Description of the security update for SharePoint Enterprise Server 2013: September 11, 2018

Applies to: Microsoft SharePoint Server 2013 Service Pack 1


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8426, Microsoft Common Vulnerabilities and Exposures CVE-2018-8428, and Microsoft Common Vulnerabilities and Exposures CVE-2018-8431.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft SharePoint Server 2013 installed on the computer.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issue:

Assume that you set Managed Navigation for a subsite. When you navigate to a page on the subsite through the friendly URL of its term, the query variable {Page} or {Page.URL} returns an invalid URL for the page.

Known issues in this security update

When you try to move document sets to a records center after applying KB4092470, you may see an unexpected error. To resolve this issue, install the October 9, 2018, cumulative update for SharePoint Enterprise Server 2013 (KB4461458).

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: September 11, 2018.

Security update replacement information

This security update replaces previously released security update KB4022235.

File hash information

File name SHA1 hash SHA256 hash
coreserverloc2013-kb4092470-fullfile-x64-glb.exe 6AE1A40175CC8B0FB0FD84B759CF73BDF01EF4C4 D1A0E38DE9545DEB1EF3FEB1845AACA7EC12A1D1A9CCE824A6FB9C802A3D57DD

File information

For the list of files that are included in the security update 4092470, download the file information.

How to get help and support for this security update

Help for installing updates: Windows Update: FAQ

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support