Microsoft security patch MS16-088 blocks ColdFusion generated .xls files from opening in Excel 2010, 2013 & 2016

On July 12th, 2016 Microsoft pushed out a large security patch (MS16-088) that prevents HTML wrapped dynamically generated .XLS files created by ColdFusion from being opened in Excel 2010, 2013 and 2016.

Previous to the security update Excel would prompt the user to confirm that they wished to open a file from an untrusted location. After the security update Excel opens to a blank screen with no warning dialog or explanation of why the file did not open.

This issue doesn’t only impact .XLS files created by ColdFusion. It appears that it affects other platforms including large players like Salesforce.