MS14-073: Vulnerability in Microsoft SharePoint Foundation could allow for elevation of privilege: November 11, 2014

<html><body><p>Resolves a vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS14-073. To learn more about this security bulletin:<br /><ul><li>Home users:<br /><div><a href=“https://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“https://update.microsoft.com/microsoftupdate/” target=“_self”>https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“https://technet.microsoft.com/library/security/ms14-073” target=“_self”>https://technet.microsoft.com/library/security/MS14-073</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates:<br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals:<br /><a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2>More Information</h2><div><span>Important</span> After you install this security update on all FAST servers, you must run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage: <br /><a href=“http://technet.microsoft.com/en-us/library/hh285624.aspx#bkmk_installasoftwareupdate” target=“_self”>http://technet.microsoft.com/en-us/library/hh285624.aspx#BKMK_InstallASoftwareUpdate</a><h3>Known issues and more information about this security update</h3>The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.<br /><ul><li><div><a href=“https://support.microsoft.com/en-us/help/2889838”>2889838 </a> MS14-073: Description of the security update for SharePoint Foundation 2010: October 14, 2014</div></li></ul><div><div><div><span><span></span></span><span><span>Security Update Deployment</span></span></div><div><span><div><h4>Microsoft SharePoint Foundation 2010 (all versions)</h4><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For Microsoft SharePoint Foundation 2010 Service Pack 2:<br /><span>wssloc2010-kb2889838-fullfile-x64-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>This security update cannot be removed.</td></tr><tr><td><span>File information</span></td><td>See <a href=“https://support.microsoft.com/help/2889838” target=“_self”>Microsoft Knowledge Base Article 2889838</a></td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div></div><br /></span></div></div></div></div><h2>FILE INFORMATION</h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><td><span>Package Name</span></td><td><span>Package Hash SHA1</span></td><td><span>Package Hash SHA2</span></td></tr><tr><td>wssloc2010-kb2889838-fullfile-x64-glb.exe</td><td>FFBDF48C1FF511D01A311B3D174CB288FA024F20</td><td>4046BC6CECD2684AEF2C28A87F53BD6C4BFAD122A71DEE4DBC2B18443120566D</td></tr></table></div></div><br /></span></div></div></div></div></body></html>