MS16-004: Description of the security update for SharePoint Foundation 2013: January 12, 2016

Summary
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-004.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft SharePoint Foundation 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article 3124585.

Improvements and fixes

  • Adds a function to set the SPWeb.RequestAccessEmail property by using a client-side object model (CSOM).
  • This update also contains fixes for the following nonsecurity issues:
    • When you check permissions, incorrect permissions are reported based on group memberships across trusted domain boundaries. Therefore, external token isn't populated with security groups of trusted domains.
    • If a SQL Server Report Viewer Web Part is created before Service Pack 1, a page that contains the Report Viewer Web Part can't be loaded, and you receive the following error message:
      You must first select a report to display in this Web Part. Do this by opening the tool pane and specifying the path and file name of the Reporting Services report that you would like to show. Alternatively, you can connect the Web Part to another Web Part on the page that provides a document path.
    • After you create a view in a publishing sub site, the view is displayed in the datasheet view. Meanwhile, you receive the following error message:
      The list is displayed in Standard view. It cannot be displayed in Datasheet view for one or more of the following reasons: A datasheet component compatible with Microsoft SharePoint Foundation is not installed, your browser does not support ActiveX controls, a component is not properly configured for 32-bit or 64-bit support, or support for ActiveX controls is disabled.
    • When you select the Save button multiple times on the ribbon to add an item to a list, the item is added multiple times.
    • When you try to update the configuration database for the host-named site collections by using the SPContentDatabase.RefreshSitesInConfigurationDatabase method, the sites become unavailable if the site collections are set in separate content databases from the root site collection.
    • Assume that you have a site collection that has the document ID feature enabled or a Url field that points to a resource within the site collection. Then, you check out a document and move the content database of the site collection to another web application. After you check in the document, the URL of the document points to the old site.
More information

Known issues in this security update

  • SharePoint Lists stop working

    Symptom
    After you install this security update, SharePoint list views stop working.

    Cause
    This security update contains a code change which requires an update to both localized and non-localized files of the SharePoint foundation component. Localized and non-localized files are installed through two different MSP files, and the security update package does not include the localized MSP file.

    Workaround
    To work around this issue, install update 3114508 for SharePoint Foundation 2013. Update 3114508 contains the required localized MSP file. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    3114508 January 12, 2016, update for SharePoint Foundation 2013 (KB3114508)
    Or, you can install the full server package of January 2016 CU for SharePoint 2013 which also includes the required localized MSP file.

    More Information
    For more information, visit the following Microsoft webpage:
How to obtain and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
More information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base Article KB 3124585.

Security update replacement information

This security update replaces previously released update KB3085582.

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2
sts2013-kb3114503-fullfile-x64-glb.exeE9FEA63670C4BB0BFEBF529382D17747B9BADBACF5E14A14F489C57DBAD20C282EE1B7FA7E42AF10D7384B28B1ECE8EBD5DFC4B6

File information

For a list of the files that are provided in this cumulative update KB3114503, download the file information for update KB3114503.

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
Properties

Article ID: 3114503 - Last Review: 07/15/2016 08:30:00 - Revision: 3.0

Microsoft SharePoint Foundation 2013 Service Pack 1

  • kbbug kbfix kbsurveynew kbexpertiseinter kbsecbulletin kbsecvulnerability atdownload kbsecurity KB3114503
Feedback