Summary
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about the vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE) documents:
Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2016 installed on the computer.
This public update also delivers all the features that were previously included in Feature Pack 1 for SharePoint Server 2016, including:
-
Administrative Actions logging
-
MinRole enhancements
-
SharePoint custom tiles
-
Hybrid Auditing (preview)
-
Hybrid Taxonomy
-
OneDrive API for SharePoint on-premises
-
OneDrive for Business modern experience (available to Software Assurance customers)
The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the user experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.
For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).
Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues for Microsoft SharePoint Server 2016:
-
Data validation fails when you publish a site page if the regional setting is Norwegian (Bokmål), and you receive the following error message:
You must specify a valid date within the range of 01.01.1900 and 31.12.8900.
-
When you run a search crawl for a Line of Business Data (BDC) type of content source that contains blob files, you receive an error message in the crawl and ULS-logs that contains:
CRobotThread::Thread failed to move BDC blob file.
The blob files don’t get indexed, and you cannot search for them.
-
When you upload a document or a folder and then share it to other users by selecting Share > Shared With > Email Everyone, the recipients receive an email message that has a broken link if the document or folder has a white space in the file name.
-
This update fixes an OAuth regression in Windows Claims mode that occurs if a user has permissions to access a SharePoint site through an Active Directory security group. This affects SharePoint workflows among other scenarios.
-
Consider the following scenario:
-
You go to the Delete Enterprise Objects page and choose timesheets.
-
You select from and through dates.
-
You select the Delete button.
The process begins, but then you see an error message that resembles the following:
Sorry, something went wrong
An unexpected error has occurred.
Technical Details
Troubleshoot issues with Microsoft SharePoint Foundation.
Correlation ID: 0xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Date and Time: <Date> <Time>
When you look at the queue jobs, you find that they have not completed. This problem can occur if there are many thousands of timesheets and many hundreds of reporting periods.
-
-
You cannot restore a site collection if Remote BLOB Storage (RBS) is enabled in a SharePoint 2016 farm. In addition, you receive an error message that resembles the following:
Restore-spsite : Specified cast is not valid.
After you install this update, you can restore site collection for the RBS content database.
-
You cannot upload the changes for a document through Microsoft Office 2010 clients to SharePoint Server 2016.
-
Improves the translation for the Find a file search box in the Catalan version of SharePoint 2016 language pack.
-
Translates the Learn More information and link texts in multiple languages for the self-service site creation feature on the Admin site.
-
When you set a result source that’s created at Search Service Application (SSA) level as default at a site or site collection level, the result source is not used as expected if you don’t have any other search customizations. Instead, the out-of-box default result source Local SharePoint Results is still used.
-
The proxy server that is configured at the Search Service Application (SSA) level is not used when you search.
-
You cannot deploy changes on navigation by using content deploy feature.
-
After you install the updates Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017 and October 10, 2017, update for SharePoint Enterprise Server 2016 (KB4011161), views in the pjrep schema, which are used for reporting, are lost.
-
Translates some terms in multiple languages to make the meaning accurate.
-
You cannot load EditForm.aspx pages if you use a custom master page that contains allow farming web parts. You also receive the following error message:
Sorry, something went wrong
An unexpected error has occurred.
-
In certain cases if no options under Display Settings are selected, when you try to upload a new profile picture by selecting the Upload Picture button, the dialog box doesn’t function correctly.
-
The SharePoint Framework (SPFx) page crashes when the site’s regional setting is changed.
-
You cannot create projects by using the Project Server 2016 client-side object model (CSOM) if some required fields are missing.
-
Actual work that has been reported by team members in a project inadvertently gets spread differently than what was reported. For example, the actual work hours of 2, 2, 2, 2 are changed to 1.78, 1.78, 1.78, 2.45. The totals stay the same, but the time-phased work appears differently across the days. This issue occurs in certain situations when the project is edited in Project Web App even though the task setting and display server option Only allow task updates via Tasks and Timesheets are enabled.
-
SharePoint security groups may not be populated with the correct users when the Project Server Active Directory synchronization process runs. As a result, users may not be able to log on to Project Server or may have the wrong permissions.
-
Consider the following scenario:
-
You have an Administrative category that enables multiple lines.
-
You create a timesheet and add a new non-project line that uses the category in the timesheet.
-
You change the default name or description for the non-project line to a new name and then save the timesheet.
-
After that, you go to the next timesheet period, and then check the administrative task.
In this situation, you see the task in the next timesheet period, but the task name or description doesn’t carry over.
-
How to get and install the update
Method 1: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Method 2: Microsoft Download Center
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
More Information
Security update deployment information
For deployment information about this update, see security update deployment information: January 9, 2018.
Security update replacement information
This security update replaces previously released security update KB 4011576.
File hash information
Package Name |
Package Hash SHA 1 |
Package Hash SHA 2 |
---|---|---|
sts2016-kb4011642-fullfile-x64-glb.exe |
FADE06520B3767CEFB9FD2250D3EE5CD56E17EB7 |
5DBE3416D9AC19D00427B869D794BAD6BF8BE8F0400B84BB0B8D59D389B26046 |
File information
For the list of files that update 4011642 contains, download the file information.
How to get help and support for this security update
Help for installing updates: Windows Update FAQ Security solutions for IT professionals: Security Support and Troubleshooting Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure Local support according to your country: International Support
Propose a feature or provide feedback on SharePoint: SharePoint User Voice portal