MS15-099: Description of the security update for SharePoint Foundation 2013: September 8, 2015

Microsoft SharePoint Foundation 2013 Service Pack 1


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-099.

Note To apply this security update, you must have the release version of Service Pack 1 for SharePoint Foundation 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see KB 3089664 .

Improvements and fixes

This update also contains fixes for the following nonsecurity issues:
  • When you type a space in the people picker to add a user to a SharePoint group for a Microsoft SharePoint Server 2013 site, a specified permission is added to the group unexpectedly. However, you expect the people picker to report no match.
  • When you enable the Metadata Navigation and Filtering feature in a SharePoint Server 2013 site and select a metadata tag in the site, no results are displayed if the number of terms in the navigation is large.
  • When the Windows SharePoint Services Tracing (SPTrace) service is set up to run under a managed account and the managed account password is changed through SharePoint, the service isn't updated to use the new password and doesn't start. Additionally, you may receive an error message that resembles the following:
    Windows could not start the "SharePoint Tracing Service" on Local Computer.
    Error: 1069: The service did not start due to a logon failure.
  • When you try to change the password of a distributed cache account on a SharePoint Server 2013 server, you receive the following error message if the server does not have a distributed cache service instance provisioned:
    Sorry, something went wrong.
    Operation is not valid due to the current state of the object.
  • You can't set connections for a filter web part on a SharePoint Server 2013 site because the Connection Type combo box has no value.
  • When you try to edit a document in a subfolder of a SharePoint Server 2013 document library, you receive the following error message: 
    A problem occurred while connecting to the server. If the problem continue, contact your administrator.
    This issue occurs if you are granted permission to the document by the Shared With function and if the Require Check Out option is enabled for the document library.
  • When you try to use Visio 2013 to check a file in to a SharePoint Server 2013 document library that has required columns, you may receive an error message that resembles the following:
    Internal error: #3400 Action 1787: Check In File.
  • When you open a .pdf file in a SharePoint Server 2013 document library that has the Open in the client application option enabled, the .pdf file is still opened in browser.
  • File name is NULL and IAVFileProperties are empty or invalid in SharePoint VSAPI Scan call for old version documents.
  • When you upload a Microsoft Word 2013 document that has a certain custom property to a document library, the w3wp.exe process crashes.
  • VSAPI doesn't get a subweb relative URL while it downloads the document through explorer view.
  • When you select links in an item of a promoted link list, all links are opened in the same tab even though the launch behavior is set to open links in a new tab.
  • After you change the color of a task bar on project timelines in Project Center, the color of other task bars is changed unexpectedly.
  • When you rest the mouse pointer on documents that are returned on the Search Center site, you can't see a preview of the documents but instead receive the following message:
    To start seeing previews, please log on by opening the document.
    This issue occurs if the Search Center site is located on a web application that uses the Kerberos authentication.
  • Performance and correctness issues in the Windows Azure plugin.

How to obtain and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see KB 3089664 .

Security update replacement information

This security update replaces previously released update KB 3054792 .