Special thanks to my colleague Tehnoon Raza for collecting the following information:
On September 13, 2011, Microsoft released security bulletin MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege. The security bulletin had a security rating of Important. Packages released as part of the security bulletin have been targeted at various different Office client and server products. As such, both Microsoft Office SharePoint Server 2007 and Microsoft SharePoint Server 2010 products have also been affected by the security updates. Please review the security bulletin for detailed information about the products and files that have been affected by the packages. Since the security bulletin has a security rating of Important, it is expected that Windows Server Update Services may automatically download the packages on the servers that have the service enabled. As with all SharePoint updates, the SharePoint Products and Technologies configuration wizard must be executed to ensure that the SharePoint farm is not left in an inconsistent state. For more information, please review Known issues and additional information about this security update
SharePoint 2010 Issues
A significant number of critical issues have been reported over the past few days for SharePoint 2010. Installation of the security updates on SharePoint 2010 servers pushed by WSUS could cause the following issues to occur, resulting in a full or partial outage of SharePoint services in the environment. Both issues are related to missing dependencies.
Issue #1- Users unable to browse Publishing sites
This issue affects the ability of users to browse to and use SharePoint Publishing sites. When browsing to the site, users may experience the following error:
“An Unexpected error has occurred”
Following error is reported in the ULS logs or on the SharePoint page if the “CallStack” attribute of set to “true” in the web.config file:
Method not found: ‘Void Microsoft.Office.Server.WebControls.AudienceLoader.GetAudiencesFetchedDuringPageRequest(System.Collections.Generic.Dictionary`2<System.Guid,Boolean> ByRef, System.Collections.Generic.Dictionary`2<System.String,Boolean> ByRef, System.Collections.Generic.Dictionary`2<System.String,Boolean> ByRef)’.
Issue #2- Unable to Manage User Profile Service Application
Administrators may get the following error when navigating to the user profile service application management page from central administration:
System.IO.FileNotFoundException: Could not load file or assembly ‘Microsoft.ResourceManagement, Version=4.0.2450.34, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified. at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut) at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID) at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.ProfileAdminPage.IsProfileSynchronizationRunning()
The problem has been caused due to inconsistent assembly versions on the SharePoint servers after the installation of the package KB2560890. Multiple packages were released as part of the security bulletin that affect SharePoint 2010 and all applicable packages must be installed on SharePoint servers to ensure that version inconsistencies are not created in the environment. However, it has been observed that only KB2560890 was pushed to servers via WSUS, resulting in the SharePoint assemblies being in an inconsistent state and creating dependency issues:
Following is a list of packages that are released as part of the security bulletin and must be installed (where applicable) to avoid inconsistency issues (taken from http://technet.microsoft.com/en-us/security/bulletin/ms11-074 ):
In order to resolve the issues identified above, please install all applicable updates described in the security bulletin MS11-074 to your SharePoint servers. Once all updates have been installed, please run SharePoint Products and Technologies Configuration Wizard to complete the upgrade process.
Note: Installing Service Pack 1 and August Cumulative Update 2011 also addresses the dependency problems, however, it is highly recommended that all security updated outlined in the security bulletin are deployed to ensure that the SharePoint environment is consistent and secure.