Description of the security update for SharePoint Server Subscription Edition: December 14, 2021 (KB5002045)

Summary

This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities, see the following security advisories:

• Microsoft Common Vulnerabilities and Exposures CVE-2021-42294

• Microsoft Common Vulnerabilities and Exposures CVE-2021-42309

• Microsoft Common Vulnerabilities and Exposures CVE-2021-42320

• Microsoft Common Vulnerabilities and Exposures CVE-2021-43242

Improvements and fixes

This security update contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition:

• Fixes an issue in which you receive an "Exception from HRESULT: 0x80131904" error message when you double-click the Issues list in the asset picker.

• Fixes an issue in which you receive a "Type not allowed" error message when you try to restore a search service application.

• Fixes an issue in which a "No UI" error message is generated if a user cannot be added to a group in a modern team site.

• Fixes an issue in which you unexpectedly are able to match the registered issue name with a null string.

• Fixes an issue in which the Import-SPWeb cmdlet does not import a site that was created in Microsoft SharePoint Server 2007.

• Fixes an issue in which the icon of the OneNote (.one) files is not displayed correctly on the search results page of the SharePoint home page.

• Fixes an issue in which a document library in the Modern UI view is blank if the URL contains Unicode characters.

• Fixes an issue in which the DetailsList component does not have valid values in the list of a modern team site or a communication site.

• Fixes an issue in which the issue buttons do not have valid values in the share panel of a communication site.

• Fixes an issue in which a label is not associated with the drop-down button in the left navigation pane of a modern team site.

• Fixes an issue in which the Hero web part does not have valid values in a communication site.

• Fixes an issue in which a link does not follow the system settings in the high contrast mode of the Quick Links web part.

• Fixes an issue in which uninstalling or changing Microsoft SharePoint Server Subscription Edition in the Programs and Features item of Control Panel does not open a dialog box that prompts you to uninstall or change the program. After you install this update, when you uninstall or change Microsoft SharePoint Server Subscription Edition, you will see a dialog box that asks a question similar to "Are you sure you want to uninstall (or change) Microsoft SharePoint Server Subscription Edition?"

• Fixes an issue in which the focus is not visible when you select Create a site in the high contrast mode of a modern team site.

• Fixes an issue in which the screen reader remains silent when a user who depends on the assistive technologies navigates to the search box on the Site Contents page.

This security update also contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition. To enable the improvements or fix the issues completely, you have to install KB 5002047 together with this update.

• Adds a Timer job to detect and repair content database inconsistencies in the SharePoint Server configuration.

• Fixes an issue in which the New-SPCertificate does not accurately show which parameters are required and which are optional.

• Fixes an issue in which the classic view does not show the Follow status.

How to get and install the update

More information

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security