Udostępnij za pośrednictwem


How to apply MS10-079 to a SharePoint farm with Office Web Apps enabled?

MS10-079 is a security bulletin about vulnerabilities in Word. If you read through the bulletin, you can find that it impacts Office Web Apps too. Sounds pretty clear? However, when I tried to apply it I was confused.

Screenshot of the original page:

snap0030

Okay, the first one is KB2346411, and the second one is KB2345015. And it further stated in the bulletin that For Microsoft Office Web Apps, customers need to install both security update KB2346411 and security update KB2345015 to be protected from the vulnerabilities described in this bulletin. Fine. So apply KB2346411 – pretty straight forward, no restart or psconfig needs to be run. Then, apply KB2345015 – here comes the problem. You may see a strange dialogue show up like below:

clip_image002

Aha, an empty box with OK button. OK for what? Click…

clip_image002[5]

Huh?

I didn’t install any other updates except KB2346411 for Office Web Apps. So now this is really confusing – if this so called “Security Update for Microsoft Word Web Application 2010” is try to apply a fix for Word Web App (Apparently they even made the product brand name wrong, but anyway, some times they even called SharePoint Foundation 2010 as Office SharePoint Foundation. They have no respect of our brand names), then it should update some files related with Word Web App, which I had never patched before. Background knowledge: CU fix does not include Office Web Apps. Now it tells me the update is already “installed” – this made me nervous about my system security. Is it patched? Or is this something wrong with that fix?

After reading into the description of the KB article, it turns out the files it want to replace are the WDSRV.DLL related ones. This is Microsoft.Office.Word.Server in your GAC. Let me explain – this is not Word Web Apps at all – it is not even a part of Office Web Apps. Instead, this is Word Automation Services, which is used to convert word documents on SharePoint Server. Further explanation is here: https://msdn.microsoft.com/en-us/library/ee558830.aspx. This component is included in all SharePoint Server installation even without Office Web Apps installed. And this patch, is already included in December 2010 Cumulative Update so there’s no point to apply it if you have Dec CU already.

Quick Summary: If you need to apply MS10-079 to a farm with Dec CU, the only thing needed is KB2346411.

 

Jie.