Description of the security update for SharePoint Enterprise Server 2016: September 11, 2018

Applies to: SharePoint Server 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8426, Microsoft Common Vulnerabilities and Exposures CVE-2018-8428, and Microsoft Common Vulnerabilities and Exposures CVE-2018-8431.

Note To apply this security update, you must have the release version of SharePoint Enterprise Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:

  • SharePoint Framework (SPFx)

This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including:

  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.

For more information, see the following Microsoft Docs articles:

New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1)

New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues for SharePoint Server 2016:

  • When you upload a document to a folder in a document library by using the Microsoft Edge browser, you can't select a destination folder.
  • Assume that you set Managed Navigation for a subsite. When you navigate to a page on the subsite through the friendly URL of its term, the query variable {Page} or {Page.URL} returns an invalid URL for the page.
  • If a document is followed by a user, and its name contains special characters, you can't open the document.
  • This update addresses some issues about the SharePoint Properties Panel in Word 2016. For example, when a document is renamed or a document has required properties, you receive the following error message:

    No SharePoint properties found.

    This update also addresses the encoding issue of the document URL.

  • When you right-click an Analytic Chart or Grid in a PerformancePoint dashboard page, and then you select Filter > Top 10, you may receive the following error message:

    An unexpected error occurred.

  • This update increases the maximum length of URLs to 4,000 characters for reporting databases.

This security update contains improvements and fixes for the following nonsecurity issues for Project Server 2016:

  • You can't update the Status Manager field for a task through the Client-Side Object Model (CSOM).
  • When you create and insert a new task into a collapsed task outline in a project through the Client-Side Object Model (CSOM), the new task may be inserted at the wrong location in the project.
  • When you assign a resource to a task through the Client-Side Object Model (CSOM), this is done based on the resource name instead of pairing the resource and task GUID fields. As a result, the resource that is assigned to the task is not the one that is specified through CSOM.
  • When the scheduled Backup and Restore Timer job runs, SQL Server deadlocks occur when an archived version of the project has to be deleted before a new version can be written.
  • If a task link is created between two tasks, the dependency type of the task link can't be changed through the Client-Side Object Model (CSOM).
  • The Task IsLockedByManager property can't be set through the Client-Side Object Model (CSOM).
  • You can't get the department that is associated with a custom field through the Client-Side Object Model (CSOM).
  • When you try to get an enterprise resource through the Client-Side Object Model (CSOM), the RES_ID property (the Unique ID of an enterprise resource), isn't returned in the same manner as it is through the Project Server Interface (PSI).
  • You can't return a list of template projects by using the Client-Side Object Model (CSOM) ProjectCollection.
  • You can't update a Lookup Table mask through the Client-Side Object Model (CSOM). Therefore, you can't programmatically add a value to the Lookup Table at the level that is not defined in the mask.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: September 11, 2018.

Security update replacement information

This security update replaces previously released security update KB4032256.

File hash information

File name SHA1 hash SHA256 hash
sts2016-kb4092459-fullfile-x64-glb.exe 1A1C5F2C86A65F23232827E58FBEFFC572C1EF79 3B0E897016BD417E92828CFE0CCE8DE929350B33A09CB6728E8BC7799584DD56


File information

For the list of files that are included in the security update 4092459, download the file information.

How to get help and support for this security update


Help for installing updates: Windows Update: FAQ

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support