Cumulative Update – Fixes June 2015 SharePoint 2010 (201506-SP2010)

Its hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Some call it regurgitating what’s already out there… but good luck finding it in Google search! Some updates aren’t cumulative . Hope this blog posts help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

Name: June 2015 Cumulative Update for SharePoint 2010

Build: 14.0.7151.5001

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

SharePoint Foundation 2010 fixes

This security update contains fixes for the following nonsecurity issues:

When you click a user name if multiple matches are found for a people field on a SharePoint Server 2013 site in Internet Explorer 11, the matches are not displayed.

You cannot scroll to see the resources on the right-side grid of the build team page if there are many resources.

Pasted from <https://support.microsoft.com/en-us/kb/3054847>

Security Updates in June 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-046 (rereleased)

Multiple Microsoft Office Memory Corruption Vulnerabilities – CVE-2015-1682

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Source: https://technet.microsoft.com/library/security/MS15-046

SharePoint Server 2010 fixes (includes the above fixes)

This update improves the English proofing tools.

Source: https://support.microsoft.com/en-us/kb/3054874

Security Updates in June 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046 (re-released!)

IMPORTANT UPDATE:

V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181 for more information and download links.

Vulnerability information:

See https://technet.microsoft.com/library/security/MS15-046

Project Server 2010 (includes the above fixes)

This update fixes the following issue:

When you try to edit a resource in Project Web App, you receive an unknown error that resembles the following in the ULS logs:

Exception occurred in method Microsoft.Office.Project.Server.BusinessLayer.Project.ProjectQueueUpdatePDPProjectCF System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object ‘MSP_ReadLocalAndEnterpriseLookupTableInfoByUIDs’, database ‘ProjectServer_Published_PWA’, schema ‘dbo’.

Source: https://support.microsoft.com/en-us/kb/3054887