Common Question on Hotfixes, Security Updates and Non-Security related Public Updates for SharePoint


One question I receive more or less with any CU release I publish on my blog is whether the CU includes previously (or on the same day) released public updates as well. The answer is YES.

All changes implemented for a public update or security fixes are also rolled up into our cumulative updates.

So if you have a CU installed there is no need to install older or on the same day released public updates.

Related Info:

Comments (20)

  1. EtienneL says:

    Thanks for this explanation.
    I think this is dangerous because CU are not so well tested and it is said to install CU only if we have a problem.
    But if I want for fix a problem with July CU, it will install as you said all the previous CU I dont realy need.
    Am I so wrong ?

    EtienneL

  2. Stefan Goßner says:

    Hi Etiennel,,

    a CU is cumulative and consists of all fixes previously released.
    But PUs are not much different. They include all fixes previously created for the component – independent if the fix was created for a CU or a PU.
    The main difference is that a PU is usually targeting a smaller aspect of the product – and that it is usually undergoing longer testing.

    With other words: there is no way NOT to install previous fixes if you are installing a fix.

    Cheers,
    Stefan

  3. Anonymous says:

    One question I receive more or less with any CU release I publish on my blog is whether the CU includes

  4. EtienneL says:

    Thanks Stefan

  5. Andreas says:

    Hello Stefan,
    I'm curious why Microsoft started to release public updates for SharePoint Server 2013 since as far as I understand you should only install updates if an error is fixed which occured in your environment.

    Since those public updates don't change the farm version they would be installed without giving the farm admin a chance to see them as a potentiel source of error.

    In which scenario would you recommend installing a public update rather than installing the current CU (which now is released every month)?

  6. Stefan Goßner says:

    Hi Andreas,

    Microsoft is releasing public updates for all products since a long time. E.g. Security fixes are public updates. Other non security related public updates are fixes which address issues which can affect a huge number of customers.
    So there is nothing new here with SP 2013.

    The Farm version is actually defined by a dll coming with SharePoint foundation – which is part of SharePoint server. If this dll is included in the public update because the change affects this dll, then the farm version should be also updated.

    Cheers,
    Stefan

  7. Andreas says:

    Thanks for your explanation, great work you're doing here. So you're saying that those public security updates should be installed in every scenario, because every farm is in harm by security issues? Or does the general approach "only install SharePoint
    Updates if it's fixing an error which limits your farm" not fit for those security updates?

  8. Stefan Goßner says:

    Hi Andreas,

    security fixes are recommended to be installed on all farms.
    It should be clear that you need to evaluate the fix in a test environment to verify that the fix does not bring any side effects to your application.

    Cheers,
    Stefan

  9. Cristian Grigore says:

    Hello Stefan,
    As a clarification , the CU updates include all the security updates as i understand. So if i install for example December 2014 CU then the Microsoft SharePoint Foundation Elevation of Privilege Vulnerability (MS14-073) would be automatically installed.
    Is this correct? or do they need to be addressed separately?

  10. Stefan Goßner says:

    Hi Cristian,
    your understanding is correct.
    Cheers,
    Stefan

  11. Cristian Grigore says:

    THANK YOU VERY MUCH STEFAN.

  12. Rich says:

    Hi Stefan. Thanks for your patience in explaining all of this to us! I am getting ready to install 2013 and going through the list of CUs since SP1. Should I patch my brand new installation of SharePoint up to and including the latest CU before moving
    forward with other configurations?

    Also, I looked at the Excel list of fixes included in SP1. The KB is listed in there. The SP was released in April but I don't see KB2767999 listed. That update was in March 2013 so if previous updates are in subsequent ones why is this KB not listed in the
    SP1 list of fixes? Hopefully that's clear 🙂

    Thanks again for helping us out!

  13. Stefan Goßner says:

    Hi Rich,

    I’m not involved in the creation of this excel list. All fixes released before SP1 are included in SP1.
    The general recommendation is that service packs and security fixes should be installed as soon as possible while CUs should be installed if required or advised by Microsoft support.

    Cheers,
    Stefan

  14. Greg R says:

    Are CUs released at the end of each month or a specific day of the month (i.e. 2nd Tuesday)?

  15. Stefan Goßner says:

    Hi Greg,

    the plan is to release them on 2nd tuesday but they can slip if problems are identified shortly before release.

    Cheers,
    Stefan

  16. Greg Rojas says:

    Thanks Stefan

  17. Anonymous says:

    SharePoint 2010 Build Numbers Cube Sheet
    As many times used in our daily business, we’re used

  18. Anonymous says:

    SharePoint 2010 Build Numbers Cube Sheet
    As many times used in our daily business, we’re used

  19. Anonymous says:

    SharePoint 2010 Build Numbers Cube Sheet
    As many times used in our daily business, we’re used