SharePoint Server 2013 Important Security Update: Vulnerability in SharePoint Could Allow Information Disclosure
April 10, 2013
0 Comments
Microsoft released today an Important Security Update for SharePoint 2013. However, be careful with the details!
Executive Summary
This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site’s authentication requests to exploit this vulnerability.
This security update is rated Important for all supported editions of Microsoft SharePoint Server 2013. For more information, see the subsection, Affected and Non-Affected Software, in this section.
However:
Known issue with this security update
- This security update requires prior installation of the SharePoint and Project Server 2013 cumulative update package that was released on the Microsoft Download Center on March 12, 2013, and on Microsoft Update on April 9, 2013. This package contains the cumulative updates for both the SharePoint and Project 2013 applications, and it is available from the Microsoft Download Center and from Microsoft Update.
So before you try to install this security patch, make you you install the SharePoint Server 2013 March Cumulative Update!
I guess when Microsoft released the March 2013 CU, they were serious when they said :
Due to a change in the package configuration introduced after SharePoint 2013 RTM the March Public update is a mandatory requirement in order to install subsequent SharePoint Updates
So, patch your SharePoint 2013’s to the latest CU and install this security pack. But be careful if you do it in production, as the March CU might take hours to complete, and this security patch might require a reboot!
By the way, the Great SharePoint Survey by SharePoint-Community.net is now open and we would love to hear what you think about the new features in SharePoint 2013! Furthermore, three random persons that filled the survey will win a free O’Reilly e-book of your choice! Check out the Great SharePoint Survey 2013 here.
Leave a comment and don’t forget to like us on Facebook here and to follow me on Google+ here and on Twitter here for the latest news and technical articles on SharePoint. Also, don’t forget to check the SharePoint Community Partners list for other great SharePoint Sites, and vote for my blog if you like my content!
