Cumulative Update – Fixes May 2015 SharePoint 2013 (201505-SP2013)

Name: May 2015 Cumulative Update for SharePoint 2013

Build: ​​15.0.4719.1002

Its so hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Who knows it may help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=346

 

SharePoint Foundation 2013 fixes

Improves the translations of some terms in multiple languages on SharePoint Server 2013 sites to make sure that the translations are accurate.

  • Improves the translation of the term “selected refinements” in Dutch in Web Part settings to make sure that the translation is accurate.
  • Fixes the following issues:
    • When you crawl external content on Internet web sites, it is impossible to pass the username and password for proxy authentication.
  • When you search content on a SharePoint Server 2013 site of which the URL path contains characters that use language-specific casing rules, no result is returned even though there are matching items on the site.
  • If the service account that is used for search is configured to use a different culture than US English, the modified date of items may be indexed incorrectly.
    Note If you experience this issue, a full crawl after you apply the update will index the dates correctly.

 

  • Alert email message always displays strikethrough for rich text fields even though the fields are not changed.
  • When you create a page for a page library in SharePoint Server 2013, you are not redirected back to the page library and you are unaware that the page is created.
  • No result is returned when you search content that contains the Italian prefix “un'” indefinite article in a SharePoint Server 2013 site in which the language is set to Italian. For example, no search result is returned when you search for “un’alternativa” by using “alternativa”.
  • When you create a server name mapping from a file share to an http address and then crawl content, some items in the file share cannot be indexed nor returned in search results.

 

Source: https://support.microsoft.com/en-au/kb/3039703

 

  • Translates some terms for Portuguese and Hungarians to make sure the accuracy of the meaning.

Source: https://support.microsoft.com/en-au/kb/3054824

 

 

SharePoint Server 2013 fixes (includes the above fixes)

  • Fixes the following issue:
    • When you try to view a PerformancePoint scorecard that is created on a SharePoint Server 2013 site in which the regional setting is Switzerland, you receive a JavaScript error.

Source: https://support.microsoft.com/en-au/kb/3039710

 

  • Updates Yoruba proofing tools.

Source: https://support.microsoft.com/en-au/kb/3023053

 

 

Security Updates in May 2015 for SharePoint Server 2013:

Microsoft Security Bulletin: MS15-046

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft SharePoint Server 2013 Service Pack 1 – Remote Code Execution (3039736)

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

Source: https://technet.microsoft.com/library/security/ms15-046

 

Microsoft Security Bulletin: MS15-047

 

  • Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution –

Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700

Microsoft SharePoint Foundation 2013 Service Pack 1 (3054792)

Vulnerability information:

Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.

 

Source: https://technet.microsoft.com/library/security/MS15-047

Project Server 2013 fixes (includes the above fixes)

 Fixes the following issue:

  • When you view a Gantt view of a task list in SharePoint, you cannot filter items if grouping is applied to the list.
  • You receive the following error message in Status Updates history:
    There was an internal error applying the update.
    This issue occurs if the decimal separator is a comma in Windows Regional settings, and an enterprise custom field that is displayed as a graphical indicator contains a decimal value.
  • If a Project Web App team member inputs actual work that is earlier than the task and project start date, when the updates are applied to the project, time-phased actual work may display an incorrect value.
  • When you go to a project detail page and then go back to another project detail page in Project Web App, the values in project-level custom fields may disappear. This issue occurs after you edit and save projects through different project detail pages.
  • When you use your keyboard and then press ENTER on the SHOW MORE link during editing or adding a task in SharePoint Server 2013, the focus is reset to the first field of the form instead of the first field of the added list of fields.
  • When you apply status updates to a project, you may receive the following message in the status field in the status updates history:
    There was an internal error applying the update.
    This issue occurs because the Project Calculation Service failed. When you view the Unified Logging Service (ULS) logs, you see an error message that resembles the following:
    Microsoft.Office.Project.Server (0x06A4) 0x3598 Project Server Project Calculation Service (M) adf34 Unexpected Failed to create a new desktop
  • When you publish a project to a project server that has the Project Site Sync permissions synchronization options enabled, the publish job takes a long time.
  • When you publish a project that contains thousands of tasks, it may take longer than expected. In addition, the Project Publish queue job stays at 78% for an extended time. This issue may occur when the corresponding SharePoint tasks list exists and it is synchronized.
  • Assume that you change a view of a Project Server 2013-based task list to display the item count for a column. When you filter the items in the column, the item count does not update correctly.
  • When you clear the User can be assigned as a resource check box on the Edit User page in Project Server 2013, publish errors or a loss of resource in projects may occur.

Source: https://support.microsoft.com/en-au/kb/3054804

 

 

 

Office Web Apps Server 2013 (excludes the above fixes)

  • This update contains fixes for the following nonsecurity issues:
    • When you open and save a workbook that contains Time Grouping data in the Excel Data Model in Excel Web App, the data is lost.
    • Updates the color scheme in PowerPoint Web App. It matches the color scheme when you present a PowerPoint presentation in Skype for Business.

Source: https://support.microsoft.com/en-au/kb/3039748

 

 

Security Updates in May 2015 for SharePoint Server 2013:

Microsoft Security Bulletin: MS15-046

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft Office Web Apps Server 2013 Service Pack 1 – Remote Code Execution (3039748)

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Leave a Reply

Your email address will not be published. Required fields are marked *