Description of the security update for SharePoint Enterprise Server 2016: February 13, 2018

Applies to: SharePoint Server 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0864.

Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.

This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:

  • Administrative actions logging
  • MinRole enhancements
  • SharePoint custom tiles
  • Hybrid auditing (preview)
  • Hybrid taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience. For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1).

Improvements and fixes


This security update contains the following nonsecurity improvements and fixes for SharePoint Server 2016:
  • Enables Access 2016 application packages to be installed in SharePoint Server 2016 on-premises version together with SQL Server 2017. 
  • Fixes the following issues:
    • When you search by using path search and the file name is longer than 961 characters, the search doesn’t return any results, or the results aren't as expected.
    • When a SharePoint site contains a document set that's stored in new site collection, another web application, or another content database, you can't add a new document by using the “Document Set” content type. In addition, when you try to access an existing document in a set, you receive an error message resembles the following:

    • Some ribbon buttons incorrectly appear grayed out  when you select documents. 
    • When you have a User Profile service application configured but don’t have My Site configured, the SharePoint users can't access the My Language And Region setting. 
    • You can't filter items on Content Type by using representational state transfer (REST) application programming interfaces (APIs). 

This security update contains the following nonsecurity improvements and fixes for Project Server 2016:

  • Assume that a Project Web App site is configured to use Host Headers for the site collection. In this case, the drop-down menus on the Force in/out field for the project selection in portfolio analyzer views don't work correctly.
  • In some cases, the timesheet status is displayed as "Not Approved" even though the timesheet has been approved. 
  • Consider the following scenario:
    • You have a Project Server 2016 and a Project Web App instance provisioned.
    • You have at least one resource defined.
    • You log on the Project Web App site instance, locate the Resource Center view, select a resource, open the Resource tab in the ribbon, and then select the Capacity Planning button.
    • In Capacity Planning views, you look for the Export to Excel button to export the details table.

    In this situation, the Export to Excel functionality is missing because the button does not exist.

  • Consider the following scenario:
    • You have a task that has a resource assigned.
    • The task has a split in it. For example, there's a week of work, a week with no work, and then a final week that has work.
    • In the timesheet for this task, you enter hours on the task so that the work is completed up to the date where the split begins.
    • The timesheet is submitted and then the status update is approved.
    • After that, the project is opened in Project Web App, and the task finish date is adjusted to a date that’s after the actual work is completed. For example, the actual finish date is set to the middle of the week where there is no work.

    In this situation, the actual work is spread over the whole duration.

How to get and install the update


Method 1: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information


Security update deployment information

For deployment information about this update, see security update deployment information: February 13, 2018.

Security update replacement information

This security update replaces previously released security update KB 4011642.

File hash information

Package name Package hash SHA 1 Package hash SHA 2
sts2016-kb4011680-fullfile-x64-glb.exe 8E4D26B8248709EABB7B7D74DD05F38F337E5DD5 B1624DCD955C3EE03060FC7E4D8C9844FE8F5086477693B8EB71456724AD0F9A

File information

For the list of files this cumulative update KB 4011680 contains, download the file information for update KB 4011680

How to get help and support for this security update

Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Propose a feature or provide feedback on SharePoint: SharePoint User Voice portal