Cumulative Update – Fixes June 2015 SharePoint 2010 (201506-SP2010)

Its hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Some call it regurgitating what’s already out there… but good luck finding it in Google search! Some updates aren’t cumulative . Hope this blog posts help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

 

Name: June 2015 Cumulative Update for SharePoint 2010

Build: ​14.0.7151.5001 ​

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

 

SharePoint Foundation 2010 fixes

This security update contains fixes for the following nonsecurity issues:

  • When you click a user name if multiple matches are found for a people field on a SharePoint Server 2013 site in Internet Explorer 11, the matches are not displayed.
  • You cannot scroll to see the resources on the right-side grid of the build team page if there are many resources.

Pasted from <https://support.microsoft.com/en-us/kb/3054847>

 

Security Updates in June 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-046 (rereleased)

  1. Multiple Microsoft Office Memory Corruption Vulnerabilities – CVE-2015-1682

 Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Source: https://technet.microsoft.com/library/security/MS15-046

 SharePoint Server 2010 fixes (includes the above fixes)

 

 

  • This update improves the English proofing tools.

 

Source: https://support.microsoft.com/en-us/kb/3054874

 

 

Security Updates in June 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046 (re-released!)

  • IMPORTANT UPDATE:

V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181 for more information and download links.

 

 Vulnerability information:

See https://technet.microsoft.com/library/security/MS15-046

Project Server 2010 (includes the above fixes)

This update fixes the following issue:

  • When you try to edit a resource in Project Web App, you receive an unknown error that resembles the following in the ULS logs:

 

Exception occurred in method Microsoft.Office.Project.Server.BusinessLayer.Project.ProjectQueueUpdatePDPProjectCF System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object ‘MSP_ReadLocalAndEnterpriseLookupTableInfoByUIDs’, database ‘ProjectServer_Published_PWA’, schema ‘dbo’.

 

Source: https://support.microsoft.com/en-us/kb/3054887


Cumulative Update – Fixes May 2015 SharePoint 2010 (201505-SP2010)

Name: May 2015 Cumulative Update for SharePoint 2010

Build: ​14.0.7149.5000 ​

Its so hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Who knows it may help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

 

SharePoint Foundation 2010 fixes

Improvements and fixes

This security update contains fixes for the following nonsecurity issues:

  • Incoming email messages are not processed if the Sandboxed Solutions Resource Quota value for the site collection is set to 0.
  • When you open a page that contains multiple value lookup fields, you receive the following error message:
    Sorry, something went wrong Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED))
  • Assume that you use the IfHasRights function to customize a Data Form Web Part (DFWP). When you save the form and go to the form in browser, you receive the following error message:
    Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Microsoft SharePoint Foundation-compatible HTML editor such as Microsoft SharePoint Designer. If the problem persists, contact your Web server administrator.

Source: https://support.microsoft.com/en-au/kb/3017815

 

Security Updates in May 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-047

  • Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution – Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700

Microsoft SharePoint Server 2010 Service Pack 2 (2956192)

Vulnerability information:

Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.

Source: https://technet.microsoft.com/library/security/MS15-047

 

SharePoint Server 2010 fixes (includes the above fixes)

  • Translates some terms to multiple languages to make sure the accuracy of the meaning.

Source: https://support.microsoft.com/en-au/kb/2956199

 

  • Updates Yoruba proofing tools.

Source: https://support.microsoft.com/en-au/kb/2920814

 

Security Updates in May 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft SharePoint Server 2010 Service Pack 2 – Word Automation Services (2965233)

Microsoft SharePoint Server 2010 Service Pack 2 – Excel Services (2956194)

 

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Project Server 2010 (includes the above fixes)

Fixes the following issues:

  • When you try to insert a task for a project in the Schedule Web Part in Project Web App, you receive the following error message:
    This edit is unsupported in Project Web App.
    This issue occurs if the project has a particular structure of outline levels or task indentations and if you are using Internet Explorer 11.
  • When you export or print a resource plan for a project in Project Web App, the work or full-time equivalent is incorrect. For example, suppose that you enter the values 1d, 2d, and 3d. The print may show the values as 0.63d, 1.75d, and 2.63d.
  • When you publish a project in Project Web App in which tasks contain formulas that use the ProjDateDiff function, incorrect calculations may be made. This issue occurs if your project calendar does not use the default calendar configuration (08:00-12:00 and 13:00-17:00).

Source: https://support.microsoft.com/en-au/kb/2965314