Description of the security update for Project Server 2013: June 13, 2017

Applies to: Project Server 2013

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8551.

Note To apply this security update, you must have the release version of Microsoft Project Server 2013 Service Pack 1 installed on the computer.

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues:

  • Assume that you go to the Project Center page in the Project Web app and select many projects. When you click the Open In Microsoft Project option, nothing seems to occur, and the expected master project isn't created in Project Professional. If you select more projects than can be used to create a master project through this method, you receive a message that resembles the following:

    Your selection exceeds the limit for the number of projects we can open at a time from Project Web App. We created a master project with the supported number of projects. You can then add additional projects by going through Insert Subproject.

  • An auditing capability is added to determine when and who changes the "Only allow tasks updates via Tasks and Timesheets" and tracking method Task Settings and Display server settings. When changes are made on the Task Settings and Display page, details are written to the ULS logs under the Project Server Administration category and resemble the following:

    PWA:http://server/PWA, ServiceApp:Project Service Application, User:i:0#.w|domain\user, PSI: WS_ADMIN setting WADMIN_PROTECT_ACTUALS changed. New Value: 0. Old Value: 1. Resource Id: xxx

    PWA:http://server/PWA, ServiceApp:Project Service Application, User:i:0#.w|domain\user, PSI: WS_ADMIN setting WADMIN_DEFAULT_TRACKING_METHOD changed. New Value: 1. Old Value: 2. Resource Id: xxx

  • This update also fixes the following issues:
     
    • Consider the following scenario:
       
      • You have a series of tasks that are linked.
      • Because of the way that the tasks are scheduled, the successor tasks don't necessarily start and finish at the day boundaries. For example, tasks start at 8:00 A.M. and finish at 5:00 P.M.
      • A resource is assigned to the tasks, and the tasks are published.
      • The resource completes the work on the tasks by entering all actual work on a given date, and then sends the status update to the project manager for approval.
      • The project manager approves the updates.
      In this scenario, the start date of the given tasks may differ from what you expect. For example, the start time is displayed as 9:10 A.M. in one case and as 8:00 A.M. in a different case. This issue occurs because the order in which the status updates are applied isn't consistent.
    • Consider the following scenario:

      • A project manager publishes a task to a team member.

      • The team member in either a timesheet or in tasks within the Project Web app reports work that's earlier than what was scheduled. For example, 8 hours of work was scheduled on Wednesday, but 8 hours of actual work was reported and submitted for Monday.

      • The status manager approves the update.

      • The team member zeros out the actual work and moves it to a later date.

      • The status manager approves the update.

      • The project is opened in Project Server.

      In this scenario, the task's actual start date still reflects the earlier update instead of the new update in which the actual start date is later.
    • When a Project server is processing a very large number of timesheets, the Reporting (Timesheet Save) jobs may fail. In the ULS logs, you may see an error message that resembles the following:

    • After you close a project resource plan, the resource plan isn't check in.

    • The performance of the Approval Center PWA page is poor. This issue occurs after you install the January 12, 2016, update for Project Server 2013 (KB3114507).

    • User generated (ad hoc) custom filters that are applied to PWA views don't display data values. For example, you open a custom filter dialog box in Project Center to add a filter on a date column. After you save, close, and then reopen the dialog box, the date that you set isn't displayed.

    • When you submit a status update, task-level baseline data disappears from the Tasks view for the given task assignments.

    • Server-side defined timesheet view grouping doesn't work together with custom fields.

To fix the following issue, install June 13, 2017, update for SharePoint Foundation 2013 (KB3203398).

When you add new tasks to a project while editing a project in PWA, formulas that use the Now() or CurrentDate() function don't calculate the correct result. 

How to get and install the update


Method 1: Microsoft Update

Method 2: Microsoft Update Catalog

Method 3: Microsoft Download Center

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: June 13, 2017.

Security update replacement information

This security update does not replace any previously released update.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
pjsrvloc2013-kb3203399-fullfile-x64-glb.exe 4775E946D5571AFF63846EA44CAC19D86EF26EB7 DC923CA48AC059F1144A58A8204593C53B8AAE12AF3F12113A045D88116AC8FC

File information

How to get help and support for this security update


Help for installing updates: Windows Update FAQ

Security solutions for IT professionals:
TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware:
Microsoft Secure

Local support according to your country:
International Support

Propose a feature or provide feedback on Office Core: Office User Voice portal