MS15-110: Description of the security update for SharePoint Foundation 2013: October 13, 2015

This security update resolves vulnerabilities in Sharepoint. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-110.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft SharePoint Foundation 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see KB3096440 .

Improvements and fixes

This update contains fixes for the following nonsecurity issues: 

• REST query fails if a post contains an image without any associated text. For example, you can't access a newsfeed, and you receive the following error message when you send a REST query: 
  The server encountered an error processing the request. See server logs for more details.
• Welcome email is not sent to users when the user who creates the invitation is not the owner, and no message is entered in the optional message text box.
  
• When you create a document set, all entered data is lost if a field validation fails.
  
• After you select Cancel on the Edit Properties page of a publishing page, you are redirected to the document library but not the page.
  
• Incremental crawls on certain crawl sources cause sustained high CPU usage and gradually increasing memory consumption.
  
• The WOPI Discovery Synchronization timer job is displayed as successful even if it fails.
  
• When you drag-and-drop files to a SharePoint site, the upload process may freeze after a brief period of inactivity.
  
• When you restore or move a site collection to a different location, the URL of the site logo image isn't updated.
  
• Custom CSS styles aren't displayed for the RichHtmlField control on ribbons.
  
• After you migrate from SharePoint Server 2010 to SharePoint Server 2013, you can't access workflows of a list to start a new workflow or check the status of existing instances for SharePoint Server 2010 workflows.
  
• When you try to access a list for which you don't have access permissions, you expect to receive an access denied error message. Instead, you receive the following error message: 
  The "ListViewWebPart" Web Part appears to be causing a problem. Object reference not set to an instance of an object.
  
  
• After you restore or copy a site collection, the URL of the navigation node is invalid.
  
• After you use the Copy-SPSite cmdlet to synchronize a new created site collection, you can't use OneDrive for Business to synchronize an old site collection.
  
  Note To resolve this issue, you also have to apply September 16, 2014 update for OneDrive for Business (KB2889931) .
  
• Fixes the following issues in Azure plugin in hybrid crawler:
• Sends headers with additional information to secure cloud services (SCS).
• Fixes Azure plugin freezes because of status change (pause or resume).
• Fixes the spoindextypename value.
  
• You cannot attach any files to list items in a SharePoint Server 2013 site. The operation fails, and you receive with a message that states that the path contains invalid characters.