Description of the security update for SharePoint Enterprise Server 2016: December 11, 2018

Applies to: SharePoint Server 2016


This security update resolves vulnerabilities in MicrosoftOffice that could allow remote code execution if a user opens a speciallycrafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8580Microsoft Common Vulnerabilities and Exposures CVE-2018-8635, andMicrosoft Common Vulnerabilities and Exposures CVE-2018-8628.

Note To apply this security update, you must have therelease version of SharePoint Enterprise Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePointServer 2016, which contains the following feature:

  • SharePoint Framework (SPFx)

This public update also delivers all the features that wereincluded in Feature Pack 1 for SharePoint Server 2016, including:

  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available toSoftware Assurance customers)

The OneDrive for Business modern user experience requires anactive Software Assurance contract at the time that the experience is enabled,either by installation of the public update or by manual enablement. If youdon't have an active Software Assurance contract at the time of enablement, youmust turn off the OneDrive for Business modern user experience.

For more information, see the following Microsoft Docsarticles:

Improvements and fixes

This security update contains improvements and fixes for thefollowing nonsecurity issues for SharePoint Server 2016:

  • If there is a "Multiple lines of text" column in aSharePoint list and the "Enhanced rich text " setting is applied tothis column, the content in the column may not be always searchable in a searchcrawl.
  • After youapply an update, the database reporting association views aren't regenerated asexpected when the SharePoint Configuration wizard is run.
  • After security update KB 4032233or KB 4032256is applied, Word 2016 may crash.

This update also fixes a vulnerability through the followingchanges in SharePoint Server 2016:

  • All existing Search Results Web Parts are automaticallyswitched to use asynchronous loading.
  • All newly created Search Results Web Parts use asynchronousloading.
  • Loading behavior is no longer an option in the SearchResults Web Part properties user interface (UI).

See KB 4052414 fordetails.

This security update contains improvements and fixes for thefollowing nonsecurity issues for Project Server 2016:

  • This update provides the UpdateCreatePDP method so that youcan set the "New Project Page" Project Detail Page (PDP) for an enterpriseproject type (EPT) through the Client-Side Object Model (CSOM).
  • While on theTimesheet Adjustment page, you click the Filter button and then you manuallyenter a Custom Date Range date that is outside of the allowable range for the project(such as between 1/1/1984 and 12/31/2149). When you then click the Apply button, thepage fails to load and becomes unrecoverable. You see the following error message: 

    “Sorry, something went wrong.
    Your request has failed for an undetectable reason; you may need to contactyour system or database administrator."

How to get and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When youturn on automatic updating, this update will be downloaded and installedautomatically. For more information about how to turn on automatic updating,see WindowsUpdate: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go tothe MicrosoftUpdate Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through theMicrosoft Download Center. Follow the installation instructions on the downloadpage to install the update.

Update information

Security update deployment information

For deployment information about this update, see securityupdate deployment information: December 11, 2018.

Security update replacement information

This security update replaces previously released securityupdate KB 4461501.

File information

File hash information

File name

SHA1 hash

SHA256 hash





File information

For the list of files that are included in the securityupdate 4461541, download the file information.

How to get help and support for this security update

Protect yourself online and at home: WindowsSecurity support 

Help for protecting your Windows-based computer from virusesand malware: MicrosoftSecure

Local support according to your country: International Support