Status is Running and if the Startup Type is configured to Automatic
- If this is not the case and the Startup type is e.g. Disabled, change the Startup Type to Automatic and start the Spooler service afterwards
- Start then Control panel and select Devices and Printers
- Check if the printer TOPCALL Fax to TCRTF appears in the list of printers and if it's icon is not shaded out.
- Check if you are able to right click the printer and call up the context menu option Printer properties
Step 2. Verify if the customer is facing the issue, even though he might not have reported the issue to you:
- Start the KCS Client (TCFW.exe) and open a message, which uses a RTF cover
- Switch from Text- to image mode
- Check the Windows application Event log, if you find an event log entry with Event ID 1706.
- Optionally you can also check the TCCP Trace file if you find a trace line as shown below:
[TCFW] ID:1706 The Rich Text conversion failed to produce TCI code - internal error code: 130. Please check the memory status of the system and the Rich Text for consistency. Additional information can be found in the trace file.
- In case of using TCOSS (e.g. sending a FAX message containing an RTF cover) you might see following Trace entries within the TCOSS trace files and you should also find an event log entry with ID 1706 in the Application event log:
24/11:41:03.224 (1bf0/2370) TCRtf: Error - CVP #10001, Thread 3912 ID: 9072 failed to select FAX bitmap into FAXDC, WinError: 0 24/11:41:03.224 (1bf0/20f0) TCRtf: Error - CVP #10001 GetTCI exits because of invalid state 6 while waiting for conversion thread 24/11:41:03.225 (1bf0/20f0) ID:1706 The Rich Text conversion failed to produce TCI code - internal error code: 130. Please check the memory status of the system and the Rich Text for consistency. Additional information can be found in the trace file.
Step 3. Install the latest Windows Patches using Microsoft update, reboot the server and check if the issue is resolved
If this step does not resolve the issue proceed with the steps explained below
Step 4. Check, which Microsoft patch resolves the vulnerability issue for your specific operating system and causes therefore an issue resolving RTF covers
The section Security Updates of the vulnerabilty report linked above gives you a list of Microsoft KB patches, which solve this issue and which might also cause the
problems with KCS Richtext (RTF) covers, these are:
- Microsoft Patch KB5000822 for Windows Server 2019
- Microsoft Patch KB5000803 for Windows Server 2016
- Microsoft Patches KB5000847/ KB5000840 for Windows Server 2012 R2
but also Client operating systems might be affected by this problem, e.g.
- Microsoft Patch KB5000802 for Windows 10 20H2
Step 5: Check, if this specific Patch has been installed on the customer's server
You will get a list of installed patches and the date when these patches have been installed by entering the command listed below
within a cmd prompt or powershell window. Check if the date when the customer first reported the problem with RTF covers matches
the installation date of the related patch:
wmic qfe list
Alternatively you might use the following Powershell command to view the installed Microsoft patches:
Step 6: Check if there is a new successor Patch released by Microsoft
Microsoft has released new patches for Windows Server 2016, 2019 and Windows 10 on 15th and 18th of March 2021, which replace the old patches
The following link contains a table of related patches, scroll down to the header line Overview of the March updates
- Microsoft patch KB5000822 for Windows Server 2019 (released 9th March) has been replaced by KB5001638 (released 18th March)
- Microsoft patch KB5000803 for Windows Server 2016 (released 9th March) has been replaced by KB5001633 (released 18th March)
- Microsoft patch KB5000802 for Windows 10 20 H2 (released 9th March) has been replaced by KB5001649 (released 18th March)
Please check for latest Windows updates release on 18th of March directly on the Microsoft servers or download the corresponding patches
from the Microsoft Update catalog available here: https://www.catalog.update.microsoft.com/Home.aspx
As far as we could see was the KB5001633 not available via Windows updates and it was necessary to install it manually.
Step 7. What should I do if the customer is afraid installing these new patches or if no successor patch is available for your operating system
Alternatively you might temporarily uninstall the corresponding patch (released on 9th March, 2021) using the following command
wusa /uninstall /KB:xxxxxxx where xxxxxxx is the corresponding KB number without the "KB", e.g. 5000822
After uninstalling the Microsoft patch you will be prompted to reboot the server.
You can also uninstall the corresponding KB Patch by starting Control panel - Programs and Features - View installed updates.
Locate the Microsoft patch within the section Microsoft Windows and select then the Uninstall option from the right click context menu.
We got already confirmation from customer's that uninstalling the appropriate Microsoft patch or replacing the patch by the corresponding
successor patch solved their RTF cover issues.
Level of Complexity
|Kofax Communication Server,
all modules using RTF cover functionality:
|all||Windows, Microsoft Patches shipped on 9th of March 2021|