Forum Discussion
Where can a list be found of all security updates in a CU
We are patching SharePoint 2013 SP1 to the July 9th CU. We have a very specific number of security patches that need to be addressed. However, we cannot find any proof either on the server or in the ...
As SharePoint CUs do not record installation of specific non-CU fixes (e.g. an August 2019 CU won't report that a security fix from July 2019 has been installed), you will need to compare the binary versions that the security update would have applied. So if a security fix from July 2019 includes Microsoft.SharePoint.dll version 15.0.5nnnn.nnnn and you have the August 2019 CU that installed Microsoft.SharePoint.dll version 15.0.5xxxx.xxxx, then you know you have the security fix in place. But as the CUs are cumulative, as long as you have a a CU from the same or successive month installed, you know it includes those fixes.
Or tell the vendor performing the scan that their software is inadequate and needs to stop looking at the registry as 'proof' that any patch for any product has been installed.
Binary comparisons are the only accurate way to do this, but also the most difficult.
You could also raise a case with Microsoft who can explain the above to your security team/vendor performing the scan about how SharePoint updates are packaged.
Or tell the vendor performing the scan that their software is inadequate and needs to stop looking at the registry as 'proof' that any patch for any product has been installed.
Binary comparisons are the only accurate way to do this, but also the most difficult.
You could also raise a case with Microsoft who can explain the above to your security team/vendor performing the scan about how SharePoint updates are packaged.