MS15-036: Description of the security update for Project Server 2010: April 14, 2015

Applies to: Project Server 2010Microsoft Project Server 2010 Service Pack 2


This update resolves vulnerabilities that could allow elevation of privilege if an attacker sends a specially crafted request to an affected Microsoft Project Server 2010. The attacker who successfully exploited these vulnerabilities could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim's identity to take actions on behalf of the victim, such as change permissions, delete content, and insert malicious content in the victim’s browser.


 Microsoft has released security bulletin MS15-036. Learn more about how to obtain the fixes that are included in this security bulletin: 

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Download information

This update is available for download from the Microsoft Download Center.

Restart information

You may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you will receive a message that advises you to restart the computer.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.

Learn about why you may be prompted to restart your computer after you install a security update on a Windows-based computer.

Prerequisites to install this security update

To install this security update, you must have the release version or Service Pack 2 for Project Server 2010 installed on the computer.

Removal information

This security update cannot be removed.

Security update replacement information

This security update replaces update 2863922.