cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Where can a list be found of all security updates in a CU

JSAUS
Copper Contributor

‎Aug 21 2019 03:40 PM - edited ‎Aug 21 2019 04:08 PM

‎Aug 21 2019 03:40 PM - edited ‎Aug 21 2019 04:08 PM

Where can a list be found of all security updates in a CU

We are patching SharePoint 2013 SP1 to the July 9th CU. We have a very specific number of security patches that need to be addressed. However, we cannot find any proof either on the server or in the microsoft documentation that these patches are applied.

Can you please point to the documenation where it specifically states that the following updates are in fact applied:

 

4462202 Security Update
4462143 Security Update
Feb 2019 SharePoint Server Update
4462139

 

Non of these are listed in either SharePoint, Microsoft Updates or System Information.


The current farm config DB is: 15.0.5153.1000

 

We note that the kb article does state that "Because the builds are cumulative, each new release contains all the hotfixes and security updates that were included with the previous Microsoft SharePoint Enterprise Server 2013 update package releases."

But we need evidence, that the patches are indeed installed.

 

Thanks for you help!

1,472 Views
0 Likes
2 Replies
Reply
2 Replies
Vikram_Samal

‎Aug 28 2019 11:04 AM

‎Aug 28 2019 11:04 AM

Re: Where can a list be found of all security updates in a CU

@JSAUS I amafraid this is the best we can get :( Cumulative update packages for Microsoft SharePoint Foundation 2013 contain hotfixes for the issues that were fixed since the release of SharePoint Foundation 2013.

I think that's more than a validation as product for adding the past hot fixes as well.

0 Likes
Reply
Trevor Seward

‎Aug 28 2019 03:34 PM

‎Aug 28 2019 03:34 PM

Re: Where can a list be found of all security updates in a CU

As SharePoint CUs do not record installation of specific non-CU fixes (e.g. an August 2019 CU won't report that a security fix from July 2019 has been installed), you will need to compare the binary versions that the security update would have applied. So if a security fix from July 2019 includes Microsoft.SharePoint.dll version 15.0.5nnnn.nnnn and you have the August 2019 CU that installed Microsoft.SharePoint.dll version 15.0.5xxxx.xxxx, then you know you have the security fix in place. But as the CUs are cumulative, as long as you have a a CU from the same or successive month installed, you know it includes those fixes.

Or tell the vendor performing the scan that their software is inadequate and needs to stop looking at the registry as 'proof' that any patch for any product has been installed.

Binary comparisons are the only accurate way to do this, but also the most difficult.

You could also raise a case with Microsoft who can explain the above to your security team/vendor performing the scan about how SharePoint updates are packaged.
0 Likes
Reply