December patches for Azure DevOps Server and Team Foundation Server

Avatar

This month, we are releasing fixes for security vulnerabilities that impact our self-hosted product, Azure DevOps Server, as well as the following older Team Foundation Server releases: TFS 2015, TFS 2017 and TFS 2018.

The following vulnerabilities will be fixed with this patch:

  • CVE-2020-17135: Azure DevOps Server Spoofing Vulnerability
  • CVE-2020-17145: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
  • CVE-2020-1325: Azure DevOps Server Spoofing Vulnerability
  • Fix issue with TFVC not processing all results

Azure DevOps Server 2020 Patch 1

If you have Azure DevOps Server 2020, you should install Azure DevOps Server 2020 Patch 1.

Verifying Installation

  • Option 1: Run devops2020patch1.exe CheckInstall, devops2020patch1.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2020\Application Tier\bin\Microsoft.Teamfoundation.Framework.Server.dll. Azure DevOps Server 2020 is installed to c:\Program Files\Azure DevOps Server 2020 by default. After installing Azure DevOps Server 2020 Patch 1, the version will be 18.170.30723.6.

Azure DevOps Server 2019.1.1 Patch 6

If you have Azure DevOps Server 2019 Update 1.1, you should install Azure DevOps Server 2019 Update 1.1 Patch 6. Please see the release notes for AzurePowerShellV4 task installation instructions.

Verifying Installation

  • Option 1: Run devops2019.1.1patch6.exe CheckInstall, devops2019.1.1patch6.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Azure DevOps Server 2019\Application Tier\Web Services\bin\Microsoft.VisualStudio.Services.Feed.Server.dll. Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019 by default. After installing Azure DevOps Server 2019.1.1 Patch 6, the version will be 17.153.30723.5.

Azure DevOps Server 2019.0.1 Patch 9

If you have Azure DevOps Server 2019, you should first update to Azure DevOps Server 2019.0.1. Once on 2019.0.1, install Azure DevOps Server 2019.0.1 Patch 9.

Verifying Installation

  • Option 1: Run devops2019.0.1patch9.exe CheckInstall, devops2019.0.1patch9.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. Azure DevOps Server 2019 is installed to c:\Program Files\Azure DevOps Server 2019 by default. After installing Azure DevOps Server 2019.0.1 Patch 9, the version will be 17.143.30723.4.

TFS 2018 Update 3.2 Patch 14

If you have TFS 2018 Update 2 or Update 3, you should first update to TFS 2018 Update 3.2. Once on Update 3.2, install TFS 2018 Update 3.2 Patch 14.

Verifying Installation

  • Option 1: Run tfs2018.3.2patch14.exe CheckInstall, tfs2018.3.2patch14.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.WorkItemTracking.Web.dll. TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018 by default. After installing TFS 2018 Update 3.2 Patch 14, the version will be 16.131.30724.3.

TFS 2018 Update 1.2 Patch 9

If you have TFS 2018 RTW or Update 1, you should first update to TFS 2018 Update 1.2. Once on Update 1.2, install TFS 2018 Update 1.2 Patch 9.

Verifying Installation

  • Option 1: Run tfs2018.1.2patch9.exe CheckInstall, tfs2018.1.2patch9.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2018 is installed to c:\Program Files\Microsoft Team Foundation Server 2018 by default. After installing TFS 2018 Update 1.2 Patch 9, the version will be 16.122.30723.1.

TFS 2017 Update 3.1 Patch 12

If you have TFS 2017, you should first update to TFS 2017 Update 3.1. Once on Update 3.1, install TFS 2017 Update 3.1 Patch 12.

Verifying Installation

  • Option 1: Run tfs2017.3.1patch12.exe CheckInstall, tfs2017.3.1patch12.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Server.WebAccess.Admin.dll. TFS 2017 is installed to c:\Program Files\Microsoft Team Foundation Server 15.0 by default. After installing TFS 2017 Update 3.1 Patch 12, the version will be 15.117.30801.0.

TFS Update 2015.4.2 Patch 7

If you have TFS 2015, you should first update to TFS 2015 Update 4.2. Once on Update 4.2, install TFS 2015 Update 4.2 Patch 7.

Verifying Installation

  • Option 1: Run tfs2015.4.2patch7.exe CheckInstall, tfs2015.4.2patch17.exe is the file that is downloaded from the link above. The output of the command will either say that the patch has been installed, or that is not installed.

  • Option 2: Check the version of the following file: [TFS_INSTALL_DIR]\Application Tier\Web Services\bin\Microsoft.TeamFoundation.Framework.Server.dll. TFS 2015 is installed to c:\Program Files\Microsoft Team Foundation Server 14.0 by default. After installing TFS 2015 Update 4.2 Patch 7, the version will be 14.114.30730.0.

17 comments

Comments are closed. Login to edit/delete your existing comments

  • Avatar
    SCLANO FRANCESCO

    I installed Azure DevOps Server 2019 update 1.1 but I have never applied any patches. Do I have to install patch 1, patch 2, patch 3 … or do I have to install only last patch 6?

    • Avatar
      Gloridel MoralesMicrosoft employee

      Hi Francesco, if you have Azure DevOps Server 2019 Update 1.1, you can install Azure DevOps Server 2019 Update 1.1 Patch 6. You don’t need to install other patches prior to Patch 6.

  • Avatar
    Hendrik

    After installing the Server 2020 Patch 1, “Microsoft.VisualStudio.Services.Feed.Server.dll” is on version “18.170.30525.1” and not “18.170.30723.6”
    The “CheckInstall” command reports the patch as installed.

      • Avatar
        Gloridel MoralesMicrosoft employee

        Hi Hendrik, I just updated the blog instructions with the correct file for validation. It should be

        [INSTALL_DIR]\Azure DevOps Server 2020\Application Tier\bin\Microsoft.Teamfoundation.Framework.Server.dll

        . Thanks again for installing and for reporting this.

      • Avatar
        Gloridel MoralesMicrosoft employee

        Hi Necati, thank you for installing the patch. I just updated the blog instructions with the correct file for validation. It should be

        [INSTALL_DIR]\Azure DevOps Server 2020\Application Tier\bin\Microsoft.Teamfoundation.Framework.Server.dll
  • Avatar
    Tore Østergaard Jensen (TORE)

    Can you elaborate or supply a link for the item “Fix issue with TFVC not processing all results” in relation to ADS 2020?

    It seems to not be present in the release notes:
    https://docs.microsoft.com/da-dk/azure/devops/server/release-notes/azuredevops2020?view=azure-devops#azure-devops-server-2020-patch-1-date-december-8-2020

    Whereas it is available on the ADS 2019 release notes. Does that mean that it is not affecting ADS 2020?

  • SHADAB PATHAN
    SHADAB PATHAN

    When we try install the latest patch6(devops2019.1.1patch6.exe) on our Azure Devops server 17.153.29207.5 (AzureDevOps2019.Update1),I am getting the below error
    Microsoft (R) AzureDevOpsPatch – Azure DevOps Server update tool – version 17.153.30723.5
    Copyright (c) Microsoft Corporation. All rights reserved.

    Logging going to ‘C:\ProgramData\Microsoft\Azure DevOps\Server Configuration\Logs\Patch_2020-12-21_14-38-59.log’

    Checking SOFTWARE\Microsoft\TeamFoundationServer\17.0 to see if Azure DevOps Server is installed
    Found InstallPath: D:\Azure DevOps Server 2019\
    Found InstallVersion: 17.153.29207.5
    Could not find Patch version in registry, no patches installed.
    The Application Tier is configured.
    The Search Tier is not configured.
    The Proxy Tier is not configured.
    This patch does not apply to Azure DevOps Server version 17.153.29207.5.

    Hit Enter to exit.

    Can you please let us know how to proceed further on this

  • Avatar
    Woodward, Heather

    After installing upgrade from Server 2019 to Server 2020, then attempting to run Patch 1, “Microsoft.VisualStudio.Services.Feed.Server.dll” is on version “18.170.30723.6”, however, TFS Configuration management shows that the version is still “18.170.30525.1” and the web browser reference the old patch, as well.

    Is there anyway to confirm everything updated properly?

    • Avatar
      Gloridel MoralesMicrosoft employee

      Hi Heather, you have the patch installed since the dll has the correct version. You can also check ‘[INSTALL_DIR]\Azure DevOps Server 2020\Application Tier\bin\Microsoft.Teamfoundation.Framework.Server.dll’ to see if it is on version 18.170.30723.6.

  • Avatar
    raynman

    We are planning on upgrading to TFS 2015 4.2 Patch 7 but I don’t see an “uninstall” option to use if we have issues. Is there one?

    If not, I presume we have to uninstall TFS 2015 4.2 and reinstall from scratch?

    I presume patch 7 must be applied to all servers with TFS 2105 4.2 installed including the TFS 2015 XAML Build servers?

    The patches don’t touch the TFS Databases do they?

    Thanks!

    • Avatar
      Gloridel MoralesMicrosoft employee

      Hi raynman, we don’t have an uninstall option for patches. Regarding the 2015 installation, you should install the patch in all 2015.4.2 instances. If you have 2015, you should first update to 2015.4.2 before installing this patch. Lastly, we don’t include database changes with these patches.