MS16-015: Description of the security update for SharePoint Foundation 2013: February 9, 2016

Microsoft SharePoint Foundation 2013 Service Pack 1


This security update resolves vulnerabilities in Microsoft SharePoint that could allow escalation of privilege if a user browses to a malicious website. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-015.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft SharePoint Foundation 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB3134226.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues:
  • After you migrate from classic-mode to claims-based authentication in SharePoint Server 2013, you can't access the Author property for a document. Instead, you receive a "User Not Found" exception message.
  • When you start a crawl for some content that contains links, the crawl fails because of the number of links. After multiple failures, the content is deleted unexpectedly. After this update is applied, you can set the maximum number of links to be sent to the index during a crawl.
  • After you restore host header–named site collections in SharePoint Server 2013, the site URLs of nondefault zones don't take the site URL configuration of the destination web application into consideration.
  • When you create a Visual Studio workflow and use the WaitForItemEvent activity against an item, the items ID is ignored.
  • Screen readers can't read document types in a document library.
  • When you insert a multicolumn, a multi-row, or a text field type into a new SharePoint page, an additional column is created, and the text in the column is shifted incorrectly.
  • Screen readers can't read or access information panels in SharePoint Server 2013.
  • You can't define a default value for a person or group field of a document set. The value is supposed to appear whenever a new item is created.
  • If the claim map cache fills up in SharePoint Server 2013, a race condition occurs that causes a poor user experience.
  • After you delete a SharePoint group from a site, the SQL database may be locked. When the SQL database is locked, farm availability issues occur.
  • Assume that you apply a SharePoint theme to a sub site. Then, if you add an application to the sub site, the theme isn't applied to the application correctly.
  • If you start a crawl of a content source, the mssearch.exe process causes high CPU usage.
  • If you apply more than one filter to a subtask, the parent task is filtered out and no longer displayed.
  • Assume that you create a page on a site that has the SharePoint Server Publishing feature enabled. When you preview the page URL, dashes instead of spaces are displayed in the URL.
  • The storage size of a site collection is decreased more than the original value when recycle bin items are deleted.
  • When you try to check in a file that is in a list but not in a document library, you receive the following error message:
    The object specified does not belong to a list.
  • After you install security update 3114503 (MS16-004), you can't view items in custom lists. Instead, you receive the following error message: 
    TypeError: Unable to get property 'replace' of undefined or null reference.

How to obtain and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.  

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3134226.

Security update replacement information

This security update replaces previously released security update KB3114503.

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2