locked
SharePoint 2010 - sword.dll - latest version issues RRS feed

  • Question

  • We have updated our QA SharePoint server farms and our vulnerability scans are dinging us for the sword.dll file not being updated to the latest version - the latest update I can find with that file is:

    MS16-070: Description of the security update for Word Automation Services on SharePoint Server 2010: June 14, 2016

    but, it is an Office update, not a SharePoint CU... I've read many places not to use Windows Update for SharePoint servers.

    What CU do I need to install to get this latest sword.dll file downloaded and installed?

    added note: I just ran the November 2016 CU, which was supposedly an 'uber' package...

    Thanks!

    Jill T.

    Wednesday, December 7, 2016 6:34 PM

Answers

  • That particular update is for SharePoint, not Office client. As you've already installed the Nov 2016 CU, you already have this security patch integrated.

    Certain vulnerability scanners do not correctly detect SharePoint patches, that is, the November 2016 CU does not stick the registry entries in saying "MS16-70 was applied", which is what many vulnerability scanners check for. So you'll just have to ignore your scanner.


    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by tree800 Thursday, December 8, 2016 11:32 PM
    Wednesday, December 7, 2016 7:20 PM

All replies

  • That particular update is for SharePoint, not Office client. As you've already installed the Nov 2016 CU, you already have this security patch integrated.

    Certain vulnerability scanners do not correctly detect SharePoint patches, that is, the November 2016 CU does not stick the registry entries in saying "MS16-70 was applied", which is what many vulnerability scanners check for. So you'll just have to ignore your scanner.


    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by tree800 Thursday, December 8, 2016 11:32 PM
    Wednesday, December 7, 2016 7:20 PM
  • Thanks for the quick reply, Trevor.

    I'll chat with our Vulnerabilities team and see how they'd like to handle this.

    Jill

    Wednesday, December 7, 2016 7:43 PM
  • I have one follow up question.. upon doing a search on sword.dll, I found the latest and greatest here:

    c:\Program Files\Microsoft Office Servers\14.0\WebServices\WordServer\Core

    But, there is a second one here:

    c:\Program Files\Microsoft Office Servers\14.0\WebServices\ConversionService\Bin\Converter

    and it's dated from 2013... which I think that's what I'm getting dinged on...

    Should the CU have updated both locations?

    Thanks!

    Jill

    Wednesday, December 7, 2016 10:20 PM