SharePoint security fixes released with March 2015 PU and offered through Microsoft Update

With March PU we have release several security fixes for SharePoint which are offered through Microsoft Update with March PU.

For the following SharePoint products and components fixes have been released:

SharePoint 2007 Suite:

  • Microsoft SharePoint Server 2007
  • Microsoft SharePoint Services 3.0

SharePoint 2010 Suite:

  • Microsoft SharePoint Server 2010
  • Microsoft SharePoint Foundation 2010
  • Word Automation Services on Microsoft SharePoint Server 2010
  • Microsoft Web Applications 2010
  • Microsoft Office Web Apps Server 2010

SharePoint 2013 Suite:

  • Microsoft SharePoint Server 2013
  • Microsoft SharePoint Foundation 2013
  • Excel Services on Microsoft SharePoint Server 2013
  • Microsoft Office Web Apps Server 2013

See the security bulletin MS15-022 below for more details and KB numbers for the relevant fixes:

20 Comments


  1. Hi Steve, Was it March CU or PU, your previous blogs stats that it was CU, not PU. Please clarify.

    Reply

  2. Hello Stefan
    Could you please confirm if the DST changes are taken care by the March PU? I am talking about the UK DST changes as the clock will be turned forward by an hour on 29th March 2015

    Reply

  3. Hi Aradhana,
    sorry I don’t have know.
    Cheers,
    Stefan

    Reply

  4. Hi Stefan,
    am I right that the security updates that are available in the PU, are also included in the CU of the same month? So I don't Need to install both? Or is that a wrong interpretation?
    Thanks in advance, Jens

    Reply

  5. Hi Jens,
    your assumption is correct.
    Cheers,
    Stefan

    Reply

  6. Good morning Stefan. We updated our SP 2013 servers last night, and as of this morning, Excel Services no longer works. When we look at the patch management page it's saying that KB2737989 and KB2920730 are missing/required (on our APP server) even though
    they show as being installed in Windows. We tried rebooting, and that didn't help. Any thoughts on how to fix this? Thank you. Kevin

    Reply

  7. Thanks for the response Stefan.

    We reached out to Microsoft, and they had us try what you recommended first. Unfortunately, it didn't fix the issue, and the next step is to run PSCONFIG on our servers. Hopefully that will do the trick.

    Kevin

    Reply

  8. The way suggested from Stefano worked in my farm
    1) in powershell administrative command prompt run Get-SPProduct -local
    2) in command administrative prompt : : psconfig -cmd upgrade -inplace b2b -wait
    3) ok
    4) reboot also if not declared

    Reply

  9. And another customer SharePoint 2013 environment down due to these patches slipping through WU: "This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration
    database. To connect this server to the server farm, use the SharePoint Products Configuration Wizard, located on the Start menu in Microsoft SharePoint 2010 Products"

    I did say it earlier, and I say it now again: it's not a good policy to push these updates via WU if they bring environments down and require PSCONFIG to fix. Please consider making them optional in WU to minimize chances of this happening. Or add a switch
    to SharePoint to somehow block these installs from Central Admin side. Anything to save people from these nasty surprises.

    Thanks!

    Reply

  10. Hi Jussi,

    please don’t shoot the messenger! 😉

    I’m not in a position to change this behavior.
    If this is harmful for you, please open a support case so that someone can raise your concerns with the required people in the product group.

    Cheers,
    Stefan

    Reply

  11. Stefan,
    I would like to thank the you for communicating these changes to us and I'm fully aware you're not able to change these things. Without your blog, I wouldn't even know these changes have taken place, so thank you.

    Reply

  12. Stefan,
    Could a security updates (PU) prevent us from installing a Cumulative Update (CU) or Uber package of the same month as the PU?

    Reply

  13. Hi Bill,

    no that should not happen.
    The logic is as follows: the CU contains fix packages for many different components. A PU usually only for a smaller set of components.
    the installer verfies all packages in the CU to see if the version is higher than installed and then installs those which need to be upgraded.
    Only if the PU and the CU would contain the exact same packages related to your server it would not allow to install the CU on top of the PU as all components are already on the latest patch level.

    Cheers,
    Stefan

    Reply

  14. Hello Stefan,

    I m sorry but I don't find the location of the PU.
    Could you give me the URL?

    Thanks

    Reply

  15. HI. I see a March PU was released for SP2013 from your article here. However, when I look at the update page for SP2013 for March it is called a CU…
    https://support.microsoft.com/en-us/kb/2767999

    So I understand the difference between a PU and a CU from your previous posts. My question is if I look at the updates page, how do I know if an update is a PU or a CU? And therefore if I SHOULD install it, or MAYBE install it if there is a fix that I need

    Forgive me if this is a newbie question, but I'm trying to understand the nuances of managing an operations group.

    Thanks

    Reply

  16. I guess I mean how can I get the list of CU's and more importantly PU's so that I know when to do a patch?

    Reply

Leave a Reply to Jens Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.