Answered by:
SharePoint 2010 - sword.dll - latest version issues

Question
-
We have updated our QA SharePoint server farms and our vulnerability scans are dinging us for the sword.dll file not being updated to the latest version - the latest update I can find with that file is:
MS16-070: Description of the security update for Word Automation Services on SharePoint Server 2010: June 14, 2016
but, it is an Office update, not a SharePoint CU... I've read many places not to use Windows Update for SharePoint servers.
What CU do I need to install to get this latest sword.dll file downloaded and installed?
added note: I just ran the November 2016 CU, which was supposedly an 'uber' package...
Thanks!
Jill T.
Wednesday, December 7, 2016 6:34 PM
Answers
-
That particular update is for SharePoint, not Office client. As you've already installed the Nov 2016 CU, you already have this security patch integrated.
Certain vulnerability scanners do not correctly detect SharePoint patches, that is, the November 2016 CU does not stick the registry entries in saying "MS16-70 was applied", which is what many vulnerability scanners check for. So you'll just have to ignore your scanner.
Trevor Seward
Office Servers and Services MVP
Author, Deploying SharePoint 2016
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.- Marked as answer by tree800 Thursday, December 8, 2016 11:32 PM
Wednesday, December 7, 2016 7:20 PM
All replies
-
That particular update is for SharePoint, not Office client. As you've already installed the Nov 2016 CU, you already have this security patch integrated.
Certain vulnerability scanners do not correctly detect SharePoint patches, that is, the November 2016 CU does not stick the registry entries in saying "MS16-70 was applied", which is what many vulnerability scanners check for. So you'll just have to ignore your scanner.
Trevor Seward
Office Servers and Services MVP
Author, Deploying SharePoint 2016
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.- Marked as answer by tree800 Thursday, December 8, 2016 11:32 PM
Wednesday, December 7, 2016 7:20 PM -
Thanks for the quick reply, Trevor.
I'll chat with our Vulnerabilities team and see how they'd like to handle this.
Jill
Wednesday, December 7, 2016 7:43 PM -
I have one follow up question.. upon doing a search on sword.dll, I found the latest and greatest here:
c:\Program Files\Microsoft Office Servers\14.0\WebServices\WordServer\Core
But, there is a second one here:
c:\Program Files\Microsoft Office Servers\14.0\WebServices\ConversionService\Bin\Converter
and it's dated from 2013... which I think that's what I'm getting dinged on...
Should the CU have updated both locations?
Thanks!
Jill
Wednesday, December 7, 2016 10:20 PM