Applies ToSharePoint Server Subscription Edition

Summary

This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-28288.

Notes: 

  • This is build 16.0.16130.20314 of the security update package.

  • To apply this security update, you must have the release version of Microsoft SharePoint Server Subscription Edition installed on the computer.

Improvements and fixes

This security update contains an improvement and fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:

  • Ensure that the SharePoint farm service account is in the database owner group of a subscription settings service application database.

  • Fixes an issue in which removing the document library web part title in edit mode moves the See all button and prevents subsequent changes to the title.

  • Fixes an issue in which changing the target document library of the document library web part doesn't change the title.

  • Fixes an issue in which the modern document library web part cannot upload files larger than 25 MB.

  • Fixes an issue in which changes made in the Document Information Panel (DIP) from Microsoft Word isn't reflected in SharePoint.

  • Fixes an issue in which the Office Online Server-based document previews don't work if the document contains Korean characters.

  • Fixes an issue in which the username and password input fields are disabled when you select the Authenticated radio button on the Outgoing E-Mail Settings page in the Central Administration site.

  • Fixes an issue in which the OneDrive Next Generation Sync Client gets stuck in the "Sync pending" state when you upload files to a shared folder of My Site.

  • Fixes an issue in which only one list can show list items in display form when there are multiple external lists. After this change, list items from all forms can be shown.

  • Fixes an issue in which the resolved user in a PersonWithoutPresence field temporarily shows "No Results" instead of populating the field immediately after you select the user.

  • Fixes an issue in which the modern site can't be opened by using the Internet Explorer browser.

  • Fixes an issue in which the Text web part always shows only the Loading pointer (spinning circle) instead of content that you copy and paste from the Microsoft Word or Microsoft OneNote desktop application.

  • Fixes an issue in which the document library web part doesn't provide an error message that indicates a name conflict if you can't upload an existing file or folder.

Known issues in this update

Search service applications cannot be successfully created starting with the March 14, 2023 security update for SharePoint Server Subscription Edition (KB 5002355). The Search Service Application: Search Administration page in Central Administration will show the administrative status of newly created Search service applications as "The search service is not able to connect to the machine that hosts the administration component." Search service applications created before the March 14, 2023 security update is installed are unaffected and will continue to function normally. 

This issue is fixed in the Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 (KB5002390).

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information

Security update deployment information

For deployment information about this update, see Deployments - Security Update Guide.

Security update replacement information

This security update replaces previously released security update 5002355.

File hash information

File name

SHA256 hash

uber-subscription-kb5002375-fullfile-x64-glb.exe

C154064C9480033A27762411B0FE03FF3814DEE74B031E1B5C03C8A98A32B1BE

File information

Download the list of files that are included in security update 5002375.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security

Change history

The following table summarizes some of the most important changes to this topic.

Date

Description

May 9, 2023

Added a fix for the known issue in the "Known issues in this update" section.
Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders