June Security Hotfix for WSS V3 and Office and Project Server 2007

We released a security hot fix in June, that could have an impact on Project Server 2007, though if you have installed February 2010 Cumulative Update or later for SharePoint/Project Server you will have already received this patch – so do not need to read on.

Microsoft Security Bulletin MS10-039 - Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
See also KB979445  -> MS10-039: Description of the security update for Microsoft Office SharePoint Server 2007: June 8, 2010

This fix was flagged as important, so it is possible for stand-alone installations with automatic updates configured that it has been downloaded and the binaries installed automatically.  The problem this could give is that the SharePoint Configuration wizard (psconfig) still needs to be run to complete the installation.  Until this is run you could see some bad behavior, such as not being able to browse the Central Administration site. 

If you do not have a stand-alone installation then updates are blocked from installing automatically. The software update program checks the Windows Registry and blocks automatic installation on any Web server that does not contain the value "Serverrole"="SINGLESERVER" in the HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web server extensions\12.0\WSS\ key. 

However, if you manually install this update, then you need to be sure to treat this just like any other SharePoint update and run the configuration wizard to complete the installation.  If you think you may be suffering the consequences of not running the configuration wizard and re-running now is not resolving things for you then please open a support incident.

Thanks to Shazeb and Aik for suggesting this as a useful blog posting, and to Joerg_Sinemus for his original posting http://blogs.msdn.com/b/joerg_sinemus/archive/2010/06/09/june-security-hotfix-for-wss-v3-and-moss-2007.aspx.

Technorati Tags: ,
Comments (2)

  1. Carl Dalton says:

    Still a little unclear here.  My client was running April 2009 CU (yeah, I know!) until these packages were installed and now their Version ID is 6535.5000 (i think) which represents April 2010 CU.

    However I am not clear as to whether this has fully applied all the fixed between April 2009 and April 2010 CU's.  Was this security patch a Cumulative update with all application patches included, and to what level?

  2. Hi Carl,

    No this wasn't a cumulative update – but was a security update that had been included already in the Feb CU – so no other updates will have been loaded as part of this.  June 2010 CU should be out now (expect a post later today…) so may be best to get them on this too.

    Best regards,


Skip to main content