December patches for Azure DevOps Server and Team Foundation Server

Avatar

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server, as well as the following older Team Foundation Server releases: TFS 2015, TFS 2017 and TFS 2018.

The following vulnerabilities will be fixed with this patch:

  • CVE-2020-17135: Azure DevOps Server Spoofing Vulnerability
  • CVE-2020-17145: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
  • CVE-2020-1325: Azure DevOps Server Spoofing Vulnerability
  • Fix issue with TFVC not processing all results

Azure DevOps Server 2020 Patch 1

If you have Azure DevOps Server 2020, you should install Azure DevOps Server 2020 Patch 1.

Verifying Installation

  • Option 1: Run devops2020patch1.exe CheckInstall, devops2020patch1.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2020\Application Tier\bin\Microsoft.Teamfoundation.Framework.Server.dll. Azure DevOps Server 2020 is installed to c:\Program Files\Azure DevOps Server 2020 by default. After installing Azure DevOps Server 2020 Patch 1, the version will be 18.170.30723.6.

Azure DevOps Server 2019.1.1 Patch 6

If you have Azure DevOps Server 2019 Update 1.1, you should install Azure DevOps Server 2019 Update 1.1 Patch 6. Please see the release notes for AzurePowerShellV4 task installation instructions.

Verifying Installation

  • Option 1: Run devops2019.1.1patch6.exe CheckInstall, devops2019.1.1patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2019\Application Tier\Web Services\bin\Microsoft.VisualStudio.Services.Feed.Server.dll. Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019 by default. After installing Azure DevOps Server 2019.1.1 Patch 6, the version will be 17.153.30723.5.

Azure DevOps Server 2019.0.1 Patch 9

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 9.

Verifying Installation

  • Option 1: Run devops2019.0.1patch9.exe CheckInstall, devops2019.0.1patch9.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019 by default. After installing Azure DevOps Server 2019.0.1 Patch 9, the version will be 17.143.30723.4.

TFS 2018 Update 3.2 Patch 14

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 14.

Verifying Installation

  • Option 1: Run tfs2018.3.2patch14.exe CheckInstall, tfs2018.3.2patch14.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018 by default. After installing TFS 2018 Update 3.2 Patch 14, the version will be 16.131.30724.3.

TFS 2018 Update 1.2 Patch 9

If you have TFS 2018 RTW or Update 1, you should first update to TFS 2018 Update 1.2. Once on Update 1.2, install TFS 2018 Update 1.2 Patch 9.

Verifying Installation

  • Option 1: Run tfs2018.1.2patch9.exe CheckInstall, tfs2018.1.2patch9.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018 by default. After installing TFS 2018 Update 1.2 Patch 9, the version will be 16.122.30723.1.

TFS 2017 Update 3.1 Patch 12

If you have TFS 2017, you should first update to TFS 2017 Update 3.1. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 12.

Verifying Installation

  • Option 1: Run tfs2017.3.1patch12.exe CheckInstall, tfs2017.3.1patch12.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\Program Files\Microsoft Team Foundation Server 15.0 by default. After installing TFS 2017 Update 3.1 Patch 12, the version will be 15.117.30801.0.

TFS Update 2015.4.2 Patch 7

If you have TFS 2015, you should first update to TFS 2015 Update 4.2. Once on Update 4.2, install TFS 2015 Update 4.2 Patch 7.

Verifying Installation

  • Option 1: Run tfs2015.4.2patch7.exe CheckInstall, tfs2015.4.2patch17.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. TFS 2015 is installed to c:\Program Files\Microsoft Team Foundation Server 14.0 by default. After installing TFS 2015 Update 4.2 Patch 7, the version will be 14.114.30730.0.

16 comments

Leave a comment