This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

SharePoint 2010 - sword.dll - latest version issues

Question
0

Sign in to vote

We have updated our QA SharePoint server farms and our vulnerability scans are dinging us for the sword.dll file not being updated to the latest version - the latest update I can find with that file is:

MS16-070: Description of the security update for Word Automation Services on SharePoint Server 2010: June 14, 2016

but, it is an Office update, not a SharePoint CU... I've read many places not to use Windows Update for SharePoint servers.

What CU do I need to install to get this latest sword.dll file downloaded and installed?

added note: I just ran the November 2016 CU, which was supposedly an 'uber' package...

Thanks!

Jill T.

Wednesday, December 7, 2016 6:34 PM

Answers

1

Sign in to vote
That particular update is for SharePoint, not Office client. As you've already installed the Nov 2016 CU, you already have this security patch integrated.

Certain vulnerability scanners do not correctly detect SharePoint patches, that is, the November 2016 CU does not stick the registry entries in saying "MS16-70 was applied", which is what many vulnerability scanners check for. So you'll just have to ignore your scanner.
Trevor Seward

Office Servers and Services MVP

Author, Deploying SharePoint 2016

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
- Marked as answer by tree800 Thursday, December 8, 2016 11:32 PM
Wednesday, December 7, 2016 7:20 PM

All replies

1

Sign in to vote
That particular update is for SharePoint, not Office client. As you've already installed the Nov 2016 CU, you already have this security patch integrated.

Certain vulnerability scanners do not correctly detect SharePoint patches, that is, the November 2016 CU does not stick the registry entries in saying "MS16-70 was applied", which is what many vulnerability scanners check for. So you'll just have to ignore your scanner.
Trevor Seward

Office Servers and Services MVP

Author, Deploying SharePoint 2016

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
- Marked as answer by tree800 Thursday, December 8, 2016 11:32 PM
Wednesday, December 7, 2016 7:20 PM
0

Sign in to vote

Thanks for the quick reply, Trevor.

I'll chat with our Vulnerabilities team and see how they'd like to handle this.

Jill

Wednesday, December 7, 2016 7:43 PM
0

Sign in to vote

I have one follow up question.. upon doing a search on sword.dll, I found the latest and greatest here:

c:\Program Files\Microsoft Office Servers\14.0\WebServices\WordServer\Core

But, there is a second one here:

c:\Program Files\Microsoft Office Servers\14.0\WebServices\ConversionService\Bin\Converter

and it's dated from 2013... which I think that's what I'm getting dinged on...

Should the CU have updated both locations?

Thanks!

Jill

Wednesday, December 7, 2016 10:20 PM