MS12-050: Vulnerabilities in SharePoint could allow elevation of privilege: July 10, 2012

<html><body><p>Describes vulnerabilities in SharePoint could allow elevation of privilege, and was released on July 10, 2012.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS12-050. To view the complete security bulletin, go to one of the following Microsoft websites: <ul><li>Home users:<div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201207.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201207.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div><a href=“http://technet.microsoft.com/security/bulletin/ms12-050” target=“_self”>http://technet.microsoft.com/security/bulletin/MS12-050</a></div></li></ul><h3>How to obtain help and support for this security update</h3> Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2></h2><div><h4>Known issues and additional information about this security update</h4> <br /> <br /><br /> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<ul><li><a href=“https://support.microsoft.com/en-us/help/2553194”>2553194 </a> MS12-050: Description of the security update for SharePoint Server 2010 (coreserverloc): July 10, 2012<br /><br />Known issues in security update 2553194: <br /><ul><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:<div><a href=“http://technet.microsoft.com/en-us/library/cc263093.aspx” target=“_self”>PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2553322”>2553322 </a> MS12-050: Description of the security update for InfoPath 2010: July 10, 2012 </li><li><a href=“https://support.microsoft.com/en-us/help/2553365”>2553365 </a> MS12-050: Description of the security update for SharePoint Foundation 2010: July 10, 2012<br /><br />Known issues in security update 2553365: <ul><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage: <div><a href=“http://technet.microsoft.com/en-us/library/cc263093.aspx” target=“_self”>PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2553424”>2553424 </a> MS12-050: Description of the security update for SharePoint Server 2010 (wosrv): July 10, 2012<br /><br />Known issues in security update 2553424: <ul><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage: <div><a href=“http://technet.microsoft.com/en-us/library/cc263093.aspx” target=“_self”>PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2553431”>2553431 </a> MS12-050: Description of the security update for InfoPath 2010: July 10, 2012<br /><br />Known issues in security update 2553431: <ul><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br /><br /><span>Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2589325”>2589325 </a> MS12-050: Description of the security update for Groove Server 2010: July 10, 2012<br /><br />Known issues in security update 2589325: <ul><li>If you install any previously released Groove server update before you install this security update, then you may see multiple entries for this security update may appear in <strong>Add or Remove Programs</strong>.</li><li>The Groove security update does not appear in <span>Add or Remove Programs</span>. To determine whether the update is installed, the system administrator can open the SharePoint Configuration Manager console.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2596663”>2596663 </a> MS12-050: Description of the security update for SharePoint Server 2007 Service Pack 2 (coreserver): July 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/2596666”>2596666 </a> MS12-050: Description of the security update for InfoPath 2007: July 10, 2012<br /><br />Known issues in security update 2596666: <ul><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br /><br /><span>Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2596786”>2596786 </a> MS12-050: Description of the security update for InfoPath 2007 (IPEditor): July 10, 2012<br /><br />Known issues in security update 2596786: <ul><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br /><br /><span>Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2596911”>2596911 </a> MS12-050: Description of the security update for Windows SharePoint Services 3.0: July 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/2596942”>2596942 </a> MS12-050: Description of the security update for Office SharePoint Server 2007 Service Pack 2 (xlsrvwfe): July 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/2598239”>2598239 </a> MS12-050: Description of the security update for SharePoint Server 2010: July 10, 2012<br /><br />Known issues in security update 2598239: <ul><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage: <div><a href=“http://technet.microsoft.com/en-us/library/cc263093.aspx” target=“_self”>PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2760604”>2760604 </a> MS12-050: Description of the security update for Microsoft Windows SharePoint Services 2.0 SP3: December 11, 2012</li></ul><span></span><br /><h4>File hash information</h4><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>wss2003-kb2760604-fullfile-ara.exe</td><td>944FFC7C1BCC35C796EE1CAEC3D977EA23BE3591</td><td>5736A05A0858EB07A8239C60593A4D6BD230BA54A3E16274A0773D93EE930570</td></tr><tr><td>wss2003-kb2760604-fullfile-bgr.exe</td><td>1EF35C81A8B2DF79AD99682D0984731216264B4B</td><td>45539094870B351DE90768D3E3156E0A825C7F371B415E75E64D405314030139</td></tr><tr><td>wss2003-kb2760604-fullfile-chs.exe</td><td>F11BB8837A560E4A0BC424D95BEC68E9D74AE377</td><td>F869A0A164A91A014D2AB1A7492F25363FD6CBFB83F8E4D44E3FFAC96C496D31</td></tr><tr><td>wss2003-kb2760604-fullfile-cht.exe</td><td>970CF05CCF910C9FF0431DCFC85F085F977AF542</td><td>22F3DC70AB127BB881DC166CDD771291EE833C7DA207482FEF84D11E0F3A8156</td></tr><tr><td>wss2003-kb2760604-fullfile-csy.exe</td><td>F49D9534D20C6E8F23C53FB8D226446C8D9EC441</td><td>18CB0ABCB54DC278D8C314B778999A5AED34948922C3DC9B0E512E0D0F9EEE77</td></tr><tr><td>wss2003-kb2760604-fullfile-dan.exe</td><td>19FA51E5995EA5EA3EAE16C540BF82550CE107E3</td><td>0D61FF387EE6507D2840F149A5063DD2C597E21DFF70F8F7AA960B65D36CBB5D</td></tr><tr><td>wss2003-kb2760604-fullfile-deu.exe</td><td>4D81FFAC740D198A7B66DA296EF9427F9B11CFA2</td><td>C17A570B8E850D10000BBC4BBA14D6B78C03F267AA6FB169D0E4DF3B5656161F</td></tr><tr><td>wss2003-kb2760604-fullfile-ell.exe</td><td>03973E73A4AB0E7F0B72D478B61538764AE5E547</td><td>485CD52BB0B9930C63530F38B7917E6774F548D26766CA40ECAF61377B5945A9</td></tr><tr><td>wss2003-kb2760604-fullfile-enu.exe</td><td>8CDCE452A26ECC14A0BBBFA80B43CE48F224A6CA</td><td>2C21C95770D60BA08EBDA7965BC38625E20684BAB4E43E37C70673E133BF9F4F</td></tr><tr><td>wss2003-kb2760604-fullfile-esn.exe</td><td>FA1B8FE9E815E75E3BD2F24C0C9E559A9E20B4C0</td><td>0C71F483FE72EAD5BE870EA1A8E9DC60C369FC5FC33733D0D02C629C3E7FF731</td></tr><tr><td>wss2003-kb2760604-fullfile-eti.exe</td><td>044DA3C7C9A238869D124D697DBEC06B4EA257C3</td><td>D6755EB7FD5E195A9CD2ADA1E5CA937A2B365AC6DB91AA4342AF4D2818E35D69</td></tr><tr><td>wss2003-kb2760604-fullfile-fin.exe</td><td>1867C849389450286FEE99C95CD881DA9CFFB708</td><td>8866AD99D8D83DE3271366399BD1B7998257E15E39A82ED0CB2C9E1DCC6AA943</td></tr><tr><td>wss2003-kb2760604-fullfile-fra.exe</td><td>777EA2C387B381768D1111E607779E70E41FDF1F</td><td>744ACE78426672E9EC75817E5D4D3B412DD272B7384C80190BE0B6FA2DB73BE7</td></tr><tr><td>wss2003-kb2760604-fullfile-heb.exe</td><td>BDC9CAA8D266554B0ED9694562EB4E9B9C7368D1</td><td>7F7C8210CF6991AFFF14703E780E1191306B1856B00B95BC2F27B7EE59B5FB7E</td></tr><tr><td>wss2003-kb2760604-fullfile-hin.exe</td><td>0B68573CDAAC765D4ABF325CD3996D1E2E667A17</td><td>F32BBA4CE8B5861F180261676CA6B44F1DAC36F9175D176EC69062A975C197AC</td></tr><tr><td>wss2003-kb2760604-fullfile-hrv.exe</td><td>A0917833FD05D8C9175EBAA73BA83CD1C1A25F30</td><td>FCD5ADF13D09A8DCEC75210F4A452405C8266BB8476EBC4B54D5146BAA2FF8E7</td></tr><tr><td>wss2003-kb2760604-fullfile-hun.exe</td><td>8329B99DEF9698D3E1D9260DD7F491B99C519584</td><td>AAB418A8CB3658D061B7356AA3AC1FB0F2A9D68632EEE2664900A1535C46D2A4</td></tr><tr><td>wss2003-kb2760604-fullfile-ita.exe</td><td>DC7A8679DFB3D21E796A6E61C201437EA1AA5C2F</td><td>F1D53091A9F95E970642C3A4F612237DAF5BA24414A3F1E9B7A8D8F21F5248F5</td></tr><tr><td>wss2003-kb2760604-fullfile-jpn.exe</td><td>563502557130AFE06614CDB1CE2FFBA352B74739</td><td>58F48E2973284C3DAC005B7DB1B3DD9C64FB6F898A027F167E335C3B566FE69C</td></tr><tr><td>wss2003-kb2760604-fullfile-kor.exe</td><td>A7BD3032953031CDC511666250AECE3F87C64F0B</td><td>88B675F6DC0F393725B135C1FD7DBBE3F46289221803FF547669A1388EAA996C</td></tr><tr><td>wss2003-kb2760604-fullfile-lth.exe</td><td>963D99379FF4515725F8DD1594872EB0973E42A4</td><td>DE8E907C37917D93DA25FEBDB2C7E5A033E486D1D1B2A7D97001486FD0467DAB</td></tr><tr><td>wss2003-kb2760604-fullfile-lvi.exe</td><td>40B44B094CD1ABDF693AC0C44429888EB07B99F6</td><td>13841434EA8994760EEF0C7626FAA473F582763B9B9214C94F53B0BEFEFA28BF</td></tr><tr><td>wss2003-kb2760604-fullfile-nld.exe</td><td>F4F356BC58494D3EB2146955A512163473F5C18C</td><td>5BBD181CD9F4B518751A47A5F59D821D3F486763CE2050F34173C4F377C1765A</td></tr><tr><td>wss2003-kb2760604-fullfile-nor.exe</td><td>1BFDAC7CA337DD926FA851DFC44B6C8EB3787D44</td><td>1855342D407C705D8AA1EE14030C2BFF23E4A1022A87D0121EA937EFC0A5735A</td></tr><tr><td>wss2003-kb2760604-fullfile-plk.exe</td><td>854ACEEC4ED26C8F2AF6115F8357D3E18D95BF46</td><td>266194456C096A44F03C180744B74A0A9827F34BA79DB5FC857D271B11FDC2D0</td></tr><tr><td>wss2003-kb2760604-fullfile-ptb.exe</td><td>80AFB3A70ADD47AF15C5C811298248DA06BFE60F</td><td>65CEF35AB79343C01CA79C550A4AB72F9F5A1EF786F539BFF6484450C0A05AFF</td></tr><tr><td>wss2003-kb2760604-fullfile-ptg.exe</td><td>064033EDCD99453BDA48A6EF012F76E0FFC1422C</td><td>6C4BC8DA2B32B3F854D70DF23AEB9BF0A715B7DAC9F35C6399B2D0DEA7E9FB0A</td></tr><tr><td>wss2003-kb2760604-fullfile-rom.exe</td><td>FF36147DCBB752ACE97C682B1D8B8935A848C5D0</td><td>4128BAD2C2DDD45017530CECC0C2A7ADC0B88D3BCF5072170FF7D97A1E9BF26D</td></tr><tr><td>wss2003-kb2760604-fullfile-rus.exe</td><td>35B3BDC570F6D82475A62C38171260B24BE2266B</td><td>4391A7761F2DB2FB3058FCA6E306519DA44EAEBDE2A990B520FA1EE3F60E360E</td></tr><tr><td>wss2003-kb2760604-fullfile-sky.exe</td><td>1D5A41747ABC246F69A1C61E36B524604E5A0FEC</td><td>B598C60AD4FE2C82A7B43D390B32D6917A2637378B679A11C8D52E433840507F</td></tr><tr><td>wss2003-kb2760604-fullfile-slv.exe</td><td>CE0131A5858230363BFDD3BF6EA399ABDE1378BC</td><td>3605324E72645A7E126E037DCBC79827DE28DDD364C95DB79FB416402462EAEF</td></tr><tr><td>wss2003-kb2760604-fullfile-srl.exe</td><td>AD4A19231C72A880D361BFF018773F3486BED26C</td><td>A1B5F71EDEB27A906C98438E3429882C82EC60CF58815EE10AE6BADAD97B949E</td></tr><tr><td>wss2003-kb2760604-fullfile-sve.exe</td><td>94575D9AEC7CC927278BA869A31EEB42A760D324</td><td>CEC7BFD45C09D1E52F1DD4137B558D9D7B9613353B26C2C54A652E80C5FCFD68</td></tr><tr><td>wss2003-kb2760604-fullfile-tha.exe</td><td>6999EECC0D501ABFF9B490203C5E2016E1617B99</td><td>B6D0DF67C45B6F5C1368C3B23AB624DB6127B03D5C980FC29D842488FAC27205</td></tr><tr><td>wss2003-kb2760604-fullfile-trk.exe</td><td>B62A256B76FBEE70FB51EF41700D164B9DF1B548</td><td>309659C1C8060265A6DB0C6C31F89720A61F8DD065FA3DCD8A9AC5CA389FCB4F</td></tr><tr><td>wss2003-kb2760604-fullfile-ukr.exe</td><td>92C0AD7EE66A4E20AC22D23CCA4D405FB53ED927</td><td>8C1EC306BA0883730D2D5C554DD9116998C2F11B816D20A236A78E7EF671CEE4</td></tr><tr><td>wss2003-kb2760604-fullfile-zhh.exe</td><td>18B05B146DE37B421C37EDB2CC8801884044B8B5</td><td>3402D3016F8500DDC25E566D50CB91130885BE25A509643BA96F9B9D8DB3FA24</td></tr><tr><td>coreserver2007-kb2596663-fullfile-x64-glb.exe</td><td>B4B8C2D03393AFAE2D609B3E22E9C54459170AB7</td><td>287BA5C0B0672DB4FBF9A7C15A539F6699FA1BA91A4170B049308C52DBB0FA22</td></tr><tr><td>coreserver2007-kb2596663-fullfile-x86-glb.exe</td><td>459B707CC63E3F0B38D87BA0968D89C7D7766707</td><td>0B187B5ACC20FC8EBC4CCC1BF658D51E4A4DA4F564C2CA1B92B432A0C40C6D2C</td></tr><tr><td>coreserverloc2010-kb2553194-fullfile-x64-glb.exe</td><td>92515E81643BBB6DDFFEB3D6295645322BE1C094</td><td>D29D2A72BAE50717011AC007AEACD1B69E802FD5E4D4AC3A0A7DB27488EDEB0F</td></tr><tr><td>emsgrs2010-kb2589325-fullfile-x64-glb.exe</td><td>C40B9731DA0D72958E97C37C8562676E9035DF1E</td><td>98D9F03A1B94B0C6085E320A760F64391A1E6F34064666D140E55252F1B2908C</td></tr><tr><td>infopath2007-kb2596666-fullfile-x86-glb.exe</td><td>6089333AEB61B4F0613898C33F8583A15957D782</td><td>C6440DAB225C67F0C290A1AD0B85C72BA3C6B2F813B0901B04FCABDF1FC9B086</td></tr><tr><td>infopath2010-kb2553431-fullfile-x64-glb.exe</td><td>CF9C2F85761B14386A848CD89E5C517F632ECF08</td><td>6A16C443958BEFAE24E861E053B04EB09CB78A777DAF9A7C603E70DAAD6E5D2D</td></tr><tr><td>infopath2010-kb2553431-fullfile-x86-glb.exe</td><td>C1CF3BFC26754C57F8A5C111C014015BEC5D6D3B</td><td>8AACEAE7227509C592442829FA06D6924E48C8E15D5238C79104E9C716ADA5D9</td></tr><tr><td>ipeditor2007-kb2596786-fullfile-x86-glb.exe</td><td>C098589CFF0B676B80C4C5B2E145B9BD93E2C355</td><td>6611329D0E156EB2DC01584F9ED1EF72BD08D81FE083FFC57ACD541BB0D31700</td></tr><tr><td>ipeditor2010-kb2553322-fullfile-x64-glb.exe</td><td>CE8A14DBFA1513CF843B37B30113A37DE5EB33FF</td><td>B721DCF88277D1271DE22C3A1E7869389C3EB976BDE8C7176CD74C0E322ACC35</td></tr><tr><td>ipeditor2010-kb2553322-fullfile-x86-glb.exe</td><td>2C9EC3F1D70A4E04A15D81DC6AE75ABEC168E700</td><td>5F269A2559012056B6F16DB638365F7225C143B524AFC0DA77331671933952EF</td></tr><tr><td>sts-x-none-x64.cab</td><td>C093C7C13D7CB01D5F7B2F244399DBC34BB10D20</td><td>05853D2678F4D335A0BCFC1AA74E79D980072A7F23CAABF64C2635675210F54C</td></tr><tr><td>sts-x-none-x86.cab</td><td>13258CA09C2D2A019C5E1F7EEFD53378B53A93CA</td><td>CFE52C1389B605C1E3AAB0024D7C771828E799F5F8FD1C4C010F3A86992B4560</td></tr><tr><td>sts2007-kb2596911-fullfile-x64-glb.exe</td><td>302CB71DCB952EB7AE2BB7A0DFCB3826488DFFD9</td><td>E01E674F45D599895EA65579874D22F3A990E385EBAABA69FEE232095147DF4E</td></tr><tr><td>sts2007-kb2596911-fullfile-x86-glb.exe</td><td>3B815B9647BB14E549B89BF61E26AF34BCE63006</td><td>DE51614C7107B26600E44AE5AE6AA12B6D4BC2E5C2BD84ADCFD39E409529371C</td></tr><tr><td>wac2010-kb2598239-fullfile-x64-glb.exe</td><td>5DA77BDDC33BA933C94C5922FD037796A74CDD50</td><td>60E369CA03A8237938070573F31DCB1AFCFAD738616C6F2E75B7D6CBFCEEC184</td></tr><tr><td>wosrv2010-kb2553424-fullfile-x64-glb.exe</td><td>6DF33A7F0FCD21696C581DA461805BC245D5E5D4</td><td>057090BC16ED1EB4974ABA40E2FC79AB4AED3D431E2224002F6402847439A2E0</td></tr><tr><td>wss2010-kb2553365-fullfile-x64-glb.exe</td><td>1974AEBB7C576D58499CDEDB25C426FAAEDA0C57</td><td>CC9980F485D951CFAD7E2B9FB93F70C1703C8DEC1E4EB91AD5EB7DC8F95BCE39</td></tr><tr><td>xlsrvwfe2007-kb2596942-fullfile-x64-glb.exe</td><td>3D987EDEAE127AA515409E02448A3CFDE785EF79</td><td>E895F8A3E13B19D0A48F64194B712F5CB00B4EF532038EBEF9EAB8BB3E80105D</td></tr><tr><td>xlsrvwfe2007-kb2596942-fullfile-x86-glb.exe</td><td>F54164686BC47A54EB7CD22096DCE7932DD60F3A</td><td>C3F8E89D78BFC09257F5E97E9CEA68567225506366B4DFE8CC9586EF2226FBF9</td></tr></table></div></div></body></html>