SharePoint 2013 issues and workarounds after Microsoft 2015 March Window Security Release

In January 2015, everyone was surprised by the announcement from Microsoft product group that they have decided to include all Office Server updates (for SharePoint, Project Server, Office Web Apps) - including non-security product updates – to be made available via Windows Update.

This is unbelievable! Do they know how this will affect the customers with different SharePoint version installed? There are also many dependencies for the new SharePoint updates included in window patch to be applied. After fighting with Microsoft, the product group quickly changed the monthly window security release to include only security updates for all Office Server updates (for SharePoint, Project Server, Office Web Apps). However, this will still bring issues and problem for SharePoint on-premises since the new SharePoint packages might not work with the SharePoint versions you have installed!

In recently Microsoft 2015 March Window Security Release, we have found at least two major issues after the patch to SharePoint 2013. We had to come up our workarounds after we discovered them. Here are the details.

1. The first issues is Incoming Emails will be stuck in the Drop Folder and will not be processed. The reason is March 2015 security patch includes for SharePoint Server 2013 December 14 CU that the sandbox solution resource quota for the site collection is changed to zero instead of default 300. As a result, site collection will be locked and no changes could be made including the incoming emails.

The workaround is to identify the site collection that has "Sandbox Solutions Resources Quota Limit" set as "0" and reset to the default.

Here is the powershell script to reset any site collection that Sandboxed Solutions Resources Quota is less than 300 to 300. This script also set the Sandboxed Solutions Resources Quota to 100.

Get-SPSite -Limit All | where {$_.Quota.UserCodeMaximumLevel  -lt 300} | foreach-object {$_.Quota.UserCodeMaximumLevel = 300}
Get-SPSite -Limit All | where {$_.Quota.UserCodeWarningLevel -lt 100} | foreach-object {$_.Quota.UserCodeWarningLevel = 100}
You could use the following script to verify you have any site collection that still have Sandboxed Solutions Resources Quota less than 300.
$m = Get-SPSite -Limit All | where {$_.Quota.UserCodeMaximumLevel  -lt 300}
$m.Count
$m 

You could use the following script to list quota for all site collection 

Get-SPSite -Limit All | foreach-object {$_.Quota} 

2. The second issue is that if you have a filter to the list like task list, the filter will not take effect and list will still display everything. This issue is likely to be fixed in 2015 window security patch. Here are the workarounds you could choose.

• Change the style of all the filtered views from Default to Shaded for example
• Combining filter with Group By option
• Activate "Server Rendering" for the web part in all affected views

 This issue will impact any SharePoint with Microsoft SharePoint Foundation Core versions between 15.0.4698.1000 and 15.0.4715.1000. You could check your SharePoint version from central admin->Upgrade and Migration->Check product and patch installation status as in the following screenshot. This SharePoint farm will have this issues since the version is 15.0.4701.1000.

3. The third issue is that “After creating publishing Pages not redirected back to the Pages Library”.

We just tested it the April window security patch and it will not resolve any of the above issues. The earliest fix is likely to be the 2015 May CU. In summary, there is significant risk for SharePoint on-premises farm each month to apply Microsoft Window Security Release and we are working with Microsoft teams to improve the release quality.