Stefan Goßner

Senior Escalation Engineer for SharePoint (WSS, SPS, MOSS, SP2010) and MCMS

Update on September Security Bulletin (MS11-074) and SharePoint 2010 Issues

Update on September Security Bulletin (MS11-074) and SharePoint 2010 Issues

  • Comments 12
  • Likes

Special thanks to my colleague Tehnoon Raza for collecting the following information:

Summary

On September 13, 2011, Microsoft released security bulletin MS11-074 - Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege. The security bulletin had a security rating of Important. Packages released as part of the security bulletin have been targeted at various different Office client and server products. As such, both Microsoft Office SharePoint Server 2007 and Microsoft SharePoint Server 2010 products have also been affected by the security updates. Please review the security bulletin for detailed information about the products and files that have been affected by the packages. Since the security bulletin has a security rating of Important, it is expected that Windows Server Update Services may automatically download the packages on the servers that have the service enabled.  As with all SharePoint updates, the SharePoint Products and Technologies configuration wizard must be executed to ensure that the SharePoint farm is not left in an inconsistent state.  For more information, please review Known issues and additional information about this security update

SharePoint 2010 Issues

A significant number of critical issues have been reported over the past few days for SharePoint 2010.  Installation of the security updates on SharePoint 2010 servers pushed by WSUS could cause the following issues to occur, resulting in a full or partial outage of SharePoint services in the environment.  Both issues are related to missing dependencies.


Issue #1- Users unable to browse Publishing sites

This issue affects the ability of users to browse to and use SharePoint Publishing sites. When browsing to the site, users may experience the following error:

"An Unexpected error has occurred"

Following error is reported in the ULS logs or on the SharePoint page if the "CallStack" attribute of set to "true" in the web.config file:

Method not found: 'Void Microsoft.Office.Server.WebControls.AudienceLoader.GetAudiencesFetchedDuringPageRequest(System.Collections.Generic.Dictionary`2<System.Guid,Boolean> ByRef, System.Collections.Generic.Dictionary`2<System.String,Boolean> ByRef, System.Collections.Generic.Dictionary`2<System.String,Boolean> ByRef)'.


Issue #2- Unable to Manage User Profile Service Application

Administrators may get the following error when navigating to the user profile service application management page from central administration:

System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.ResourceManagement, Version=4.0.2450.34, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.    at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.InitializeIlmClient(String ILMMachineName, Int32 FIMWebClientTimeOut)     at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager..ctor(UserProfileApplicationProxy userProfileApplicationProxy, Guid partitionID)     at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.ProfileAdminPage.IsProfileSynchronizationRunning()    

 

Root Cause

The problem has been caused due to inconsistent assembly versions on the SharePoint servers after the installation of the package KB2560890. Multiple packages were released as part of the security bulletin that affect SharePoint 2010 and all applicable packages must be installed on SharePoint servers to ensure that version inconsistencies are not created in the environment.  However, it has been observed that only KB2560890 was pushed to servers via WSUS, resulting in the SharePoint assemblies being in an inconsistent state and creating dependency issues:

Following is a list of packages that are released as part of the security bulletin and must be installed (where applicable) to avoid inconsistency issues (taken from http://technet.microsoft.com/en-us/security/bulletin/ms11-074 ):

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (osrchwfe)
(KB2494022)

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (osrv)
(KB2560885)

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (pplwfe)
(KB2560890)

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (ppsmawfe)
(KB2566456)

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (dlc)
(KB2566954)

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (ppsmamui)
(KB2566958)

Microsoft Office SharePoint Server 2010 and Microsoft Office SharePoint Server 2010 Service Pack 1 (wosrv)
(KB2566960)

 

Resolution

In order to resolve the issues identified above, please install all applicable updates described in the security bulletin MS11-074 to your SharePoint servers. Once all updates have been installed, please run SharePoint Products and Technologies Configuration Wizard to complete the upgrade process.

Note: Installing Service Pack 1 and August Cumulative Update 2011 also addresses the dependency problems, however, it is highly recommended that all security updated outlined in the security bulletin are deployed to ensure that the SharePoint environment is consistent and secure.

 

Comments
  • Hello Stefan

    i'm an right, are this kb's also right to install on a sharepointfarm2010 non sp1 (CU Dezember 2010)? KB2560890 was comig via vsus if its sp1 or not.

    Grettings Benjamin

  • Hi Benjamin,

    yes it can be installed with and without SP1.

    Cheers,

    Stefan

  • Hi Stefan,

    I have installed all hotfixes on top of SP1 and removed the User Profile Service App, however, when I re-create the User Profiel Service App i receive the following errormessage:

    Method not found: 'Microsoft.SharePoint.Administration.SPIdentifierType Microsoft.SharePoint.Administration.SPAce`1.get_BinaryIdType()'

    Correlation ID: 47cbed14-ee96-4b3d-9c0b-ddb404cd15e3

    Is this an known issue?

    Cheers, René

  • Hi René,

    I haven't heard about this specific issue.

    My recommendation would be to open a support case to get this analyzed.

    Cheers,

    Stefan

  • Hi Stefan,

    In our case the "KB2560890" wasn't the actual problem but it was some of the other september SP related patches. Don't know yet which KB so let's see what is the final problem cause after largest fire has been taken out.

  • Hi Stefan,

    Just to let you know I solved my issue.

    After applying SP1 and CU August the problem was solved, so apparently to solve this issue you should install SP1 and CU of August.

    Cheers, René

  • Hi René,

    thanks for the Update!

    Cheers,

    Stefan

  • Hi,

    I am planning to upgrade my pre-SP1 farm to the actual release. What do I have to install now?

    1) SP 1 for SharePoint Foundation

    2) SP 1 for Office Server

    3) CU June for SharePoint Foundation

    4) CU June for Office Server

    5) MS11-074 hotfixes

    6) CU August for SharePoint Foundation

    7) CU August for Office Server

    8) run wizzard or psconfig

    Thank you for an advice....

    Kind regards

    Till

  • Hi Till,

    1) SP 1 for SharePoint Foundation

    2) SP 1 for Office Server

    3) SP1 for all SPF and Office Server language packs

    4) CU August for Office Server (includes SPF CU and includes the security fix)

    5) run wizzard or psconfig

    Cheers,

    Stefan

  • I'm desapointed about all the problems caused by the SP1 and the CU or Windows Update.

    Stephan about your last answer, do you mean that I dont have to install ALL the CU (June and August) but only the last CU ?

    Thanks for help

    EtienneL

  • Hi EtienneL,

    the last CU is always enough. Thats why it is a cumulative update. Cumulative means it contains all the previous updates.

    Cheers,

    Stefan

  • Thanks Stephan.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment