MS17-002: Description of the security update for SharePoint Server 2016: January 10, 2017

Applies to: SharePoint Server 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS17-002.

Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article 3214291.

This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:
  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)
The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that it is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn the OneDrive for Business modern user experience off. See New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) for more information.

Improvements and fixes


This security update contains the following improvements and fixes for SharePoint Server 2016:  
  • Some terms are translated into multiple languages to make sure that the meaning is accurate.
  • You can't access the Shortcuts link through keyboard in grid edit mode of a SharePoint task list. Additionally, screen readers can't read or access information panels in SharePoint Server 2016.
  • The PSConfig tool may recommend incorrect cmdlets.
  • Sometimes, the PSConfig tool shows the upgrade as 100 percent completed even though it still takes some time before the tool moves to the next status. This problem occurs because the tool must complete some minor steps after it upgrades the products. Progress messages are displayed for these steps.
  • Fixes the following cmdlet legacy issues of the Administrative Actions Logging feature:
    • Support partial execution for the cmdlet and update the help document correspondingly.
    • Refine the messages for some exceptions and logs.
  • After you try to configure and use the Lotus Notes connector for SharePoint Server, the crawl fails.
  • You can't use the CSOM API to set the BookingType property for enterprise resources in projects.
  • A system access control list (SACL) isn't read correctly for large file paths that exceed the Windows limitation of 260 characters. This causes the SACL to be discoverable by any user in the query results even if the user doesn't have the appropriate permissions.
  • After you make multiple changes to the same user in quick succession in SharePoint Server 2016, the Quick Sync job can't be completed successfully.
  • When you configure hybrid taxonomy, the specified Local Term Store Name parameter is now case-insensitive even though it was previously case-sensitive.
  • You can't restore site collection that have site URLs. Additionally, you receive the following error message: 
    Error: Violation of PRIMARY KEY constraint 'PK_SiteUrlMap'. Cannot insert duplicate key in object 'dbo.SiteUrlMap'

  • When you add a subtask to an existing subtask of a SharePoint task list, multiple subtasks are created instead of just one subtask, in certain conditions.
  • When you copy and paste subtasks in grid edit mode of a SharePoint task list, multiple subtasks are created unexpectedly.
  • SharePoint Server 2016 becomes unresponsive and the server experiences high CPU usage that requires a restart. Additionally, you can't access sites, or you get extremely slow page load times.
This security update also contains improvements and fixes for Project Server 2016:
  • When you apply status updates in PWA, actual work is added to some assignments unexpectedly. For example, you have an assignment that has 35 hours total work, and the status update is to apply 9 hours. When you view the results in Project Professional, you find that the assignment is unexpectedly completed. Meanwhile, the total work and the actual work have increased to 400 hours.

How to get and install the update


Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3214291.

Security update replacement information

This security update doesn't replace any previously released update.

File hash information

Package namePackage hash SHA 1Package hash SHA 2
sts2016-kb3141486-fullfile-x64-glb.exe1B30B50FEB5FB3F8D764C6C0D6523DBA5BE05C1E4A21ACD01FD617A60C7A3782E322289C15252E5FD297C298AF32B09744B340E1

File information

For the list of files that cumulative update KB3141486 contains, download the file information for update KB3141486.