MS14-022 Known Issues

6/4/2014 Update:

As we are seeing Service Pack 1 and post-Service Pack 1 binaries being delivered with MS14-022, and there are fewer known issues with SharePoint 2013 Service Pack 1 farms, I would strongly recommend that SP1 be applied prior to installing MS14-022 or if that is not possible, as soon as possible after applying MS14-022. One of the MS14-022 knowledge base articles has also been updated to note that pre-SP1 farms must also install KB2880963.

Many of the known issues have active support cases open with Product Support Services at Microsoft, but if you’re experiencing one of these issues, opening another one does not hurt. Remember that product bugs (especially issues relating to a security hotfix) may be refundable if PSS and/or the product group can reproduce the bug in their environment. For those customers who have MSDN subscriptions, certain levels of MSDN subscriptions also come with support cases which you can leverage for these types of issues.

9/9/2014 Update:

The double encoding issue is resolved in the SharePoint 2013 September 2014 Cumulative Update. Please use the CU instead of applying the below workaround.

————-

There are a few known issues with the security update, MS14-022 (Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)). Most of these issues have been observed in SharePoint 2013, although some of them may also be present in SharePoint 2010. MS14-022 appears to contain many SP1 and/or post-SP1 binaries.

For SharePoint Server 2013 Pre-SP1 farms:

1) The Office 365 links in Central Administration are now present, unsure of their functionality status.

2) An error appears in the SharePoint Management Shell when it is opened. This has been previously associated with installing Foundation SP1 on Server.

3) A behavior introduced to pre-SP1 farms that the SharePoint Product Group will be producing messaging on (this is both a bug and a behavior change).

For SP1 and Pre-SP1 farms:

1) The April 2014 CU Classic to Claims conversion bug with Convert-SPWebApplication bug is present in MS14-022. (Fixed in the June 2014 Cumulative Update)

2) “%25” is added to the URL when searching within the farm (Content Query Webparts, and elsewhere), otherwise known as the “double encoding” bug. (Workaround provided in this post) – 9/9/2014 – This issue is resolved in the SharePoint 2013 September 2014 Cumulative Update. Please use the CU instead of applying the below workaround.

While this security update is classified as Critical, this is a patch I would run through extended testing in a non-production farm if the production farm is currently not running Service Pack 1.

17 Comments

  1. Trevor – this is really handy. Is it necessary to run the config wizard or psconfig after applying this update to a single Sp2013 dev system?

  2. Trevor – oddly, it did show up in my _admin/PatchStatus.aspx before I ran the Config wizard, but you’re correct, it’s probably best to run the wizard anyway – thx, Chad

  3. We’re seeing #3 on several SP1 farms.

  4. anyone have the solution on this? we are seeing #1 and #2…and its not on a foundation server…

    • cut short earlier… we had the same issue in PQA when we updated to SP1…we re-installed SP1 and PQA is good. I’m trying to see if MS support feels the same way for production.

  5. got a resolution from MS. KB2880963. if you install that it will then allow to run and finish up the config wizard.

  6. How do you fix 3) “%25″ is added to the URL when searching within the farm? It has broken all of the links from search to the mysite pages.

    • For now, you’ll need to wait for a fix to be provided by Microsoft. I would suggest you open up a case with Product Support Services in order to provide a Business Impact Statement to them. This helps the Product Group prioritize fixes. The more voices they hear, the faster something may be resolved.

  7. Amit Lohogaonkar

    Method ‘Upgrade’ in type ‘Microsoft.SharePoint.WorkflowServices.WorkflowServiceApplicationProxy’ from assembly ‘Microsoft.SharePoint.WorkflowServices, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c’ does not have an implementation.
    we are geeting same issue

  8. i am on march update, i didn’t realize i need to install SP1 before MS14-022. I have done MS14-022 and now i just did SP1. Am i suppose to do anything else?

Leave a Reply