Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-036: Description of the security update for Project Server 2010: April 14, 2015


View products that this article applies to.

Introduction

This update resolves vulnerabilities that could allow elevation of privilege if an attacker sends a specially crafted request to an affected Microsoft Project Server 2010. The attacker who successfully exploited these vulnerabilities could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim's identity to take actions on behalf of the victim, such as change permissions, delete content, and insert malicious content in the victim’s browser.

↑ Back to the top


Summary

 Microsoft has released security bulletin MS15-036. Learn more about how to obtain the fixes that are included in this security bulletin: 

↑ Back to the top


How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


More information about this security update

Download information

This update is available for download from the Microsoft Download Center.

↑ Back to the top


Restart information

You may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you will receive a message that advises you to restart the computer.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.

Learn about why you may be prompted to restart your computer after you install a security update on a Windows-based computer.

Prerequisites to install this security update

To install this security update, you must have the release version or Service Pack 2 for Project Server 2010 installed on the computer.

↑ Back to the top


Removal information

This security update cannot be removed.

↑ Back to the top


Security update replacement information

This security update replaces update 2863922.

↑ Back to the top


File information
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
File nameFile versionFile sizeDateTime
Prjsvr.sql.loc.localizedupgrade.xml.1025336,59015-Oct-201410:00
Prjsvr.sql.loc.localizedupgrade.xml.1029328,92015-Oct-201409:52
Prjsvr.sql.loc.localizedupgrade.xml.1030326,36515-Oct-201409:51
Prjsvr.sql.loc.localizedupgrade.xml.1031327,95315-Oct-201409:54
Prjsvr.sql.loc.localizedupgrade.xml.1032346,93515-Oct-201409:55
Prjsvr.sql.loc.localizedupgrade.xml.1033324,18915-Oct-201404:19
Microsoft.office.project.shared.intl.loc.dll.308214.0.7007232,02414-Dec-201211:22
Prjsvr.sql.loc.insdeflp.sql.3082541,43214-Dec-201210:02
Prjsvr.sql.loc.localizedupgrade.xml.3082328,45115-Oct-201409:53
Pwa.lcid.resx.3082866,51414-Dec-201210:02
Prjsvr.sql.loc.insdef.sql.103525,20614-Dec-201210:03
Prjsvr.sql.loc.localizedupgrade.xml.1035327,05515-Oct-201409:55
Microsoft.office.project.shared.intl.loc.dll.103614.0.7007236,14414-Dec-201211:26
Milestonesduethismonth.xlsx.103618,94014-Dec-201210:06
Prjsvr.sql.loc.insdeflp.sql.1036540,02614-Dec-201210:06
Prjsvr.sql.loc.localizedupgrade.xml.1036328,02815-Oct-201409:54
Pwa.lcid.resx.1036882,51717-Aug-201308:59
Pwa.resources.pwafeatures.resx.1036137,28514-Dec-201210:06
Prjsvr.sql.loc.localizedupgrade.xml.1037331,78515-Oct-201409:55
Prjsvr.sql.loc.localizedupgrade.xml.1038329,53915-Oct-201409:55
Prjsvr.sql.loc.localizedupgrade.xml.1040327,61815-Oct-201410:04
Prjsvr.sql.loc.localizedupgrade.xml.1041331,07415-Oct-201404:31
Prjsvr.sql.loc.localizedupgrade.xml.1042327,04415-Oct-201409:56
Issuesandrisks.xlsx.104416,61714-Dec-201210:03
Microsoft.office.project.shared.intl.loc.dll.104414.0.7007227,92814-Dec-201211:24
Prjmsg.dll_104414.0.7007176,22414-Dec-201211:24
Prjsvr.sql.loc.insdeflp.sql.1044539,22014-Dec-201210:03
Prjsvr.sql.loc.localizedupgrade.xml.1044325,42115-Oct-201409:56
Pwa.lcid.resx.1044826,85614-Dec-201210:03
Pwa.resources.pwafeatures.resx.1044131,32914-Dec-201210:03
Pws.resources.pws.resx.104425,68814-Dec-201210:03
Prjsvr.sql.loc.insdeflp.sql.1043537,95014-Dec-201210:03
Prjsvr.sql.loc.localizedupgrade.xml.1043326,58115-Oct-201409:57
Prjsvr.sql.loc.localizedupgrade.xml.1045329,15115-Oct-201409:57
Prjsvr.sql.loc.insdeflp.sql.1046543,52014-Dec-201210:11
Prjsvr.sql.loc.localizedupgrade.xml.1046327,48915-Oct-201410:06
Prjsvr.sql.loc.insdeflp.sql.2070540,24614-Dec-201210:02
Prjsvr.sql.loc.localizedupgrade.xml.2070327,73115-Oct-201410:04
Prjsvr.sql.loc.localizedupgrade.xml.1049342,72215-Oct-201409:59
Prjsvr.sql.loc.localizedupgrade.xml.1051329,35915-Oct-201409:59
Prjsvr.sql.loc.localizedupgrade.xml.1060325,91215-Oct-201410:00
Prjsvr.sql.loc.localizedupgrade.xml.1053326,00715-Oct-201410:00
Prjsvr.sql.loc.localizedupgrade.xml.1055326,56815-Oct-201410:00
Prjsvr.sql.loc.localizedupgrade.xml.1058341,76915-Oct-201410:01
Prjsvr.sql.loc.localizedupgrade.xml.2052323,02215-Oct-201410:00
Prjsvr.sql.loc.localizedupgrade.xml.1028323,28515-Oct-201410:01
Dataedit.dll14.0.7135.5000453,29602-Oct-201411:37
Microsoft.office.project.schema.dll14.0.7005.10005,323,34431-Oct-201207:36
Microsoft.office.project.server.administration.dll14.0.7118.5000289,46412-Feb-201407:34
Microsoft.office.project.server.communications.dll14.0.7141.5000289,46403-Dec-201411:10
Microsoft.office.project.server.communications.internal.dll14.0.7141.5000502,44803-Dec-201411:10
Microsoft.office.project.server.dll14.0.7145.50007,293,62410-Feb-201503:42
Microsoft.office.project.server.library.dll14.0.7141.50002,149,04803-Dec-201410:50
Microsoft.office.project.server.native.dll14.0.7011.1000483,48806-Mar-201303:14
Microsoft.office.project.server.pwa.applicationpages.dll14.0.7141.50001,051,36803-Dec-201411:10
Microsoft.office.project.server.pwa.dll14.0.7147.50002,075,36017-Mar-201501:27
Microsoft.office.project.server.upgrade.dll14.0.7145.50005,995,19210-Feb-201503:42
Microsoft.office.project.server.webservice.dll14.0.7141.5000494,26403-Dec-201411:10
Microsoft.office.project.shared.dll14.0.7101.5000133,81622-Apr-201304:49
Microsoft.office.project.webproj.dll14.0.7143.5000789,16813-Jan-201501:36
Microsoft.office.project.webprojserver.dll14.0.7143.5000789,16813-Jan-201501:36
Prjsvr.sql.addpublishsps12.sql380,69515-Oct-201404:20
Prjsvr.sql.addpubsps12.sql1,271,65915-Oct-201404:20
Prjsvr.sql.addpubtab12.sql241,37015-Oct-201404:20
Prjsvr.sql.addqueue1projectsps12.sql91,52115-Oct-201404:20
Prjsvr.sql.addqueue1timesheetsps12.sql92,76015-Oct-201404:20
Prjsvr.sql.addreptab12.sql58,85715-Oct-201404:20
Prjsvr.sql.addsps12.sql565,58110-Feb-201503:23
Prjsvr.sql.addversionsps12.sql166,07115-Oct-201404:20
Prjsvr.sql.addverstab12.sql124,47915-Oct-201404:20
Prjsvr.sql.addworkingsps12.sql120,66015-Oct-201404:20
Prjsvr.sql.addworksps12.sql125,23915-Oct-201404:20
Prjsvr.sql.addworktab12.sql132,91115-Oct-201404:20
Prjsvr.sql.autogen.sql22,80215-Oct-201404:20
Prjsvr.sql.initrep12.sql1,477,57715-Oct-201404:20
Ps12lib.config60917-Nov-201008:34
Ps12lib.dll14.0.6015.100011,71221-Dec-201008:37
Pwa.admin.addmodifyuser.aspx146,28212-Feb-201407:23
Pwa.admin.enterpriseprojecttypedetails.aspx35,96808-Nov-201305:48
Pwa.library.dom.debug.js24,81426-Sep-201007:22
Pwa.library.dom.js15,55026-Sep-201007:22
Pwa.library.gridsatellite.debug.js53,99105-Nov-201402:00
Pwa.library.gridsatellite.js36,53805-Nov-201402:00
Pwa.library.myworksatellite.js39,91910-Feb-201503:26
Pwa.library.projectcentersatellite.debug.js14,09205-Nov-201402:00
Pwa.library.projectcentersatellite.js10,58005-Nov-201402:00
Pwa.library.projectserverscripts.debug.js414,86127-Oct-201204:15
Pwa.library.projectserverscripts.js308,95927-Oct-201204:15
Pwa.library.pwaparts.ascx19,50417-Oct-201210:46
Pwa.library.remotetextconv.debug.js15,94810-Feb-201503:26
Pwa.library.remotetextconv.js7,71010-Feb-201503:26
Pwa.library.shell.debug.js80,09802-Jul-201108:58
Pwa.library.shell.js51,12602-Jul-201108:58
Pwa.library.statusapprovalssatellite.js19,99523-May-201309:52
Pwa.library.timesheetsatellite.js56,37927-Oct-201204:15
Pwa.library.treepicker.debug.js13,55826-Sep-201007:22
Pwa.library.treepicker.js5,95626-Sep-201007:22
Pwa.pwaribbon.pwaribbon.xml641,12131-Oct-201212:57
Pwa.rules.rulesaddmod.aspx43,59819-Dec-201311:09
Pwa.statusing.addtask.aspx15,34319-Dec-201311:09
Pwa.wssadmin.createpsiapp.apx6,13221-Nov-201205:43
Pwa.wssadmin.createpwa.aspx18,93821-Nov-201206:06
Pwa.wssadmin.managepsiapp.aspx5,03321-Nov-201205:43
Pwa.wssadmin.managepwa.aspx7,80021-Nov-201205:43
Sdk.microsoft.office.project.server.library.dll14.0.7141.50002,149,04803-Dec-201410:50
Sdk.microsoft.office.project.shared.dll14.0.7101.5000133,81622-Apr-201304:49

↑ Back to the top


Keywords: kbfix, kbbug, kbexpertiseinter, kbsecurity, kbsecbulletin, kbsecreview, kbsecvulnerability, kbmustloc, kblangall, atdownload, kb, kbsurveynew

↑ Back to the top

Article Info
Article ID : 2965302
Revision : 3
Created on : 4/13/2020
Published on : 4/13/2020
Exists online : False
Views : 657