With March PU we have release several security fixes for SharePoint which are offered through Microsoft Update with March PU.
For the following SharePoint products and components fixes have been released:
SharePoint 2007 Suite:
- Microsoft SharePoint Server 2007
- Microsoft SharePoint Services 3.0
SharePoint 2010 Suite:
- Microsoft SharePoint Server 2010
- Microsoft SharePoint Foundation 2010
- Word Automation Services on Microsoft SharePoint Server 2010
- Microsoft Web Applications 2010
- Microsoft Office Web Apps Server 2010
SharePoint 2013 Suite:
- Microsoft SharePoint Server 2013
- Microsoft SharePoint Foundation 2013
- Excel Services on Microsoft SharePoint Server 2013
- Microsoft Office Web Apps Server 2013
See the security bulletin MS15-022 below for more details and KB numbers for the relevant fixes:
Hi Steve, Was it March CU or PU, your previous blogs stats that it was CU, not PU. Please clarify.
see here for difference between CU and PU:
In March we released as well our monthly CU which contains all security and non-security related fixes and a PU containing just the security fixes.
So we have both.
Could you please confirm if the DST changes are taken care by the March PU? I am talking about the UK DST changes as the clock will be turned forward by an hour on 29th March 2015
sorry I don’t have know.
am I right that the security updates that are available in the PU, are also included in the CU of the same month? So I don't Need to install both? Or is that a wrong interpretation?
Thanks in advance, Jens
your assumption is correct.
Good morning Stefan. We updated our SP 2013 servers last night, and as of this morning, Excel Services no longer works. When we look at the patch management page it's saying that KB2737989 and KB2920730 are missing/required (on our APP server) even though
they show as being installed in Windows. We tried rebooting, and that didn't help. Any thoughts on how to fix this? Thank you. Kevin
you can try this approach:
If it does not help, I would recommend to open a support case with Microsoft.
Thanks for the response Stefan.
We reached out to Microsoft, and they had us try what you recommended first. Unfortunately, it didn't fix the issue, and the next step is to run PSCONFIG on our servers. Hopefully that will do the trick.
The way suggested from Stefano worked in my farm
1) in powershell administrative command prompt run Get-SPProduct -local
2) in command administrative prompt : : psconfig -cmd upgrade -inplace b2b -wait
4) reboot also if not declared
And another customer SharePoint 2013 environment down due to these patches slipping through WU: "This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration
database. To connect this server to the server farm, use the SharePoint Products Configuration Wizard, located on the Start menu in Microsoft SharePoint 2010 Products"
I did say it earlier, and I say it now again: it's not a good policy to push these updates via WU if they bring environments down and require PSCONFIG to fix. Please consider making them optional in WU to minimize chances of this happening. Or add a switch
to SharePoint to somehow block these installs from Central Admin side. Anything to save people from these nasty surprises.
please don’t shoot the messenger! 😉
I’m not in a position to change this behavior.
If this is harmful for you, please open a support case so that someone can raise your concerns with the required people in the product group.
I would like to thank the you for communicating these changes to us and I'm fully aware you're not able to change these things. Without your blog, I wouldn't even know these changes have taken place, so thank you.
Could a security updates (PU) prevent us from installing a Cumulative Update (CU) or Uber package of the same month as the PU?
no that should not happen.
The logic is as follows: the CU contains fix packages for many different components. A PU usually only for a smaller set of components.
the installer verfies all packages in the CU to see if the version is higher than installed and then installs those which need to be upgraded.
Only if the PU and the CU would contain the exact same packages related to your server it would not allow to install the CU on top of the PU as all components are already on the latest patch level.
I m sorry but I don't find the location of the PU.
Could you give me the URL?
the links are all in this article:
HI. I see a March PU was released for SP2013 from your article here. However, when I look at the update page for SP2013 for March it is called a CU…
So I understand the difference between a PU and a CU from your previous posts. My question is if I look at the updates page, how do I know if an update is a PU or a CU? And therefore if I SHOULD install it, or MAYBE install it if there is a fix that I need
Forgive me if this is a newbie question, but I'm trying to understand the nuances of managing an operations group.
I guess I mean how can I get the list of CU's and more importantly PU's so that I know when to do a patch?
the kb above is part of the CU. The KBs for the PU are included in the article I linked to.
The uber packages for the CU are in my other article: