Summary
This security update resolves a cross-site-scripting (XSS) vulnerability that exists when Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. This update also resolves a remote code execution vulnerability that exists in Microsoft Word software when it fails to correctly handle objects in memory. To learn more about the vulnerabilities, see the following:
-
Microsoft Common Vulnerabilities and Exposures CVE-2019-1031
-
Microsoft Common Vulnerabilities and Exposures CVE-2019-1032
-
Microsoft Common Vulnerabilities and Exposures CVE-2019-1033
-
Microsoft Common Vulnerabilities and Exposures CVE-2019-1034
-
Microsoft Common Vulnerabilities and Exposures CVE-2019-1036
Note To apply this security update, you must have the release version of Microsoft SharePoint Enterprise Server 2016 installed on the computer.
This public update delivers Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 contains the following feature:
-
SharePoint Framework (SPFx)
This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including the following:
-
Administrative Actions Logging
-
MinRole enhancements
-
SharePoint Custom Tiles
-
Hybrid Auditing (preview)
-
Hybrid Taxonomy
-
OneDrive API for SharePoint on-premises
-
OneDrive for Business modern user experience (available to Software Assurance customers)
The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.
For more information, see the following Microsoft Docs articles:
Improvements and fixes
Contains the following improvements in SharePoint Server 2016:
-
Adds the new Japanese era name in the Japanese word breaker to make sure that the new era name can be correctly broken during a search.
-
Spanish is now an option among the search language preference in the SharePoint classic search if users from Argentina and other countries from South America set Spanish as their language preferences in the browser.
Contains fixes for the following nonsecurity issues in SharePoint Server 2016:
-
When you start crawling for some content that has many links, the crawl fails because the number of links exceeds a search limitation. After multiple failures, the content is deleted unexpectedly. After this update is installed, you can set the maximum number of links that are sent to the index by using the ContentPIMaxNumLinks property. To set ContentPIMaxNumLinks (for example, to 10,000), you can use commands that resemble the following:
$ssa = Get-SPEnterpriseSearchServiceApplication $ssa.SetProperty("ContentPIMaxNumLinks", 10000) $ssa.Update()
-
Assume that you enable McAfee Security for SharePoint Server 2016. When you access a large OneNote file that has an attachment in SharePoint Server 2016, an application pool crashes intermittently.
-
You experience errors when you create a document that is set to use the DD/MM/YYYY date format. This issue may occur if users configure their My Site Profile information to use their local regional settings, such as French/Luxembourg.
-
The SharePoint file plan report doesn’t generate the hyperlink for a URL that contains special characters, such as white spaces.
-
Assume that you view a Datasheet View on a list by using the Internet Explorer browser. You try to paste a cell that has multiple lines of text from an Excel worksheet into a field that uses the Multiple lines of text type option in the Datasheet view. When you try to paste the cell, you receive an error message, and the paste operation fails.
Contains fixes for the following nonsecurity issues in Project Server 2016:
-
Adds the PublishSummary method for the ProjectCollection class in the client-side object model (CSOM) so that project-level fields on a project can be published independently from the entire project.
-
Updating resources through the client-side object model (CSOM) takes a long time or causes a time-out.
-
When you update a task in a timesheet, after the status update is applied to the project, in Project you may observe unexpected results to the resource assignment. For example, the custom remaining work contour has changed to Flat. Or, the finished date of the assignment on a fixed duration task is earlier than expected.
How to get and install the update
Method 1: Microsoft Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
More Information
Security update deployment information
For deployment information about this update, see security update deployment information: June 11, 2019.
Security update replacement information
This security update replaces previously released security update 4464549.
File hash information
File name |
SHA1 hash |
SHA256 hash |
---|---|---|
sts2016-kb4464594-fullfile-x64-glb.exe |
C05969B67A7B456F4B1BE153C3E0AF2AE187BFD5 |
BF40C24305947D942733050B9FF8F33B29421049FC9DF88794F196498A1A2496 |
File information
Download the list of files that are included in security update 4464594.
How to get help and support for this security update
Help for installing updates: Protect yourself online Help for protecting your Windows-based computer from viruses and malware: Microsoft Security Local support according to your country: International Support