MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015

ID KB2956153
Type mskb
Reporter Microsoft
Modified 2017-03-30T05:58:55


<html><body><p>Resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.</p><h2>Introduction</h2><div>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.<br/><span></span><h3 class="sbody-h3">Improvements and fixes</h3>This security update contains the following improvement:<ul class="sbody-free_list"><li>Improves the English and Welsh proofing tools in SharePoint Server 2013. Additionally, this update contains lexical improvements to the English and the Welsh spelling lexicon.<br/><br/></li></ul><br/>This security update also contains fixes for the following nonsecurity issues: <ul class="sbody-free_list"><li>The "Discover and Hold content" feature does not work correctly in SharePoint 2010 if it consumes SharePoint 2013 search applications.<br/></li><li>The <span class="text-base">DocumentSetTemplate</span> functionality does not work by using the Client Side Object Model (CSOM) API.<br/></li><li>Content Organizer routes documents that have a modified time in the destination set to server time instead of UTC time.<br/></li><li>Hybrid search fails because the query time-out is 60 seconds in SharePoint 2013.<br/></li><li>You cannot view PDF files from search results by using Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, or Internet Explorer 11.<br/></li><li>URLs that contain special characters (such as "é", "è", or "ç") cannot be deleted from Authoritative pages.<br/></li><li>When you try to crawl and index an .xml file that has an encoding declaration in the XML declaration, the process fails and you receive an "Invalid XML stream" error.<br/></li><li>When you try to create a publishing sub-site, you receive a "Forbidden" error even if you have full control permission.<br/></li><li>Date refiners have the incorrect translation for French.<br/></li></ul></div><h2>Summary</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS15-022. Learn more about how to obtain the fixes included in this security bulletin: <ul class="sbody-free_list"><li>For individual, small business, and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see <a href="" id="kb-link-1" target="_self">Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br/></li><li>For IT professionals, see <a href="" id="kb-link-2" target="_self">Microsoft Security Bulletin MS15-022</a> on the Security TechCenter website.</li></ul></div><h2></h2><div class="kb-summary-section section"><h3 class="sbody-h3">How to obtain help and support for this security update</h3>Help installing updates: <a href="" id="kb-link-3" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href="" id="kb-link-4" target="_self">TechNet Security support and troubleshooting</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href="" id="kb-link-5" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href="" id="kb-link-6" target="_self">International support</a></div><h2></h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">More information about this security update</h3><span class="text-base">Note</span> After you install this security update on all SharePoint servers and SharePoint services, you have to run the PSconfig tool to complete the installation. <br/><br/></div><h2></h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">Download information</h3>This update is available for download from the Microsoft Download Center.<div class="indent"><a href="" id="kb-link-7" target="_self">Download Microsoft SharePoint Enterprise Server 2013</a></div><br/></div><h2></h2><div class="kb-moreinformation-section section"><h4 class="sbody-h4">Prerequisites to apply this security update</h4>To apply this security update, you must have the release version or <a href="" id="kb-link-9">Service Pack 1 </a> for SharePoint Server 2013 installed on the computer.<br/><br/></div><h2></h2><div class="kb-moreinformation-section section"><h4 class="sbody-h4">Restart information</h4>You may have to restart the computer after you install this security update.<br/><br/>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart the computer.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.<br/><br/>Learn about <a href="" id="kb-link-10">why you may be prompted to restart your computer </a> after you install a security update on a Windows-based computer.</div><h2></h2><div class="kb-moreinformation-section section"><h4 class="sbody-h4">Removal information</h4>This security update cannot be removed.</div><h2></h2><div class="kb-moreinformation-section section"><h4 class="sbody-h4">Security update replacement information</h4>This security update replaces <a href="" id="kb-link-11" target="_self">update 2863829</a>.<br/><br/></div><h2></h2><div class="kb-moreinformation-section section"><h4 class="sbody-h4">File information</h4>For a list of the files that are provided in this update 2956153, download the <a href=" attributes tables for security update 2956153.csv" id="kb-link-12" target="_self">file information for update 2956153</a>.<br/></div></body></html>