Hi,
is this fix in the December CU?
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443
Regards,
Julian
↧
Comment on December 2019 CU for SharePoint 2013 product family is available for download by Julian
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Dan
Hi Stefan, SharePoint Server 2013 is not affected, only SharePoint Foundation 2013, so a SharePoint Server 2013 Farm doesn’t need to be fixed, right?
↧
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Stefan Goßner
Hi Daniel,
that’s not correct. SharePoint foundation is an integral part of SharePoint server. All SharePoint foundation security fixes apply also to SharePoint server.
Cheers,
Stefan
↧
Comment on December 2019 CU for SharePoint 2013 product family is available for download by Stefan Goßner
The fix is as well in November CU and in December CU.
Cheers,
Stefan
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Karthikeyan Parasuraman
Hi Stefan, We applied the November CU already in all our farms (SP 2013,2016 & 2019). The KB’s mentioned in the below article points to the November CU only. What’s the action we need to take now ?
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1491
↧
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Stefan Goßner
Hi Karthikeyan,
none. As you can read for yourself in the “Revisions” section of the CVE:
“…This is an informational change only. Customers who have successfully installed the applicable updates do not need to take any further action…”
Cheers,
Stefan
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Henry
Hi Stefan,
For this CVE-2019-1491 vulnerability.
https://www.us-cert.gov/ncas/current-activity/2019/12/18/microsoft-releases-information-cve-2019-1491
If we apply SharePoint 2016 November 2019 CU (KB 4484147), then it should cover the this vulnerability
Can you confirm?
Thanks as always
Henry
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Stefan Goßner
Hi Henry,
that is NOT correct. You need to apply the language independent fix from November CU for this specific issue:
https://support.microsoft.com/help/4484143
You can see this info in the in the CVE article:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1491
Thanks,
Stefan
↧
Comment on December 2019 CU for SharePoint 2010 product family is available for download by Henry
Hi Stefan,
Does December 2019 CU for SP2010 include the fix for search mentioned in here?
https://blog.stefan-gossner.com/2019/11/12/november-2019-cu-for-sharepoint-2010-product-family-is-available-for-download/
We want to apply the fix for this vulnerability “CVE-2019-1491” and we want to make sure it does break the search.
Thanks
Henry
↧
↧
Comment on SharePoint security fixes released with December 2019 PU and offered through Microsoft Update by Henry
Thanks Stefan as always.
↧
Comment on Heads-Up: Info on unsupported .NET framework versions (e.g. in SharePoint environments) by Shashank
Two questions:
1) My SP2013 farm is at 4.5.1 but 1 server in the farm is at 4.6.1. We want to make all servers
to 4.6.1. Can you send me the link to download 4.6.1 ?
2) Can I just run the file which you will send in above reply and no need to uninstall the
previous 4.5.1. Also will the new .net installation not affect the existing SP farm?
↧
Comment on Heads-Up: Info on unsupported .NET framework versions (e.g. in SharePoint environments) by Stefan Goßner
You can find it here:
https://www.microsoft.com/de-de/download/details.aspx?id=49982
Just install it.
↧
Comment on SharePoint security fixes released with November 2019 PU and offered through Microsoft Update by David
Hi,
I recently took over administration for a SharePoint 2013 farm, it hasn’t been patched since the May 2015 update.
I was told the update for KB 4484157 was a high priority but bringing the server up to the latest patch level wasn’t.
I installed the patch onto the 2 SharePoint servers, that went fine.
When I ran the config wizard I got the error message: „…Some farm products and patches were not detected…“ in the config wizard, it noted KB4484157 as the missing patch and listed both servers as missing that patch.
I ran the „Get-SPProduct -Local“ command, recycled the app pools, restarted the server…etc (on both servers) but the message keeps appearing in the config wizard.
Looking at the „Manage Patch Status“ page in central admin I see 2 entries for the same patch, one with „Installed“ against it and one with „Missing/Required“ against it:
Security Update for Microsoft SharePoint Foundation 2013 (KB4484157) 64-Bit Edition 15.0.5189.1000 Missing/Required
Security Update for Microsoft SharePoint Foundation 2013 (KB4484157) 64-Bit Edition 15.0.5189.1000 Installed
I have two questions:
1. What is going on here?
2. Can I just run a PSConfig.exe command to force the config to run without checking that the patches have been installed on each server.
↧
↧
Comment on December 2018 CU for SharePoint 2013 product family is available for download by Mayank Garg
Hey Paul D,<br />
In my case the December 2018 CU included a security update in which all „All existing Search Results Web Parts are automatically switched to use asynchronous loading.“ I used a Powershell snippet to retain the previous behavior for impacted pages.<br />
Hope this helps.
Thanks,<br />
Mayank
↧
Comment on November 2019 CU for SharePoint 2013 product family is available for download by Manoj
Did you get chance to install November 2019 CU for SharePoint 2013 ? was there any regression reported, noticed ?
↧
Comment on SharePoint security fixes released with November 2019 PU and offered through Microsoft Update by Stefan Goßner
Hi David, in this case you should open a ticket with Microsoft support to analyze this. You should not bypass the install check as this can cause serious trouble if there is a mismatch.
↧
Comment on February 2019 CU for SharePoint 2013 product family is available for download by Stefan Goßner
Hi Gregory,
in this case I would suggest to open a support case with Microsoft to get this analyzed.
Cheers,
Stefan
↧
↧
Comment on March 2019 CU for SharePoint 2013 product family is available for download by Henning Eiben
I think he is refering to the problems caused by the September 2018 .Net security update (https://devblogs.microsoft.com/dotnet/net-framework-september-2018-security-and-quality-rollup/), which have already been resolved with the November 2018 CU (https://support.microsoft.com/en-us/help/4461511/description-of-the-security-update-for-sharepoint-foundation-2013).
So to the original question: as the updates are cumulative, this should be resolved when applying this CU.
↧
Comment on March 2019 CU for SharePoint 2013 product family is available for download by Chander M. Bhardwaj
Hi Stefan,
I found your blogs helpful. i have one question for you.
Does this patch addresses the SharePoint designer Workflow issues that have been occurring after march 2019 patch?
Regards,
Chander
↧
Comment on January 2018 CU for SharePoint 2013 product family is available for download by Mikhail Zhuikov
Thanks 🙂
↧