This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8252 and Microsoft Common Vulnerabilities and Exposures CVE-2018-8254.
Note To apply this security update, you must have the release version of SharePoint Enterprise Server 2016 installed on the computer.
This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:
- SharePoint Framework (SPFx)
This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including:
- Administrative Actions Logging
- MinRole enhancements
- SharePoint Custom Tiles
- Hybrid Auditing (preview)
- Hybrid Taxonomy
- OneDrive API for SharePoint on-premises
- OneDrive for Business modern experience (available to Software Assurance customers)
The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.
For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).
Improvements and fixes
- Assume that you use the content editor web part (CEWP) to enter an incorrectly spelled word on a SharePoint page. When you publish the page, the incorrectly spelled word is not underlined, and some letters are deleted.
Full date format uses nominative instead of genitive for month names for some regions. For example, 13 styczen (nominative) is displayed instead of 13 stycznia (genitive) for Polish.
During the AD import for user profile application (UPA), default property settings are reflected for the Work Email property even if the mapping is customized.
Cyrillic characters are not localized correctly in sites, lists, and document names on the Summary page that is created by the Send to connections feature.
Some parts of attachments remain in the database even after the containing folder of the parent list item is deleted. After you install this update and the database is upgraded, subsequent folder deletions delete all parts of the attachments that are associated within the contained list items.
When you try to synchronize a custom time zone from a Business Data Connectivity (BDC) database to a User Profile Application (UPA) database, you receive the System.InvalidOperationException exception.
The Move-SPSite cmdlet causes data loss if Remote BLOB Storage (RBS) is enabled.
When you select a term from the managed metadata on a column header in order to filter a task list, you receive the following error message:
There are no items to show in this view.
The CSOM LookupTable.Entries.Remove() method fails and returns the error:
PJClientCallableException: CICONotCheckedOut CICONotCheckedOut.
This security update contains improvements and fixes for the following nonsecurity issues in Project Server 2016:
It takes a long time to load tasks from a project through client-side object model (CSOM) if custom field lookup table data is also loaded.
It takes a long time to load a project in a Project client that has a large number of long-running resource engagements.
After the migration from Project Server 2013 to Project Server 2016 and SQL Server 2014 to SQL Server 2016, the performance of a custom SQL reporting query is slow.
When you select multiple resource in Project Web App and select to open them in Project Professional 2016, you receive the "Undefined" error message. You should receive an error message that resembles the following:
Your selection exceeds the limit for the number of resources we can open at a time from Project Web App. We opened the enterprise resource pool with the supported number of resources.
If you use the on-premises version of CSOM, the EnterpriseResourceCostRate classes are not available. Therefore, you cannot update resource rates.
Even if a status manager has never touched or owned a given assignment, the Status Update History page still shows the assignment. For example, the status history in the approval center shows a status manager approved an assignment even if the status manager did not approve it.
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
Security update deployment information
For deployment information about this update, see security update deployment information: June 12, 2018.
Security update replacement information
This security update replaces previously released security update KB 4018381.
File hash information
|File name||SHA1 hash||SHA256 hash|
For the list of files that are included in the cumulative update (KB 4022173), download the file information.
How to get help and support for this security update
Help for installing updates: Windows Update: FAQ
Security solutions for IT professionals: TechNet Security Support and Troubleshooting
Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure
Local support according to your country: International Support
Propose a feature or provide feedback on SharePoint: SharePoint User Voice portal