none
Out of band SharePoint 2013 security critical updates RRS feed

  • Question

  • So we have a large multi-farm environment, which due to incompatible customizations forces a multiday event to complete a monthly CU Uber patch install. And as we are scanned by security monthly, and monthly out of band Office/SharePoint critical security updates are released.  I need to apply individual patches to alleviate the security findings, so my question is just to make sure, since we run the CU's every 6 months, the individual 2019 June or July security patches that are applied should not interfere with the installation of the 2019 September CU released correct?

    Thank you


    John Chendorain

    Monday, July 15, 2019 4:50 PM

Answers

  • Don't get me wrong, not all security updates will cause issues, but it has happened in the past. But given a CU and hotfix need to be treated the same way from a testing and process perspective, it's difficult to justify just applying the security update.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, July 15, 2019 9:38 PM
    Moderator

All replies

  • The monthly releases are not OOB. There are _very_ few OOB patches that have been released for 2010+.

    For SharePoint 2013, I would strongly recommend not running only security patches (which ultimately leads to 'run the CU') as these patches, in the past, have broken functionality as they had an unwritten dependency on an also updated non-security patch (e.g. a language dependent fix, which may include en-US).

    Given SharePoint patches, regardless of scope, require the same testing and implementation process and time, it really doesn't make much sense to do anything but the CUs.


    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, July 15, 2019 8:14 PM
    Moderator
  • So Trevor applying patch CVE-2019-0670 or CVE -2019- 0604 for example would cause issues until we update using a monthly CU? This would not be until sometime in September, but I will have to deal with POA&Ms until that time.  I mean I have not applied anything but CU's in the past, but on much tighter schedule.  Where I am at now it's like 6 to 8 months before the next update.

    Thanks for the response

    

    John Chendorain

    Monday, July 15, 2019 9:05 PM
  • Don't get me wrong, not all security updates will cause issues, but it has happened in the past. But given a CU and hotfix need to be treated the same way from a testing and process perspective, it's difficult to justify just applying the security update.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Monday, July 15, 2019 9:38 PM
    Moderator
  • Hi  John,

    Has this problem been solved?

    If you think the replies are helpful to you, please remember to mark them as answers. It will help others who meet the similar question in this forum.

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Tuesday, July 16, 2019 6:30 AM
  • Itch, I am reaching out to our MS PFE now, so give me until the end of the week and I will update accordingly.  Thanks

    John Chendorain

    Tuesday, July 16, 2019 1:52 PM
  • Hi jchendorain ,

    OK, any updates, feel free to post back.

    Looking forward to hearing from you.

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.


    Wednesday, July 17, 2019 2:49 AM
  • Hi jchendorain ,

    Has this problem been solved?

    Looking forward to hearing from you.

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, July 25, 2019 9:23 AM
  • So Itch, I will mark it as answered, its funny though our PFE stated that she tells her customers to go ahead and plan to update the ad-hoc critical MS patches.  I told her I would develop a plan to run a couple in our development farm, backing up the VM's prior to the updates, so we shall see.

    Thanks and historically I am a client/server admin so MS systems OS and App security patches always and still do keep me extremely busy.


    John Chendorain

    Tuesday, July 30, 2019 6:36 PM
  • So Itch, I will mark it as answered, its funny though our PFE stated that she tells her customers to go ahead and plan to update the ad-hoc critical MS patches.  I told her I would develop a plan to run a couple in our development farm, backing up the VM's prior to the updates, so we shall see.

    Thanks and historically I am a client/server admin so MS systems OS and App security patches always and still do keep me extremely busy.


    John Chendorain

    Just keep in mind online backups/snapshots of VMs of SharePoint farms including their SQL Servers are not supported.

    https://docs.microsoft.com/en-us/sharepoint/install/deploy-sharepoint-virtual-machines


    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, July 30, 2019 6:40 PM
    Moderator
  • Thanks Trevor, we do shut down the hosts prior to snapshot, and as I am in the communications I see the request to I/O, but as I am not part of that update process not sure how that's verified.  And we have some issues with the config DB in the past were an MS Engineer had to step in to assist.  Something to think about going forward.

    Thanks again


    John Chendorain

    Tuesday, July 30, 2019 7:51 PM