Skip Ribbon Commands
Skip to main content

Quick Launch

Todd Klindt's home page > Todd Klindt's SharePoint Admin Blog > Posts > Security Patch MS16-004 (KB3124585) Breaks SharePoint 2013
January 14
Security Patch MS16-004 (KB3124585) Breaks SharePoint 2013

1/15/2016 – See Update at the bottom of this post. I’d tell you now, but I don’t want to spoil it.

In this scary world of hoverboards bursting into flames, one can never let their guard down. SharePoint security is no exception. This month’s Patch Tuesday (a big event in the Klindt household, even bigger than “liver and onions night”) has a security patch for Office and SharePoint, MS16-004 (KB3124585). It patches a nasty remote code execution bug, which I don’t have to tell you is bad. It’s even worse than missing “liver and onions night.” Security patches inherently have a sense of urgency around them, so sometimes they are published with a few, shall we say, rough edges. MS16-014 has that distinct honor.

It wasn’t too long after the patches were pushed out that people started noticing problems. Their tales of woe popped up on the TechNet forums and StackExchange. It seems people that installed KB3124585 from Windows Update, but did not install the full January 2016 SharePoint CU are having problems. A little over a year ago I published a blog post, “Don’t Enable Automatic Updates on SharePoint Servers” where I, obviously, recommended not having Windows Update automatically update your SharePoint servers, for SharePoint or Windows. This situation is exactly why. Not only does this patch break SharePoint, it cannot be uninstalled. No “get out of jail free” card to be had.

In this case, there appears to be an easy fix. From the posts in the threads referenced above, if you install the January 2016 CU for SharePoint Foundation the problem goes away. Now, of course, that puts you in the uncomfortable spot of installing a CU right after it comes out, and we all know what kind of fun that can lead to. In this case though, you don’t have many options. Cross your fingers, say your prayers, maybe help some little old ladies across the street, then double-click that EXE and hope for the best.

Good luck with all your patching. Post to either of those threads, or leave a comment here if your experience is different than what I’ve blogged.

tk

1/15/2016 – Update

On his blog, Stefan Goßner offered a workaround for this bug. We know that installing the January 2016 CU fixes the issue. Stefan provides the individual patch from the Foundation CU that fixes it. If you install patch KB3114508 (download) on all of your servers, and run the Config Wizard, you should be good to go. This is a SharePoint patch, so like MS16-004 it cannot be uninstalled. You should test it as much as you can before you install it on your farm.

ShortURL: http://www.toddklindt.com/SadSPMS16014

Comments

Excel Services unstable after Jan 2016 CU

My client ran into the issue brought on by KB3124585 and we resolbed it by applying Jan 2016 CU.  Then much like what I can only imagine "liver and onions night" was like, things went awry.  :)

The client runs all SSA's inside one least privileged application pool.  When an Excel services web part is updated it causes the app pool to crash.  When Excel services was removed the farm was then stable again.  Luckily business doesnt really use Excel services much, so the impact is minimal.

I wonder if Microsoft knows this is happening?
 on 1/15/2016 9:30 PM

Re: Excel Services unstable after Jan 2016 CU

That is a sad story. Thanks for the heads up. I haven't heard anything official from Microsoft about this bug, so you might be the first one. If you have a support agreement with Microsoft, I encourage you to call them and log this. If they can reproduce it I don't believe you'll be charged for the case. If they can reproduce it, then they'll know they need to fix it. Nobody of consequence (except you, of course :) ) reads my blog, so they won't see it here.

If you blog this, ping me and I'll add it to my wiki.

tk
Todd O. KlindtNo presence information on 1/15/2016 10:02 PM

Does it affect SP2010 as well?

Does it affect SP2010 farm?
 on 1/18/2016 12:34 AM

Misleading title let this one get through

We dealt with this issue this week.  One thing our patch management team noticed (in their defense since we too have a 'No SharePoint updates via Windows Update policy) is that this hotfix had a misleading title of KB3114503 MS16-004 Office 2013 Security Update (Important) High Priority that did not indicate it was actually for SharePoint.

Words matter, I guess. 
 on 1/19/2016 2:33 PM

FIM Fails after KB3114508

KB3114503 was mistakenly applied to our QA and Prod environments last night. Only QA appears to be having issues at the  moment. Our QA had an update from November 2015 applied that our Prod environment didn't have. A single workflow task list was throwing a TypeError for each record. After applying KB3114508 the  error went away. However I noticed that User Profile failed today, beginning around 7AM, with:

ID 6398
The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID a0b4af2a-1736-4129-a39a-56a8fc36d8d3) threw an exception.

Operation is not valid due to the current state of the object.

Both FIM and Sync were in a disabled state in the Services.msc.
I started FIM in Services as an The SP Install account. Verified FarmADmin had local admin and log on locally. Then went to Services on Server in CA and attempted to start the Sync service. It reverted to Stopped after 'starting' for a bit and both services were back to disabled.

Right after the config wizard finished running early this morning (1AM) the follwoing 3 events began showing up (unnoticed at the time) until arounf 7:00 AM when they for some reason stopped.


First ID 6398 from Sharepoint Foundation at 12:45 AM:
The Execute method of job definition Microsoft.SharePoint.Administration.SPProductVersionJobDefinition (ID d00ca401-9a50-4273-af31-7457304f654e) threw an exception. More information is included below.

Collection was modified; enumeration operation may not execute.

Then 10010 from DistributedCOM at 12:46:
The server {835BEE60-8731-4159-8BFF-941301D76D05} did not register with DCOM within the required timeout.

Then 6398 from SP Foundation at 12:46:
The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID a0b4af2a-1736-4129-a39a-56a8fc36d8d3) threw an exception. More information is included below.
Generic failure


ID 6324 from FIMSynchronization Service at 12:46AM:
The server encountered an unexpected error and stopped.
 
"BAIL: MMS(6428): sql.cpp(252): 0x80004005 (Unspecified error)
BAIL: MMS(6428): storeimp.cpp(234): 0x80004005 (Unspecified error)
ERR: MMS(6428): server.cpp(373): Failed to connect to the database Sync DB on QADB
BAIL: MMS(6428): server.cpp(374): 0x80004005 (Unspecified error)
BAIL: MMS(6428): server.cpp(3860): 0x80004005 (Unspecified error)
BAIL: MMS(6428): service.cpp(1539): 0x80004005 (Unspecified error)
ERR: MMS(6428): service.cpp(988): Error creating com objects. Error code: -2147467259. This is retry number 0.
BAIL: MMS(6428): clrhost.cpp(283): 0x80131022
BAIL: MMS(6428): scriptmanagerimpl.cpp(7670): 0x80131022
BAIL: MMS(6428): server.cpp(251): 0x80131022
BAIL: MMS(6428): server.cpp(3860): 0x80131022
BAIL: MMS(6428): service.cpp(1539): 0x80131022
ERR: MMS(6428): service.cpp(988): Error creating com objects. Error code: -2146234334. This is retry number 1.
BAIL: MMS(6428): clrhost.cpp(283): 0x80131022
BAIL: MMS(6428): scriptmanagerimpl.cpp(7670): 0x80131022
BAIL: MMS(6428): server.cpp(251): 0x80131022
BAIL: MMS(6428): server.cpp(3860): 0x80131022
BAIL: MMS(6428): service.cpp(1539): 0x80131022
ERR: MMS(6428): service.cpp(988): Error creating com objects. Error code: -2146234334. This is retry number 2.
BAIL: MMS(6428): clrhost.cpp(283): 0x80131022
BAIL: MMS(6428): scriptmanagerimpl.cpp(7670): 0x80131022
BAIL: MMS(6428): server.cpp(251): 0x80131022
BAIL: MMS(6428): server.cpp(3860): 0x80131022
BAIL: MMS(6428): service.cpp(1539): 0x80131022
ERR: MMS(6428): service.cpp(988): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(6428): service.cpp(1002): 0x80131022
Forefront Identity Manager 4.0.2450.51"

Then ID 7024 from Service COntrol Manager at 12:46AM:
The Forefront Identity Manager Synchronization Service service terminated with the following service-specific error:
%%2148732962

These repeated about every 3 minutes until around 7AM as mentioned above. I'm now troubleshooting these errors.
I'm not sure if this is related tot he patch or not but it definitely started after running psconfig.
 on 1/19/2016 4:31 PM

SharePoint 2016 CU breaking Excel Services

My initial report of this breaking excel services was a false alarm.  Because excel services was not functioning after the Jan 2016 CU, but this was resolved by running Initialize-SPResourceSecurity.

So, if it happens to you after running in the Jan CU, just run Initialize-SPResourceSecurity on every machine in your farm.
 on 1/20/2016 9:28 AM

Jan 2016 CU Issue?

I noticed an issue while trying to delete a site collection in Central Admin. After selecting "Site Collection" I went to change the web application and was automatically redirected to the Central Admin home page. Our production farm is using the May 2015 CU and this does not occur in it (it works as expected and show the site collections for that web application). Our UAT and DEV environments have the Jan 2016 CU and this issue occurs in both of those.
 on 1/20/2016 3:23 PM

Uodate to comment "FIM Fails after KB3114508"

I believe this issue was due to having the Farm Admin account not in the Local Administrators group. Once added the Syncronization Service started right up.
 on 1/25/2016 7:54 PM

Wrong Link on Jan 2016 CU

The link on the Jan 2016 CU page for the Dec 2015 CU take you to the Dec 2013 CU...

http://www.toddklindt.com/blog/Regressions/sp2013Jan2016cu.aspx
 on 1/26/2016 7:48 AM

Re: Wrong Link on Jan 2016 CU

Quite right. I fixed it. Thanks for the heads up.

tk
Todd O. KlindtNo presence information on 1/26/2016 8:57 AM
1 - 10Next

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Title


Body *


Today's date *

Select a date from the calendar.
Please enter today's date so I know you are a real person

Twitter


Want a message when I reply to your comment? Put your Twitter handle here.

Attachments

 

 Please Support my Sponsors