Description of the security update for SharePoint Enterprise Server 2016: January 9, 2018

Applies to: SharePoint Server 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about the vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE) documents:

Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2016 installed on the computer.

This public update also delivers all the features that were previously included in Feature Pack 1 for SharePoint Server 2016, including:

  • Administrative Actions logging
  • MinRole enhancements
  • SharePoint custom tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the user experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.

For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues for Microsoft SharePoint Server 2016:

  • Data validation fails when you publish a site page if the regional setting is Norwegian (Bokmål), and you receive the following error message:

  • When you run a search crawl for a Line of Business Data (BDC) type of content source that contains blob files, you receive an error message in the crawl and ULS-logs that contains:

    The blob files don’t get indexed, and you cannot search for them.

  • When you upload a document or a folder and then share it to other users by selecting Share > Shared With > Email Everyone, the recipients receive an email message that has a broken link if the document or folder has a white space in the file name.

  • This update fixes an OAuth regression in Windows Claims mode that occurs if a user has permissions to access a SharePoint site through an Active Directory security group. This affects SharePoint workflows among other scenarios.

  • Consider the following scenario:

    • You go to the Delete Enterprise Objects page and choose timesheets.
    • You select from and through dates.
    • You select the Delete button.

    The process begins, but then you see an error message that resembles the following:

    When you look at the queue jobs, you find that they have not completed. This problem can occur if there are many thousands of timesheets and many hundreds of reporting periods.

  • You cannot restore a site collection if Remote BLOB Storage (RBS) is enabled in a SharePoint 2016 farm. In addition, you receive an error message that resembles the following:

    After you install this update, you can restore site collection for the RBS content database.

  • You cannot upload the changes for a document through Microsoft Office 2010 clients to SharePoint Server 2016.

  • Improves the translation for the Find a file search box in the Catalan version of SharePoint 2016 language pack.

  • Translates the Learn More information and link texts in multiple languages for the self-service site creation feature on the Admin site.

  • When you set a result source that’s created at Search Service Application (SSA) level as default at a site or site collection level, the result source is not used as expected if you don’t have any other search customizations. Instead, the out-of-box default result source Local SharePoint Results is still used.

  •  The proxy server that is configured at the Search Service Application (SSA) level is not used when you search.

  •  You cannot deploy changes on navigation by using content deploy feature.

  • After you install the updates Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017 and October 10, 2017, update for SharePoint Enterprise Server 2016 (KB4011161), views in the pjrep schema, which are used for reporting, are lost.

  • Translates some terms in multiple languages to make the meaning accurate.

  • You cannot load EditForm.aspx pages if you use a custom master page that contains allow farming web parts. You also receive the following error message:

  • In certain cases if no options under Display Settings are selected, when you try to upload a new profile picture by selecting the Upload Picture button, the dialog box doesn’t function correctly.

  • The SharePoint Framework (SPFx) page crashes when the site’s regional setting is changed.

 

  • You cannot create projects by using the Project Server 2016 client-side object model (CSOM) if some required fields are missing.
  • Actual work that has been reported by team members in a project inadvertently gets spread differently than what was reported. For example, the actual work hours of 2, 2, 2, 2 are changed to 1.78, 1.78, 1.78, 2.45. The totals stay the same, but the time-phased work appears differently across the days. This issue occurs in certain situations when the project is edited in Project Web App even though the task setting and display server option Only allow task updates via Tasks and Timesheets are enabled.

  • SharePoint security groups may not be populated with the correct users when  the Project Server Active Directory synchronization process runs. As a result, users may not be able to log on to Project Server or may have the wrong permissions.

  • Consider the following scenario:

    • You have an Administrative category that enables multiple lines.
    • You create a timesheet and add a new non-project line that uses the category in the timesheet.
    • You change the default name or description for the non-project line to a new name and then save the timesheet.
    • After that, you go to the next timesheet period, and then check the administrative task.

    In this situation, you see the task in the next timesheet period, but the task name or description doesn’t carry over.

How to get and install the update


Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: January 9, 2018.

Security update replacement information

This security update replaces previously released security update KB 4011576.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
sts2016-kb4011642-fullfile-x64-glb.exe FADE06520B3767CEFB9FD2250D3EE5CD56E17EB7 5DBE3416D9AC19D00427B869D794BAD6BF8BE8F0400B84BB0B8D59D389B26046

File information

For the list of files that update 4011642 contains, download the file information.

How to get help and support for this security update


Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Propose a feature or provide feedback on SharePoint: SharePoint User Voice portal