Description of the security update for SharePoint Server 2016: September 12, 2017

S’applique à : SharePoint Server 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8742.

Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:

  • SharePoint Framework (SPFx)

This public update also delivers all the features previously included in Feature Pack 1 for SharePoint Server 2016, including:

  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that it is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.

For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).

Improvements and fixes


This security update contains improvements and fixes for SharePoint Server 2016:
 
  • Reduce the memory usage for dictionary compilation.
  • You can't access a content type hub after the Hybrid Content Type feature is enabled.

  • After you edit the recurrence count of an event series of a SharePoint calendar list, event ID 5214 is logged in the Application Event Log.

  • You can now create and deploy Client-Side Web Parts to SharePoint On-Premises sites.

  • Translate some terms in multiple languages to make sure that the meaning is accurate.

  • Multiple properties in Microsoft Identity Manager (MIM) can't be updated at a same time by using existing update mechanisms. For example, the Assistant and Manager properties can't be updated at a same time.

  • Custom properties of documents can now be mapped in the search schema. This update also increases PDF compatibility when indexing.

  • In a trusted Security Assertion Markup Language (SAML) configuration, Office Web Apps Server flows and other OAuth-based flows don't work when certain claims aren't available in the token. For example, when you sign in to a web application that uses AD FS authentication, you can't open a file for which you have permissions granted through an AD security group membership in the browser (Office Web Apps Server Server).

  • If a page doesn't have a published version, the variation page creates a page that has version "1.511" rather than the expected version of "0.1" in the target labels.

  • You can't access the SharePoint Admin site after you create a farm.

  • When you select to show more posts on MySite host, some feeds may be missing.

  • In a multi-tenant configuration, the People Picker will respect the tenant (subscription) property (UserAccountDirectoryPath) for search and resolve operations. Therefore, the resolve operation will not find a user in another organization unit.

  • Farm administrators can now add and remove other users from the User Profile Service Application administration.

  • When you try to upload files to a folder that has Swedish characters, you receive the following error message:

     

This security update contains improvements and fixes for Project Server 2016:

  • Consider the following scenario:
     
    • You create a Gantt Chart format and then select to display at least one of the custom duration bars.
    • You edit a Project view and then set the Gantt Chart format to one that has custom duration bars.
    • You edit a project in Project Web App.
    • You apply the project view.

    In this situation, the view doesn't load, and you receive the following error message:

  • When you edit a task and select the Show More button, the focus isn't set on the first uncovered field.
  • When you call the GetTimePhase method on the StatusAssignmentCollection that's exposed on an EnterpriseResource object in CSOM, the Status Broker permission is ignored.

How to get and install the update


Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: September 12, 2017.

Security update replacement information

This security update doesn't replace any previously released update.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
sts2016-kb4011127-fullfile-x64-glb.exe 8999E93063FD45B9674BA9DCC884659FDE90487D 12739D0B8BE3A26AAF2B08F6304B93D7FCBF6258B7780A4880CD8470F6D2BF1D

File information

For the list of files that cumulative update 4011127 contains, download the file information for update 4011127.

How to get help and support for this security update


Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Propose a feature or provide feedback on Office: Office User Voice portal