Ad
Ad
Ad
Author

Jeremy Taylor

Browsing

Its hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Some call it regurgitating what’s already out there… but good luck finding it in Google search! Some updates aren’t cumulative – like Project Server 2013 June 2013 for one issue (see below). Hope this blog posts help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

 

Name: June 2015 Cumulative Update for SharePoint 2013

Build: ​​​15.0.4727.1001

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=346

 

SharePoint Foundation 2013 fixes

When you switch views by using the view selector for a document library that has the metadata navigation settings and the per-location view settings enabled, you are directed back to the root of the document library.

  • When you use a REST call to fetch items with an expanded lookup field on a list that has many items with uniquely-defined permissions, you receive the following error message:
    System.ArgumentException: Value does not fall within the expected range.
  • If hundreds of resources are added to the project team, you cannot scroll to see the all the resources in the right-side grid of the build team page.

Source https://support.microsoft.com/en-us/kb/3054867

 

  • This update translates some terms in multiple languages to make sure that the meaning of time zone settings is accurate in SharePoint Server 2013.

Source https://support.microsoft.com/en-us/kb/3054871

 

SharePoint Server 2013 fixes (includes the above fixes)

  • Fixes the translation of the “Feel free to mention me in a post” link on My Site in a SharePoint Server 2013 installation that has the Polish language pack installed.
  • Translates some terms on SharePoint Server 2013 sites in multiple languages to make sure that the meaning is accurate.
  • Updates the English proofing tools.
  • Fixes the following issues:
    • Assume that you have a SharePoint search service application (SSA) that consumes a managed metadata service (MMS) from a remote farm through an MMS proxy. If you set this as the default MMS proxy and create a query rule that uses terms from the remote MMS, the query rule is not triggered because of a failure of the Query Classification Dictionary Update timer job when those terms are imported.
    • When you update one of the metadata columns of a document set by using a client-side object model (CSOM), default values for the taxonomy fields are lost.
  • The date and time on the Welcome page of a document set differ from the date and time in the View Properties dialog box of a document set when region settings on the site differ from those in the user profile.
  • Assume that you have SharePoint search configured to crawl both internal and external sites. When you configure the proxy settings on the Search Administration page, pages that have friendly URLs do not appear in search results after a full or incremental crawl is completed.
  • When you configure the query text in the query builder to contain a query string parameter, the results appear only for the first few pages on the Search Results Web Part.
  • When you upload certain PFD files to a SharePoint Server 2013 document library, CPU usage spikes to 100%.

Source https://support.microsoft.com/en-us/kb/3054859

 

This update improves the performance of InfoPath forms solutions in certain cases for SharePoint Server 2013.

 Source https://support.microsoft.com/en-us/kb/3054789

 

  • When you apply a filter that contains many parameters to a SQL Server Reporting Services 2008 (SSRS) report, the report is displayed much smaller than expected.
  • When you create a dashboard to hold a scorecard that has custom formatting in SharePoint Server 2013, the custom formatting is not applied to the scorecard. The scorecard uses the default formatting.
  • When you use the Export to Excel function for an analytical grid on a business intelligence center site, you receive an “Access Denied” error message.

Source https://support.microsoft.com/en-us/kb/3054860

 

  • This update improves the English proofing tools.

Source https://support.microsoft.com/en-us/kb/3054857

 

 

Security Updates in June 2015 for SharePoint Server 2013:

None

Project Server 2013 fixes (does NOT includes all the above fixes – see last point)

  • You add a nonstandard line for a task in your timesheet, add actual work to it, and then save the timesheet. In this situation, the actual work for the same day is replicated onto the standard line. Therefore, the total actual work is doubled.
  • In Project Web App, when you create a project from a template in which a budget resource is assigned to the project summary task, the project cannot be published. Additionally, you receive an error message that resembles the following:
    Your new <project_name> has been created successfully, but failed to publish and will not be listed in the Project Center.
  • Tasks and approvals are not displayed on the home page in Project Web App when the Polish language pack is applied.
  • After you use the Turn in Final Timesheet function to send a timesheet in Project Web App, the timesheet can still be edited and saved.
  • From a project detail page in Project Web App, you save a project that contains cost resource assignments. In this situation, the costs on the assignments may change unexpectedly. For example, a cost of $1.16 changes to $1.00.
  • In Project Professional, assume that a summary task is edited in such a way that its subtasks are hidden, and the plan is later published to Project Server. However, when you edit the project in the Schedule Web Part in Project Web App, the previously hidden subtasks cannot be displayed and edited.
  • When you import external data from an OData data feed to a workbook in Microsoft Excel 2013, you receive the following error message:
    The content of the data fee is not valid for an Atom feed.
    This issue occurs if the data feed has a custom field that has a lookup table and a graphical indicator.
  • When you apply a grouping to a view, and the view contains an enterprise custom field that has a formula, the values from the custom field do not roll up into the grouping row.
  • When you create a project that’s based on a template in Project Web App, you do not become the owner of the project. This means that you cannot see it in the project center. Additionally, the user who created the template is set as the owner of the project.
  • After you rename a custom field that’s used in a timesheet, the changed field name is not displayed correctly in the dbo.MSP_TimesheetLine_UserViewCF table, and it may be associated with another field.
  • When you set a SharePoint list indicator on a timeline Web Part on a SharePoint Server 2013 site, a duplicate timeline Web Part is displayed when you refresh.
  • In single entry mode, after you submit a timesheet, the timesheet manager can adjust the time that you submitted. However, these changes are not reflected in the tasks in the project. This means that the work that was recognized in the timesheet in out of sync with the project.
  • In Project Web App, when you create a project that’s based on a template, the tasks do not have the TaskOutlineNumber field value that’s set in the template. This is reflected when you view the data in locations such as the dbo.MSP_EpmTask database table.
  • When you update a plan by submitting updates through a timesheet or tasks in Project Web App, auto approval rules may not apply the update. Instead, the approval appears on the status manager’s approvals page.
  • The Configure Columns settings (for example, column width, or order) on a timesheet are reset unexpectedly to the default every time that the timesheet is refreshed.
  • When you publish a project that has a task marked as a milestone in Project 2013 to a Project server, the task is not displayed as a milestone in the timeline view in Project Web App.

Source https://support.microsoft.com/en-us/kb/3054869

 

Office Web Apps Server 2013 (excludes the above fixes)

The Decrease List Level and Increase List Level functions are unavailable in PowerPoint Web App in the Chrome web browser.

Source https://support.microsoft.com/en-us/kb/3054863

 

 Security Updates in June 2015 for SharePoint Server 2013:

None

Its hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Some call it regurgitating what’s already out there… but good luck finding it in Google search! Some updates aren’t cumulative . Hope this blog posts help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

 

Name: June 2015 Cumulative Update for SharePoint 2010

Build: ​14.0.7151.5001 ​

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

 

SharePoint Foundation 2010 fixes

This security update contains fixes for the following nonsecurity issues:

  • When you click a user name if multiple matches are found for a people field on a SharePoint Server 2013 site in Internet Explorer 11, the matches are not displayed.
  • You cannot scroll to see the resources on the right-side grid of the build team page if there are many resources.

Pasted from <https://support.microsoft.com/en-us/kb/3054847>

 

Security Updates in June 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-046 (rereleased)

  1. Multiple Microsoft Office Memory Corruption Vulnerabilities – CVE-2015-1682

 Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Source: https://technet.microsoft.com/library/security/MS15-046

 SharePoint Server 2010 fixes (includes the above fixes)

 

 

  • This update improves the English proofing tools.

 

Source: https://support.microsoft.com/en-us/kb/3054874

 

 

Security Updates in June 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046 (re-released!)

  • IMPORTANT UPDATE:

V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181 for more information and download links.

 

 Vulnerability information:

See https://technet.microsoft.com/library/security/MS15-046

Project Server 2010 (includes the above fixes)

This update fixes the following issue:

  • When you try to edit a resource in Project Web App, you receive an unknown error that resembles the following in the ULS logs:

 

Exception occurred in method Microsoft.Office.Project.Server.BusinessLayer.Project.ProjectQueueUpdatePDPProjectCF System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object ‘MSP_ReadLocalAndEnterpriseLookupTableInfoByUIDs’, database ‘ProjectServer_Published_PWA’, schema ‘dbo’.

 

Source: https://support.microsoft.com/en-us/kb/3054887

Once again, an AppFabric 1.1 Cumulative Update has been released without a notification from the AppFabric / Windows Azure / Distributed Services Support Team.

Cumulative Update 6 for AppFabric 1.1:

Contains bug fixes for both the caching and hosting services provided in AppFabric 1.1.

 

Cumulative Update 6 File publish date:

21st April 2015

KB3042099 publish date:

1st May 2015

 

Issues that are fixed:

Issue 1: Caching issue

Under certain rare conditions, a cache item could end up in an inconsistent state. Therefore, the AppFabric Cache service may crash because of an unhandled exception. Examples of such an exception include the following.

Exception 1

System.NullReferenceException at Microsoft.ApplicationServer.Caching.MultiDirectoryHashtable.PreProcess(), with the error message “Object reference not set to an instance of an object.”

Exception 2

Microsoft.Fabric.Common.ReleaseAssertException at Microsoft.Fabric.Common.ReleaseAssert.Fail(), with the error message “Operation of type COMMIT_DELETE is not expected to fail during postoperation – System.NullReferenceException: Object reference not set to an instance of an object.”

 

 

Since I haven’t come across this issue, I wasn’t sure if these ‘rare conditions’ would apply to our Distributed Cache service in SharePoint 2013. Here are some questions that I hope I could answer:

 

Question: Have other users experienced this?

Answer: According to this post, this was a known issue way back in May 2011 and a Microsoft rep answered that it ‘will be fixed in coming release of appfabric caching’ – May 25, 2011.

https://social.msdn.microsoft.com/Forums/en-US/1e5b050f-d365-495d-bbd2-011313f4a250/appfabric-service-crashing-frequently?forum=velocity

 

Question: Does this apply to SharePoint 2013 Distributed Cache?

Answer: Yes it does! Because SharePoint Updates do not update the AppFabric software running on the SharePoint 2013 server. After AppFabric and SharePoint are installed on the server, AppFabric will continue to be updated independently from SharePoint. Reference: https://support.microsoft.com/en-au/kb/2843251

 

AppFabric can be installed on the following operating systems:

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008 Service Pack 2

AppFabric can be installed for development and testing on the following operating systems:

  • Windows 8
  • Windows 7
  • Windows Vista Service Pack 2

Supported Architectures:

  • 32-bit (x86)
  • 64-bit (x64)

Software Requirements:

  • To apply this Cumulative Update package, AppFabric 1.1 for Windows Server must already be installed on the computer.
  • Additionally, you must have the Microsoft .NET Framework 4.5 installed.

 

ATTENTION AppFabric support:

On 2nd April 2015, Microsoft announced end of support for Microsoft AppFabric 1.1 starting 2nd April 2016. However, we learned that SharePoint Server 2016 will utilise AppFabric, so what will happen to AppFabric support? At the Ignite Conference, Bill Baer announced that Microsoft will support technologies such as SharePoint 2016 that have a dependency on AppFabric.

 

 AppFabric 1.1 cache dll versions Microsoft has released:

RTM: 1.0.4632 (29-Nov-2011)

CU1: 1.0.4639 (20-Feb-2012) – KB2671763

CU2: 1.0.4644 (29-May-12) – KB2716015

CU3: 1.0.4652.2 (27-Nov-2012) – KB2787717

CU4: 1.0.4653.2 (28-Mar-2013) – KB2800726

CU5: 1.0.4655.2 (03-Mar-2014) – KB2932678

CU6: 1.0.4656.2 (27-Feb-2015) – KB3042099

 

To check AppFabric version on your server, run this in PowerShell:

(Get-ItemProperty “C:\Program Files\AppFabric 1.1 for Windows Server\PowershellModules\DistributedCacheConfiguration\Microsoft.ApplicationServer.Caching.Configuration.dll” -Name VersionInfo).VersionInfo.ProductVersion

 

How to patch the Distributed Cache in SharePoint 2013

Don’t forget to gracefully stop the SharePoint Distributed Cache Service Instance before applying the Cumulative Update.

http://www.wictorwilen.se/how-to-patch-the-distributed-cache-in-sharepoint-2013

 

To read more about this Cumulative Update 6, visit:

https://support.microsoft.com/en-us/kb/3042099

 

 To search for other Cumulative Updates for AppFabric, visit:

https://support.microsoft.com/en-us/search?query=Cumulative%20Update%20Microsoft%20AppFabric%201.1&p=

 

 

 

I highly recommend you to visit & bookmark my page on SharePoint, SQL Update Centers:

http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

 

 

 

Name: May 2015 Cumulative Update for SharePoint 2013

Build: ​​15.0.4719.1002

Its so hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Who knows it may help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=346

 

SharePoint Foundation 2013 fixes

Improves the translations of some terms in multiple languages on SharePoint Server 2013 sites to make sure that the translations are accurate.

  • Improves the translation of the term “selected refinements” in Dutch in Web Part settings to make sure that the translation is accurate.
  • Fixes the following issues:
    • When you crawl external content on Internet web sites, it is impossible to pass the username and password for proxy authentication.
  • When you search content on a SharePoint Server 2013 site of which the URL path contains characters that use language-specific casing rules, no result is returned even though there are matching items on the site.
  • If the service account that is used for search is configured to use a different culture than US English, the modified date of items may be indexed incorrectly.
    Note If you experience this issue, a full crawl after you apply the update will index the dates correctly.

 

  • Alert email message always displays strikethrough for rich text fields even though the fields are not changed.
  • When you create a page for a page library in SharePoint Server 2013, you are not redirected back to the page library and you are unaware that the page is created.
  • No result is returned when you search content that contains the Italian prefix “un'” indefinite article in a SharePoint Server 2013 site in which the language is set to Italian. For example, no search result is returned when you search for “un’alternativa” by using “alternativa”.
  • When you create a server name mapping from a file share to an http address and then crawl content, some items in the file share cannot be indexed nor returned in search results.

 

Source: https://support.microsoft.com/en-au/kb/3039703

 

  • Translates some terms for Portuguese and Hungarians to make sure the accuracy of the meaning.

Source: https://support.microsoft.com/en-au/kb/3054824

 

 

SharePoint Server 2013 fixes (includes the above fixes)

  • Fixes the following issue:
    • When you try to view a PerformancePoint scorecard that is created on a SharePoint Server 2013 site in which the regional setting is Switzerland, you receive a JavaScript error.

Source: https://support.microsoft.com/en-au/kb/3039710

 

  • Updates Yoruba proofing tools.

Source: https://support.microsoft.com/en-au/kb/3023053

 

 

Security Updates in May 2015 for SharePoint Server 2013:

Microsoft Security Bulletin: MS15-046

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft SharePoint Server 2013 Service Pack 1 – Remote Code Execution (3039736)

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

Source: https://technet.microsoft.com/library/security/ms15-046

 

Microsoft Security Bulletin: MS15-047

 

  • Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution –

Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700

Microsoft SharePoint Foundation 2013 Service Pack 1 (3054792)

Vulnerability information:

Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.

 

Source: https://technet.microsoft.com/library/security/MS15-047

Project Server 2013 fixes (includes the above fixes)

 Fixes the following issue:

  • When you view a Gantt view of a task list in SharePoint, you cannot filter items if grouping is applied to the list.
  • You receive the following error message in Status Updates history:
    There was an internal error applying the update.
    This issue occurs if the decimal separator is a comma in Windows Regional settings, and an enterprise custom field that is displayed as a graphical indicator contains a decimal value.
  • If a Project Web App team member inputs actual work that is earlier than the task and project start date, when the updates are applied to the project, time-phased actual work may display an incorrect value.
  • When you go to a project detail page and then go back to another project detail page in Project Web App, the values in project-level custom fields may disappear. This issue occurs after you edit and save projects through different project detail pages.
  • When you use your keyboard and then press ENTER on the SHOW MORE link during editing or adding a task in SharePoint Server 2013, the focus is reset to the first field of the form instead of the first field of the added list of fields.
  • When you apply status updates to a project, you may receive the following message in the status field in the status updates history:
    There was an internal error applying the update.
    This issue occurs because the Project Calculation Service failed. When you view the Unified Logging Service (ULS) logs, you see an error message that resembles the following:
    Microsoft.Office.Project.Server (0x06A4) 0x3598 Project Server Project Calculation Service (M) adf34 Unexpected Failed to create a new desktop
  • When you publish a project to a project server that has the Project Site Sync permissions synchronization options enabled, the publish job takes a long time.
  • When you publish a project that contains thousands of tasks, it may take longer than expected. In addition, the Project Publish queue job stays at 78% for an extended time. This issue may occur when the corresponding SharePoint tasks list exists and it is synchronized.
  • Assume that you change a view of a Project Server 2013-based task list to display the item count for a column. When you filter the items in the column, the item count does not update correctly.
  • When you clear the User can be assigned as a resource check box on the Edit User page in Project Server 2013, publish errors or a loss of resource in projects may occur.

Source: https://support.microsoft.com/en-au/kb/3054804

 

 

 

Office Web Apps Server 2013 (excludes the above fixes)

  • This update contains fixes for the following nonsecurity issues:
    • When you open and save a workbook that contains Time Grouping data in the Excel Data Model in Excel Web App, the data is lost.
    • Updates the color scheme in PowerPoint Web App. It matches the color scheme when you present a PowerPoint presentation in Skype for Business.

Source: https://support.microsoft.com/en-au/kb/3039748

 

 

Security Updates in May 2015 for SharePoint Server 2013:

Microsoft Security Bulletin: MS15-046

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft Office Web Apps Server 2013 Service Pack 1 – Remote Code Execution (3039748)

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Name: May 2015 Cumulative Update for SharePoint 2010

Build: ​14.0.7149.5000 ​

Its so hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Who knows it may help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

 

SharePoint Foundation 2010 fixes

Improvements and fixes

This security update contains fixes for the following nonsecurity issues:

  • Incoming email messages are not processed if the Sandboxed Solutions Resource Quota value for the site collection is set to 0.
  • When you open a page that contains multiple value lookup fields, you receive the following error message:
    Sorry, something went wrong Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED))
  • Assume that you use the IfHasRights function to customize a Data Form Web Part (DFWP). When you save the form and go to the form in browser, you receive the following error message:
    Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Microsoft SharePoint Foundation-compatible HTML editor such as Microsoft SharePoint Designer. If the problem persists, contact your Web server administrator.

Source: https://support.microsoft.com/en-au/kb/3017815

 

Security Updates in May 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-047

  • Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution – Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700

Microsoft SharePoint Server 2010 Service Pack 2 (2956192)

Vulnerability information:

Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.

Source: https://technet.microsoft.com/library/security/MS15-047

 

SharePoint Server 2010 fixes (includes the above fixes)

  • Translates some terms to multiple languages to make sure the accuracy of the meaning.

Source: https://support.microsoft.com/en-au/kb/2956199

 

  • Updates Yoruba proofing tools.

Source: https://support.microsoft.com/en-au/kb/2920814

 

Security Updates in May 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft SharePoint Server 2010 Service Pack 2 – Word Automation Services (2965233)

Microsoft SharePoint Server 2010 Service Pack 2 – Excel Services (2956194)

 

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Project Server 2010 (includes the above fixes)

Fixes the following issues:

  • When you try to insert a task for a project in the Schedule Web Part in Project Web App, you receive the following error message:
    This edit is unsupported in Project Web App.
    This issue occurs if the project has a particular structure of outline levels or task indentations and if you are using Internet Explorer 11.
  • When you export or print a resource plan for a project in Project Web App, the work or full-time equivalent is incorrect. For example, suppose that you enter the values 1d, 2d, and 3d. The print may show the values as 0.63d, 1.75d, and 2.63d.
  • When you publish a project in Project Web App in which tasks contain formulas that use the ProjDateDiff function, incorrect calculations may be made. This issue occurs if your project calendar does not use the default calendar configuration (08:00-12:00 and 13:00-17:00).

Source: https://support.microsoft.com/en-au/kb/2965314

The aim of this post is to shed light on why you need an antivirus for SharePoint. This post could be served as you ‘business case’ for an antivirus to pass on to your Security team / management.

Here are some of my notes gathered from various blogs that I have read, discussions and presentations that I have had:

  1. ForeFront antivirus for SharePoint 2010 wont work for SharePoint 2013 (not supported by Microsoft)
  2. Microsoft is discontinuing support for ForeFront antivirus for SharePoint 2010 31st December 2015 – there are no replacement products except third part vendors. Lots of backlash from MS customers.
  3. We can apply the extension period so that we have additional time to migrate to an alternative solution for SharePoint 2010 protection but its important to note there is no protection from Microsoft for SharePoint 2013.
  4. Documents uploaded into SharePoint can of course contain malware
  5. Once documents are in a SharePoint database, file system antivirus engines cannot understand / detect malware, infected files found in SharePoint content databases
  6. Antivirus for SharePoint prevents SharePoint from becoming a repository of infected files by scanning and cleaning files stored in SharePoint which are not accessible to endpoint AV solutions
  7. Antivirus for SharePoint detects, removes viruses, spyware, malware and other threats in files uploaded to and downloaded from SharePoint servers
  8. While your own organisations workstations and antivirus are properly implemented and maintained, there is a risk that your customers/suppliers/federated partners files & content may contain threats. The risk is your own organisation has no control over what content is uploaded into and downloaded from your SharePoint farms, depending on how your SharePoint sites are consumed. You might not have the opportunity to clean files being uploaded to a SharePoint site if the end users (in federated partner scenario) has an out-dated laptop containing malware.
  9. Antivirus for SharePoint is the only defense we have against this risk of malware in SharePoint content databases.
  10. It is advisable to install the file system Antivirus in addition to a SharePoint antivirus. Note you must exclude certain folders from being scanned by the file system antivirus. http://support.microsoft.com/kb/952167

 

Notes:

SharePoint 2013 introduces NO CHANGES to the SharePoint Antivirus API (a.k.a SharePoint Portal Server Virus Scanning Application Programming Interface (VS API)). Source: http://www.harbar.net/archive/2013/02/22/Antivirus-and-SharePoint-2013.aspx

 

Documents can of course contain malware but it’s just not the most common vector. Source: http://www.harbar.net/archive/2013/02/22/Antivirus-and-SharePoint-2013.aspx

 

Prevents your SharePoint server from becoming a repository of infected files by scanning and cleaning files stored in SharePoint which are not accessible to endpoint AV solutions. Source: http://www.symantec.com/protection-for-sharepoint-servers/

 

Symantec Protection for SharePoint Servers detects and removes viruses, spyware, and other threats in files uploaded to and downloaded from your SharePoint server(s). Source:  http://www.symantec.com/protection-for-sharepoint-servers/data-sheets-white-papers/

 

MSMS interfaces with SharePoint using the recommended security architecture via the SharePoint VirusScan API and SharePoint Object Model. Source: http://www.mcafee.com/us/products/security-for-microsoft-sharepoint.aspx

 

What are the options for SharePoint 2013 Antivirus?

 

Symantec Protection for SharePoint Servers

http://www.symantec.com/protection-for-sharepoint-servers/

  • Familiar vendor to a lot of environements
  • Can be used with Symantec Enterprise Vault for SharePoint and Symantec Backup Exec for SharePoint to deliver a comprehensive security, archiving, and data recovery solution.

 

 

ESET® Security for Microsoft SharePoint Server

http://www.eset.com/int/business/products/collaboration-sharepoint/

  • First engine for SharePoint 2013 – very customisable / powerful.
  • Very light and efficient antivirus

 

 

Kaspersky Security for Collaboration (SharePoint)

http://www.buykaspersky.com.au/kaspersky-security-for-collaboration-sharepoint

  • Light and well known vendor, well trusted security solution

 

 

McAfee Security for Microsoft SharePoint

http://www.mcafee.com/us/products/security-for-microsoft-sharepoint.aspx

  • No comment at this time.

 

 

Sophos SharePoint Security

http://www.sophos.com/en-us/products/sharepoint-security.aspx

  • No comment at this time.

 

 

TrendMicro PortalProtect SharePoint Security

http://www.trendmicro.com/us/enterprise/network-web-messaging-security/portalprotect-microsoft-sharepoint/index.html

  • No comment at this time.

 

If you have experience in any of the above, I’ll be happy to hear from you.

Thanks! Jeremy

Need to pass the 70-533 exam? Get free approximately 16 hours of Azure training and pass the exam.

This training was a 4 hour training over 4 days. I made it to the live training on Day 1 but couldn’t wake up the subsequent days as the training commenced at 4AM in my time zone.

Luckily, its all recorded for us: http://channel9.msdn.com/Events/Microsoft-Azure/Level-Up-Azure-IaaS-for-IT-Pros

 

Topics include:

This is a nice video by Brent Ozar on AlwaysOn Availability Groups: Real-Life Lessons Learned.

In this video, Brent explains what is ‘AlwaysOn’, AlwaysOn Availability Groups and the way that they work. AlwaysOn Failover Clustering is exactly the same as the Failover clustering but AlwaysOn Availability Groups is different – requires SQL 2012 Enterprise.

Brent talks about issues with hotfixes and keeping on top of them and real life Microsoft support issues.

Lessons learned on Windows Setup, Quorum Backups and Monitoring.

 

 

 

The apps for SharePoint infographics published by Microsoft are really handy when it comes to understanding SharePoint apps. Learn what you can do with SharePoint apps and the various features, benefits, limitations (considerations) and hosting options you have when planning for SharePoint apps.

 

What is SharePoint

Why build apps

What apps can do

Map concepts to apps

API landscape

SharePoint-hosted apps

ACS Provider-hosted apps

High-trust apps

Cross-domain apps

Hosting options

App types at a glance

Data storage options

External data access options

Get SharePoint data

SharePoint workflows

 

Download the pdfs from here: http://www.microsoft.com/en-us/download/details.aspx?id=42029

View infographics online: http://msdn.microsoft.com/en-us/library/office/dn833464.aspx

There is a guidance from Microsoft to be followed with virtual machines (VM) running SharePoint 2013. The guidance is “you must not configure the VM with Dynamic Memory”.

 

There are two issues if you do configure the VM with dynamic memory:

  1. Performance
  2. Not supported by Microsoft SharePoint Product team

 

In fact, the Dynamic Memory setting is referenced in a Microsoft article on unsupported scenarios “Certain Microsoft SharePoint Server 2013 installation scenarios are not supported

This article describes Microsoft SharePoint Server 2013 installation scenarios that are not supported:

You install SharePoint Server 2013 on a virtual machine (VM) that uses Dynamic Memory. For more information about best practice configurations for SharePoint Server 2013 and virtual machines, go to the following Microsoft TechNet website: Use best practice configurations for the SharePoint 2013 virtual machines and Hyper-V environment

 

The Distributed Cache service can run on either a physical or virtual server. When using virtualization, do not use Dynamic Memory to manage shared memory resources among other virtual machines and the Distributed Cache servers. The memory allocation for virtualized Distributed Cache servers must be fixed. Source: http://technet.microsoft.com/en-us/library/jj219572(v=office.15)

 

The memory allocation for virtualized Distributed Cache servers must be fixed.

Source: http://technet.microsoft.com/en-us/library/jj219572(v=office.15)

 

OK, so that’s Microsoft world – so Microsoft Hyper-V. What about VMware then?

Until now, I haven’t found any guidance on for Vmware as all the official documentation mentions “Dynamic Memory” which alludes to the setting in Microsoft Hyper-V.

 

It is important that the cache cluster runs in a homogeneous environment of servers. It is not supported for cache hosts to have different physical specifications in memory, processor speed, and other capabilities.

Source: http://msdn.microsoft.com/en-us/library/ee790954(v=azure.10).aspx

 

The cache cluster is a collection of one or more instances of the Caching Service working together in the form of a ring to store and distribute data. Data is stored in memory to minimize response times for data requests

 

Source: http://msdn.microsoft.com/en-us/library/ee790954(v=azure.10).aspx

 

 

Finally found something that has ‘VMWare’ mentioned in it in respect to the SharePoint Distributed Cache.

Joerg Sinemus , Microsoft Germany states in his blog..

 

Caching services are used to improve performance because these services are optimized to work with the amount of memory installed on a server. In case the memory will vary during the uptime of the server, there might be a need to also implement those features into a Caching-Service. That makes no sense because of the nature a Caching Service has.

In other words our SharePoint product group cannot support scenarios when Distributed Cache is needed/running and someone has concerns about performance or stability because of Dynamic Memory configuration in any Virtual Environment.

The best way for a customer to make this guarantee is to set the VM sizes (static memory) of the guests such that their sum is less than the memory available on the physical machine, i.e. don’t use the overcommit feature or dynamic memory.”

Source: http://blogs.msdn.com/b/joerg_sinemus/archive/2013/01/24/sharepoint-2013-with-distributed-cache-and-dynamic-memory.aspx

 

Most of the environments I work in have Vmware for virtualisation, so I hope this clears up some doubts for VMware ESX Administrators until I get an official response from Microsoft.