Name: May 2015 Cumulative Update for SharePoint 2010
Its so hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Who knows it may help someone some day!
Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql
For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224
SharePoint Foundation 2010 fixes
Improvements and fixes
This security update contains fixes for the following nonsecurity issues:
- Incoming email messages are not processed if the Sandboxed Solutions Resource Quota value for the site collection is set to 0.
- When you open a page that contains multiple value lookup fields, you receive the following error message:
Sorry, something went wrong Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED))
- Assume that you use the IfHasRights function to customize a Data Form Web Part (DFWP). When you save the form and go to the form in browser, you receive the following error message:
Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Microsoft SharePoint Foundation-compatible HTML editor such as Microsoft SharePoint Designer. If the problem persists, contact your Web server administrator.
Security Updates in May 2015 for SharePoint Foundation 2010:
Microsoft Security Bulletin: MS15-047
- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution – Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700
Microsoft SharePoint Server 2010 Service Pack 2 (2956192)
Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.
SharePoint Server 2010 fixes (includes the above fixes)
- Translates some terms to multiple languages to make sure the accuracy of the meaning.
- Updates Yoruba proofing tools.
Security Updates in May 2015 for SharePoint Server 2010:
Microsoft Security Bulletin: MS15-046
- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682
Microsoft SharePoint Server 2010 Service Pack 2 – Word Automation Services (2965233)
Microsoft SharePoint Server 2010 Service Pack 2 – Excel Services (2956194)
Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.
Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.
An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Project Server 2010 (includes the above fixes)
Fixes the following issues:
- When you try to insert a task for a project in the Schedule Web Part in Project Web App, you receive the following error message:
This edit is unsupported in Project Web App.
This issue occurs if the project has a particular structure of outline levels or task indentations and if you are using Internet Explorer 11.
- When you export or print a resource plan for a project in Project Web App, the work or full-time equivalent is incorrect. For example, suppose that you enter the values 1d, 2d, and 3d. The print may show the values as 0.63d, 1.75d, and 2.63d.
- When you publish a project in Project Web App in which tasks contain formulas that use the ProjDateDiff function, incorrect calculations may be made. This issue occurs if your project calendar does not use the default calendar configuration (08:00-12:00 and 13:00-17:00).