Description of the security update for SharePoint Server 2019: April 14, 2020

Applies to: SharePoint Server 2019


This security update resolves remote code execution vulnerabilities that exist in Microsoft SharePoint if the software does not check the source markup of an application package. To learn more about these vulnerabilities, see the following security advisories: 

Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server 2019:
  • Adds a new NumeralFormat parameter for Word Automation Services conversion jobs that enable the job to specify numeral formatting as Arabic, Hindi, or Context.
    • "Arabic": Numbers will be shown to have Arabic glyphs.
    • "Hindi": Numbers will be shown to have Hindi glyphs.
    • "Context ": Numbers will be shown to have glyphs that are appropriate for the surrounding run of text (either Arabic or Hindi).

  • Because Brazil no longer observes daylight saving time, date and time values are displayed incorrectly for list items in site collections that use the "(UTC-03:00) Brasilia" and "(UTC-04:00) Cuiaba" time zones.
  • When on-premises servers use Azure AD for SAML-based authentication, the authentication fails because the trusted issuer on the SharePoint on-premises server appends an at sign (@), and the issuer claim in the token doesn't include the at sign. 
  • Mixtures of Traditional Chinese and other text are not handled correctly by the Chinese Traditional Word Breaker.
This security update contains fixes for the following issues in Project Server 2019:
  • Querying for a task dependency through the client-side object model (CSOM) returns a non-elapsed LinkLagDuration string for elapsed values. For example, you have a dependency that says 2FS+1ed. Instead of returning the expected 1ed, it returns 3d.
  • When accessing certain projects through the client-side object model (CSOM) or REST, the process fails because of overflow in the Schedule Variance Percentage (SVP) or Cost Variance Percentage (CVP) fields.
  • Consider the following scenario:
    • You have server event code on the publishing event that extracts data from a project through the client-side object model (CSOM).
    • You open a project by using Project or Project Web App.
    • You make changes in the project.
    • You publish the project.

In this scenario, the publishing event code that reads the project data runs for more than a minute and then times out. Therefore, the event unexpectedly cancels the publishing job.

  • If you apply a filter to a Tasks list, you don't see the expected result for those items (which are on the second and subsequent pages).

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: April 14, 2020.

Security update replacement information

This security update replaces previously released security update 4484271.

File hash information

File name SHA1 hash SHA256 hash
sts2019-kb4484292-fullfile-x64-glb.exe 1DC6C8D484E9533F24AA1354F20D230365A0280F 821219C4434FB1674458944059B1DCA14C0BAA3866234431F52DEAF74DC5A19C

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security