Description of the security update for SharePoint Server 2016: May 9, 2017

Applies to: SharePoint Server 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0254 and Microsoft Common Vulnerabilities and Exposures CVE-2017-0281.

Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.

This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:

  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that it is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn the OneDrive for Business modern user experience off. See New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) for more information.

Improvements and fixes


This security update contains the following improvements:

  • Enable administrators to change document parsing timeout and memory limit.

     

  • Adds a PreserveDeletedUserMetadataReferences switch to Import-SPWeb. Adding this switch lets references to deleted users who are referenced by the list item author and editor metadata be preserved.

     

  • Translates some terms in multiple languages to make sure that the meaning is accurate.

     

This security update fixes the following nonsecurity issues for Project Server 2016:

  • The March 2017 public update provided the necessary WSDL files in order to programmatically access the Project Server Interface (PSI). However, the WDSL files were not completely correct. Therefore, even after the update is installed, it wasn't possible to access the various PSI end points.

     

  • When you run an administrative backup and an administrative restore of Enterprise custom fields, the restore fails at 29 percent completion. You also see a DatabaseForeignKeyViolationError (50002) queue error.
     

     

This security update fixes the following nonsecurity issues for SharePoint Server 2016:

  • When you lose SharePoint sites that are upgraded from SharePoint 2013 to SharePoint 2016, sites fail to load because of multiple web parts not upgrading and referencing the wrong version. SSRS Web Part and SPListFilter are two examples. After you install this update, the upgrade of such pages will complete without errors.
     

     

  • When you run an administrative backup and an administrative restore of Enterprise custom fields, the restore fails at 29 percent completion. You also see a DatabaseForeignKeyViolationError (50002) queue error.

     

  • For remote SharePoint calls in hybrid, the query rewrite in the result source is added to the query two times. This could cause an unexpected recall for custom query rewrites.

     

  • SharePoint outbound email messages incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages from being sent. After you install this update, SharePoint sends email messages anonymously without authentication.

     

 

How to get and install the update


Method 1: Microsoft Update

Method 2: Microsoft Update Catalog

Method 3: Microsoft Download Center

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: May 9, 2017.

Security update replacement information

This security update doesn't replace any previously released update.

File hash information

Package name Package hash SHA 1 Package hash SHA 2
sts2016-kb3191880-fullfile-x64-glb.exe 78CC17726DCA743AC8E9917FC50F5AA5E72C0710 340459F54B2CCCBB263A240C5C77C44D6141438A3859BE9B98C5FDE4A0A6CCFA

File information

For a list of the files that are provided in this cumulative update KB3191880, download the file information for update KB3191880.

How to get help and support for this security update