This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following security advisories:
- Microsoft Common Vulnerabilities and Exposures CVE-2020-16979
- Microsoft Common Vulnerabilities and Exposures CVE-2020-17015
- Microsoft Common Vulnerabilities and Exposures CVE-2020-17016
- Microsoft Common Vulnerabilities and Exposures CVE-2020-17017
- Microsoft Common Vulnerabilities and Exposures CVE-2020-17060
- Microsoft Common Vulnerabilities and Exposures CVE-2020-17061
Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer.
Improvements and fixes
- Enables the Tiles view in modern libraries to render thumbnails for these types of image files: AI, BMP, EMF, EPS, GIF, JPG/JPEG, PNG, PSD, SVG, TIF/TIFF, and WMF.
- Fixes an issue in which HTML markup can’t be enabled in calculated fields of a list.
- Fixes an issue in which an in-place search that uses tokens and wildcards doesn't work in a folder in a document library.
- Fixes an issue in which URLs that contain special characters such as the number sign (#) or percent character (%) aren't encoded correctly.
- Fixes an issue in which Media Web Part doesn't play WMV files.
- Fixes an issue in which a list that has lookup columns that have many lookup items reaches the MaxJSONLength limit.
- Fixes an issue in which the Edit Group dialog box doesn't show the current name of the group when you edit a group in the Summary Links Web Part.
- Fixes an issue in which calling REST API FieldValuesAsText fails.
- Fixes an issue in which the Date Picker doesn't render in the Modern Item Properties pane in document libraries.
- Fixes an issue in which the role of the Theme pane is not announced, and the position is announced by the screen reader.
- Fixes an issue in which the incorrect Theme pane position is announced by the screen reader.
- Fixes an issue in which a tooltip isn't provided for the Add a link and More options buttons.
- Fixes an issue in which the Activity Web Part doesn't generate the correct URLs when the site is hosted on a non-default port.
- Fixes an issue in which search results aren't announced by the screen reader on an available search edit field after you activate "+ add web part."
- Fixes an issue in which elements that have an Aria role that requires the child role aren't contained by them in a TeamSite page under the News and Activity Web Part.
- Fixes an issue in which the Aria label isn't defined for the Cancel button (X) when you search for various Web Parts in the canvas toolbox.
- Fixes a scheduling engine crash, and adds additional logging to help identify possible future crashes.
- Fixes an issue in which the "Reporting (Timesheet Save)" queue job runs very slowly. This job is created when timesheets are submitted. This issue creates a backup of queue jobs and causes other slow performance problems.
- Fixes an issue in which grouping in a task list that's in a project site breaks the quick edit experience.
- Fixes an issue in which a resource's availability or maximum units information is lost after the resource is updated through the Client Side Object Model (CSOM) or the Project Web App user interface (UI).
Known issues in this update
An error may occur when you upload a file that's larger than 100 MB to a classic document library.
Microsoft is investigating this issue and will post more information in this article when a fix becomes available.
Use one of the following methods:
- Use the Upload button on the ribbon.
Note You must set Allow management of content types to Yes in document library settings.
- Use the Open with Explorer command.
Note This option can be used to open Internet Explorer 32-bit to do file transfers.
- Use another upload page for which the URL resembles the following:
In this URL, <site_url> represents the actual URL of the webpage.
This method uploads the file to the root of the specific library. The file must be copied manually to the final folder structure destination.
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
Security update deployment information
For deployment information about this update, see security update deployment information: November 10, 2020.
Security update replacement information
This security update replaces previously released security update 4486676.
File hash information
|File name||SHA1 hash||SHA256 hash|
The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.