MS14-022: Vulnerabilities in Microsoft SharePoint Server could allow remote code execution: May 13, 2014

2014-05-13T00:00:00
ID KB2952166
Type mskb
Reporter Microsoft
Modified 2014-05-13T18:06:21

Description

<html><body><p>This security update resolves multiple privately reported vulnerabilities in Microsoft Office server and productivity software. The most severe of these vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint Server.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS14-022. To learn more about this security bulletin:<br/><span></span><br/><ul class="sbody-free_list"><li>Home users:<br/><div class="indent"><a href="https://www.microsoft.com/security/pc-security/updates.aspx" id="kb-link-1" target="_self">https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class="text-base">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class="indent"><a href="https://update.microsoft.com/microsoftupdate/" id="kb-link-2" target="_self">https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class="indent"><a href="https://technet.microsoft.com/security/bulletin/ms14-022" id="kb-link-3" target="_self">https://technet.microsoft.com/security/bulletin/MS14-022</a></div></li></ul><h3 class="sbody-h3">How to obtain help and support for this security update</h3>Help installing updates: <a href="https://support.microsoft.com/ph/6527" id="kb-link-4" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href="https://technet.microsoft.com/security/bb980617.aspx" id="kb-link-5" target="_self">TechNet Security Support and Troubleshooting</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-6" target="_self">Virus and Security Solution Center</a><br/><br/>Local support according to your country:<br/><a href="https://support.microsoft.com/common/international.aspx" id="kb-link-7" target="_self">International Support</a><br/><br/></div><h2></h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><br/><ul class="sbody-free_list"><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2837616" id="kb-link-8">2837616 </a> MS14-022: Description of the security update for Windows SharePoint Services 3.0: May 13, 2014</div>Known issues in security update 2972616: Description of the security update for Windows SharePoint Services 3.0: May 13, 2014<ul class="sbody-free_list"><li>After you install this security update, you have to run the PSconfig tool to complete the installation process.</li></ul></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2880536" id="kb-link-9">2880536 </a> MS14-022: Description of the security update for Web Applications 2010: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2760236" id="kb-link-10">2760236 </a> MS14-022: Description of the security update for SharePoint Server 2013: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2863829" id="kb-link-11">2863829 </a> MS14-022: Description of the security update for SharePoint Server 2013 (coreserverloc): May 13, 2014</div>Known issues in security update 2863829: Description of the security update for SharePoint Server 2013 (coreserverloc): May 13, 2014 <br/><ul class="sbody-free_list"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation process. For more information about how to use the PSconfig tool, go to the following Microsoft TechNet webpage: <br/><br/><a href="http://technet.microsoft.com/en-us/library/hh285624.aspx#bkmk_installasoftwareupdate" id="kb-link-12" target="_self">Install a software update</a></li></ul></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2837588" id="kb-link-13">2837588 </a> MS14-022: Description of the security update for SharePoint Server 2010: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2837598" id="kb-link-14">2837598 </a> MS14-022: Description of the security update for SharePoint Server 2010 (coreserver): May 13, 2014</div>Known issues in security update 2837598: Description of the security update for SharePoint Server 2010 (coreserver): May 13, 2014<br/><ul class="sbody-free_list"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, see <a href="http://technet.microsoft.com/en-us/library/cc263093.aspx" id="kb-link-15" target="_self">PSconfig command-line reference (SharePoint Server 2010)</a>.</li></ul></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2596763" id="kb-link-16">2596763 </a> MS14-022: Description of the security update for SharePoint Server 2007: May 13, 2014 </div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2596902" id="kb-link-17">2596902 </a> MS14-022: Description of the security update for SharePoint Server 2007: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2863863" id="kb-link-18">2863863 </a> MS14-022: Description of the security update for SharePoint Foundation 2013: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2863856" id="kb-link-19">2863856 </a> MS14-022: Description of the security update for SharePoint Foundation 2013: May 13, 2014</div>Known issues in security update 2863856: Description of the security update for SharePoint Foundation 2013: May 13, 2014<br/><ul class="sbody-free_list"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. </li></ul></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2863854" id="kb-link-20">2863854 </a> MS14-022: Description of the security update for SharePoint Designer 2013: May 13, 2014</div>Known issues in security update 2863854: Description of the security update for SharePoint Designer 2013: May 13, 2014<br/><ul class="sbody-free_list"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. </li></ul></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2752096" id="kb-link-21">2752096 </a> MS14-022: Description of the security update for SharePoint Designer 2013 (spdcore): May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2810069" id="kb-link-22">2810069 </a> MS14-022: Description of the security update for SharePoint Designer 2010: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2596861" id="kb-link-23">2596861 </a> MS14-022: Description of the security update for SharePoint Designer 2007: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2596810" id="kb-link-24">2596810 </a> MS14-022: Description of the security update for SharePoint Designer 2007: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2863922" id="kb-link-25">2863922 </a> MS14-022: Description of the security update for Project Server 2010: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2880453" id="kb-link-26">2880453 </a> MS14-022: Description of the security update for Office Web Apps Server 2013: May 13, 2014</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2863836" id="kb-link-27">2863836 </a> MS14-022: Description of the security update for Microsoft SharePoint Designer 2013 (32-bit versions) (spd): May 13, 2014</div></li></ul><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">File hash information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">SHA1 hash</th><th class="sbody-th">SHA256 hash</th></tr><tr class="sbody-tr"><td class="sbody-td">coreserver2010-kb2837598-fullfile-x64-glb.exe</td><td class="sbody-td">3585491557782217CE5169F72C0F8A35662C2724</td><td class="sbody-td">0AED494DFB0A9981FFCF10715153E140A9BE33D1CE049D81DEDCED39B652FD2E</td></tr><tr class="sbody-tr"><td class="sbody-td">coreserverloc2013-kb2863829-fullfile-x64-glb.exe</td><td class="sbody-td">5FC9E891F659F92BDEFA058DAF070DE02DDD6B78</td><td class="sbody-td">A9CCAFA8F4461112E1243547E068E4F68733C8CCE9D7F66E246D30B2FC84197E</td></tr><tr class="sbody-tr"><td class="sbody-td">dlc2007-kb2596763-fullfile-x64-glb.exe</td><td class="sbody-td">045E326AEA9E6AE089F9F268AB148D4C766B58A1</td><td class="sbody-td">6ED32465CBFD866E653A657E3CF98909B8F43AF070BA0D8A35130989A84C760C</td></tr><tr class="sbody-tr"><td class="sbody-td">dlc2007-kb2596763-fullfile-x86-glb.exe</td><td class="sbody-td">06E8A0D5D34AF17AEBD261BA8EC6F0820077C301</td><td class="sbody-td">AAC125192473B1F02BE4B2C60232C98692258558092E09D812B5D10BA8323E50</td></tr><tr class="sbody-tr"><td class="sbody-td">dlcapp2007-kb2596902-fullfile-x64-glb.exe</td><td class="sbody-td">F4CBB582D86289D4E337DC99E3FBB32155DD7569</td><td class="sbody-td">A6AEB29767FDE38F5696D4B660AA850861C54C1812E9FAF23A834E1AAA587304</td></tr><tr class="sbody-tr"><td class="sbody-td">dlcapp2007-kb2596902-fullfile-x86-glb.exe</td><td class="sbody-td">6CCA0AE5FB9729FC93DA01A1912008C74148E80E</td><td class="sbody-td">F673A9826FE838A059A67EE50244E8C72AAEA23D1677D0D6DF95DACD586AA99A</td></tr><tr class="sbody-tr"><td class="sbody-td">ewd2007-kb2596861-fullfile-x86-glb.exe</td><td class="sbody-td">854D7D8ED3F51CBD9BF4E1440ED586AA0923A1DC</td><td class="sbody-td">6C44CEA12DC3950B9E58C24DE69820779FF586CBF8AD433B458256AFAB3EB19B</td></tr><tr class="sbody-tr"><td class="sbody-td">msaddndr2010-kb2880971-fullfile-x86-glb.exe</td><td class="sbody-td">F6B4823EF2F7195035C0C064C79005AB5DD32A01</td><td class="sbody-td">4DB98466C1ED7ABB4FF0B644E734A7CA975A62949B752CCCB7CF6DEB50FE6A3F</td></tr><tr class="sbody-tr"><td class="sbody-td">mscomct22013-kb2760272-fullfile-x64-glb.exe</td><td class="sbody-td">D620D7E835D58AD07F82FB79A5B4CCEADE29AF18</td><td class="sbody-td">15C56C44347D1C407E749F80B8B9ED8D95B162FF3879A457B519B549E1C5F50D</td></tr><tr class="sbody-tr"><td class="sbody-td">mscomct22013-kb2760272-fullfile-x86-glb.exe</td><td class="sbody-td">C091AF42ABE53C9DD1D7A377CA376A04C30038F8</td><td class="sbody-td">64534D826E24CEF590D84BEF9D4E66B687DDBEBD96BB9E9803F88F4E8F32116E</td></tr><tr class="sbody-tr"><td class="sbody-td">mscomctlocx2013-kb2880502-fullfile-x86-glb.exe</td><td class="sbody-td">5352056D5ECD072044F086E5AADDF45A7B5EC396</td><td class="sbody-td">C8101D1EE8EDB994FB844ABB82ADF50B58F2EC2C3F31BE7E36C722AFF490C53C</td></tr><tr class="sbody-tr"><td class="sbody-td">mso2013-kb2878316-fullfile-x64-glb.exe</td><td class="sbody-td">A99BA3B090AFB81FAE04E7B93486E20450431CDE</td><td class="sbody-td">C41F43A3495F041CCACFCE9DAFAC322C8345911997B25C26B5DDBB4AD031B662</td></tr><tr class="sbody-tr"><td class="sbody-td">mso2013-kb2878316-fullfile-x86-glb.exe</td><td class="sbody-td">6D631B7DB32DEB79ECA9DB037BB9DAC1496216F2</td><td class="sbody-td">377CE6E80C9036F068A2AA5EFD1BF91B85A5C9CE7597D8D2CD126089BDD80971</td></tr><tr class="sbody-tr"><td class="sbody-td">pjsrv2010-kb2863922-fullfile-x64-glb.exe</td><td class="sbody-td">657CFCBF092EF68E7549F8AFF60AEFACEA82F99D</td><td class="sbody-td">BA83DEDD915C7006A1147D0958F75D84A95628B218DD904F95B848B905B5A410</td></tr><tr class="sbody-tr"><td class="sbody-td">pjsrvloc2013-kb2760236-fullfile-x64-glb.exe</td><td class="sbody-td">DEF23341FA80EC5E5617CC836808972BA29B3CBF</td><td class="sbody-td">79D8C9457CBC32550549B3611925686CC338EFB2364DF644023871F1E5F03275</td></tr><tr class="sbody-tr"><td class="sbody-td">proofloc2013-kb2880463-fullfile-x64-glb.exe</td><td class="sbody-td">6086993F610001996BFF4B0D05071F928A48C6BF</td><td class="sbody-td">BFFA2F186CE6AF058A8471AC4C9141E82C8C1B563564BC88355438FFCBE81F05</td></tr><tr class="sbody-tr"><td class="sbody-td">proofloc2013-kb2880463-fullfile-x86-glb.exe</td><td class="sbody-td">5173E30682FCE1DE80BAA41D0150585430A27F93</td><td class="sbody-td">3BC78E661AF1F48E19A5361A00AD21595D15773D75889D3248B868F6EFE96759</td></tr><tr class="sbody-tr"><td class="sbody-td">spd2007-kb2596810-fullfile-x86-glb.exe</td><td class="sbody-td">4DE626741EB13FCA87FF69EF1B5DA857485E2FEC</td><td class="sbody-td">E2B19E7A555BC76BC2264A4A78BA50625B19C6E96A6BB5737C69A67096952FA5</td></tr><tr class="sbody-tr"><td class="sbody-td">spd2010-kb2810069-fullfile-x64-glb.exe</td><td class="sbody-td">E59E999A468B1ACC171A36CD020581C3A4BAF7FB</td><td class="sbody-td">2C44BFEBC0B39ED5274059E287BD890CBE9FB14E5F4D3FB505AB570C95604980</td></tr><tr class="sbody-tr"><td class="sbody-td">spd2010-kb2810069-fullfile-x86-glb.exe</td><td class="sbody-td">E60F9132CFCE12E0264D41E65C8188D0B7B0B2F8</td><td class="sbody-td">AC134FB89748827951E258E4C2886370F9DFAD9D97C7C6A399A283B76BF22FFB</td></tr><tr class="sbody-tr"><td class="sbody-td">spd2013-kb2863836-fullfile-x64-glb.exe</td><td class="sbody-td">1C3B5DC2898368C1EA507913AFDCEE85B2599113</td><td class="sbody-td">63FDEF8A91A00E5C64DFE814BEF0E7DD37397C1953800EA1AF0B81A13DEC4D3F</td></tr><tr class="sbody-tr"><td class="sbody-td">spd2013-kb2863836-fullfile-x86-glb.exe</td><td class="sbody-td">06FBDE4BF36A8C02AA09E1B36BD002AF7F12E873</td><td class="sbody-td">1CDE92D20ECE06B3DE60A47FCE37D5395D764A653D3E6A45D588C735732CF6D5</td></tr><tr class="sbody-tr"><td class="sbody-td">spdcore2013-kb2752096-fullfile-x86-glb.exe</td><td class="sbody-td">FB1686B0218C3662D01C8C51939127AAB4FA76A0</td><td class="sbody-td">A20CC58CD8E17A2B124CBB18F90C3312B1264168FC9689BF0DD9844666BA8D56</td></tr><tr class="sbody-tr"><td class="sbody-td">spdevsdk2013-kb2863854-fullfile-x64-glb.exe</td><td class="sbody-td">AC8CCF43F9F46082D3075B0B56ACB18BE5BB54F1</td><td class="sbody-td">CECAE188FA9D4E023FF6A2A9C1B7E350E3245B3C1409D7AE7DCEE1D26EE8E90F</td></tr><tr class="sbody-tr"><td class="sbody-td">spdevsdk2013-kb2863854-fullfile-x86-glb.exe</td><td class="sbody-td">BB3A007F15A726C5B0BA29314F03151704E9F1C5</td><td class="sbody-td">1C11E83351504C07F49387CAE90D420DE81488FF736C44F872B57EC0958C7EA0</td></tr><tr class="sbody-tr"><td class="sbody-td">sts2007-kb2837616-fullfile-x64-glb.exe</td><td class="sbody-td">CE65DDBBD89028DD644010CBE7702699FE860978</td><td class="sbody-td">80370F61B6C79E0E7CDA5987F87098A67B08B2563B0A3AF915B984576D93A1F7</td></tr><tr class="sbody-tr"><td class="sbody-td">sts2007-kb2837616-fullfile-x86-glb.exe</td><td class="sbody-td">FFD593A14B471BFD50B4B4DE618724861DC6C3D9</td><td class="sbody-td">4B73804757AC127D1F4332E5A3FCECDE947D181CB59255D4F20245E104CCAE57</td></tr><tr class="sbody-tr"><td class="sbody-td">sts2013-kb2863856-fullfile-x64-glb.exe</td><td class="sbody-td">1BB0083CAD4397DFA082574121A98AB04B443DEA</td><td class="sbody-td">4A7DFFCCDE268D977778EBE7874F00BC579A1747E3F6CC21DA02F0CE880E0BC1</td></tr><tr class="sbody-tr"><td class="sbody-td">wac2010-kb2880536-fullfile-x64-glb.exe</td><td class="sbody-td">23F277729C53BF0E257FDA4A0118029047264DCC</td><td class="sbody-td">1700C9DD915DA1642EC8D30FE73BC037233F6E93E210C418DE4394A8ABB42297</td></tr><tr class="sbody-tr"><td class="sbody-td">wacserver2013-kb2880453-fullfile-x64-glb.exe</td><td class="sbody-td">19A90DF408AF5E3377054048C8B2B6FC91B9BE13</td><td class="sbody-td">866C1C6DEC376420BFE35199BF7C41CD96B5806815FE626985892ABAD7E1EFFE</td></tr><tr class="sbody-tr"><td class="sbody-td">wss2010-kb2837588-fullfile-x64-glb.exe</td><td class="sbody-td">97D415F61801A03AB812670FA93A04F80DD78339</td><td class="sbody-td">68E312E20694E8BD76886AAC25B05655DA65780EE4F3C5058130B1D74F431EFC</td></tr><tr class="sbody-tr"><td class="sbody-td">wssloc2013-kb2863863-fullfile-x64-glb.exe</td><td class="sbody-td">C465DC776A17FB660780114BFC1F0F7323595FEA</td><td class="sbody-td">3A699EAA3A7C7CBF88C136BC24D8434857E126C4A483852228D6045457FB3D9F</td></tr></table></div></div><br/></span></div></div></div></div></body></html>