Description of the security update for SharePoint Server 2019: November 12, 2019

Applies to: SharePoint Server 2019

Summary


This security update resolves an information disclosure vulnerability that exists in Microsoft SharePoint if an attacker uploads a specially crafted file to the SharePoint Server. To learn more about the vulnerability, see the following security advisories:

Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer.

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues:
  • Corrects an issue in which certain HTTP headers are malformed in responses from SharePoint.
  • Corrects an issue in which Publishing Cache items are missing page field data after the IIS app pool restarts.
  • Corrects a "date out of range" exception when a user exports and then imports the site collection while Document ID feature is active.
  • Fixes an issue in which the Product Version Timer Job fails on dedicated Search and Distributed Cache Servers.
  • Fixes an issue in which the web part displays no content if users visit a Content Search Web Part (CSWP) from the Google's page viewer or set the AlwaysRenderOnServer boolean in a Content Search Web Part (CSWP) to True.
  • When you have a Cloud Search Service Application (Cloud SSA) configured in SharePoint Server 2019, searches within the context of a list or library do not return any results.
  • Consider the following scenario:
    • A user tries to access a host name site collection and is prompted to sign in.
    • A host name site collection is deleted while the user's session is still active.

    In this scenario, the user receives an "Access Denied" message on all subsequent attempts to access any other site collections by using that web application until they begin a new session.

    This issue is now resolved.  The fix can be enabled on the server by running the following commands:

    $config = Get-SPSecurityTokenServiceConfig$config.WindowsModeIgnoreCache = $true$config.Update()
  • When the Schedule Variance Percentage (SVP) or Cost Variance Percentage (CVP) earned value becomes very large, an overflow condition occurs. This causes the client-side object model (CSOM) or REST calls that are made while accessing the project to fail. The SVP and CVP values now have a lower limit of -100% and upper limit of 100%.
  • After this update is installed, you can receive information about any type kind of completed queue jobs for a project when you use the new GetAll() method from a REST call.
  • Consider the following scenario:
    • You create a new project in Project Web App.
    • When the schedule project detail page appears, the Project Summary Task is visible.

In this situation, you cannot type in the Task Name field to create a new task.

  • Consider the following scenario:
    • As a timesheet user, you open your timesheet.
    • On an assignment that has no actual work, you enter actual work on a given date.
    • You save the timesheet.
    • You change your mind, and you remove the actual work that you previously entered.
    • You send the timesheet or status update for approval.
    • The status manager approves the update.
    In this scenario, when the assignment is viewed in Project Professional, it has an actual start date set even though you removed the actual work in the timesheet, and this also removed the actual start date. This fix correctly removes the assignment's actual start date in this situation.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information


Security update deployment information

For deployment information about this update, see security update deployment information: November 12, 2019.

Security update replacement information

This security update replaces previously released security update 4484110.

File hash information

File name SHA1 hash SHA256 hash
sts2019-kb4484142-fullfile-x64-glb.exe 11843C160BAA63730FEF9CB6C5EEA658ECA8B5A5 43BEB5237778457CAABDD223522F06019932A20DB311658C58F0DBE9FAF49809


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

How to get help and support for this security update


Help for installing updates: Protect yourself online

Help for protecting your Windows-based computer from viruses and malware: Microsoft Security

Local support according to your country: International Support