This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8742.
Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.
This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:
- SharePoint Framework (SPFx)
This public update also delivers all the features previously included in Feature Pack 1 for SharePoint Server 2016, including:
- Administrative Actions Logging
- MinRole enhancements
- SharePoint Custom Tiles
- Hybrid Auditing (preview)
- Hybrid Taxonomy
- OneDrive API for SharePoint on-premises
- OneDrive for Business modern experience (available to Software Assurance customers)
The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that it is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.
For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).
Improvements and fixes
- Reduce the memory usage for dictionary compilation.
You can't access a content type hub after the Hybrid Content Type feature is enabled.
After you edit the recurrence count of an event series of a SharePoint calendar list, event ID 5214 is logged in the Application Event Log.
You can now create and deploy Client-Side Web Parts to SharePoint On-Premises sites.
Translate some terms in multiple languages to make sure that the meaning is accurate.
Multiple properties in Microsoft Identity Manager (MIM) can't be updated at a same time by using existing update mechanisms. For example, the Assistant and Manager properties can't be updated at a same time.
Custom properties of documents can now be mapped in the search schema. This update also increases PDF compatibility when indexing.
In a trusted Security Assertion Markup Language (SAML) configuration, Office Web Apps Server flows and other OAuth-based flows don't work when certain claims aren't available in the token. For example, when you sign in to a web application that uses AD FS authentication, you can't open a file for which you have permissions granted through an AD security group membership in the browser (Office Web Apps Server Server).
If a page doesn't have a published version, the variation page creates a page that has version "1.511" rather than the expected version of "0.1" in the target labels.
You can't access the SharePoint Admin site after you create a farm.
When you select to show more posts on MySite host, some feeds may be missing.
In a multi-tenant configuration, the People Picker will respect the tenant (subscription) property (UserAccountDirectoryPath) for search and resolve operations. Therefore, the resolve operation will not find a user in another organization unit.
Farm administrators can now add and remove other users from the User Profile Service Application administration.
When you try to upload files to a folder that has Swedish characters, you receive the following error message:
Sorry, something went wrong. The file or folder name "xxx" contains invalid characters. Please use a different name.
This security update contains improvements and fixes for Project Server 2016:
- Consider the following scenario:
- You create a Gantt Chart format and then select to display at least one of the custom duration bars.
- You edit a Project view and then set the Gantt Chart format to one that has custom duration bars.
- You edit a project in Project Web App.
- You apply the project view.
In this situation, the view doesn't load, and you receive the following error message:
The view failed to load. Press OK to reload this view with the default settings. Press Cancel to select another view.
- When you edit a task and select the Show More button, the focus isn't set on the first uncovered field.
- When you call the GetTimePhase method on the StatusAssignmentCollection that's exposed on an EnterpriseResource object in CSOM, the Status Broker permission is ignored.
How to get and install the update
Method 1: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Method 2: Microsoft Download Center
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
Security update deployment information
For deployment information about this update, see security update deployment information: September 12, 2017.
Security update replacement information
This security update doesn't replace any previously released update.
File hash information
|Package Name||Package Hash SHA 1||Package Hash SHA 2|
For the list of files that cumulative update 4011127 contains, download the file information for update 4011127.
How to get help and support for this security update
Help for installing updates: Windows Update FAQ
Security solutions for IT professionals: Security Support and Troubleshooting
Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure
Local support according to your country: International Support
Propose a feature or provide feedback on Office: Office User Voice portal