Description of the security update for SharePoint Server 2019: November 10, 2020

Applies to: SharePoint Server 2019

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following security advisories:

Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer.

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server 2019:
  • Enables the Tiles view in modern libraries to render thumbnails for these types of image files: AI, BMP, EMF, EPS, GIF, JPG/JPEG, PNG, PSD, SVG, TIF/TIFF, and WMF.
  • Fixes an issue in which HTML markup can’t be enabled in calculated fields of a list.
  • Fixes an issue in which an in-place search that uses tokens and wildcards doesn't work in a folder in a document library.
  • Fixes an issue in which URLs that contain special characters such as the number sign (#) or percent character (%) aren't encoded correctly.
  • Fixes an issue in which Media Web Part doesn't play WMV files.
  • Fixes an issue in which a list that has lookup columns that have many lookup items reaches the MaxJSONLength limit.
  • Fixes an issue in which the Edit Group dialog box doesn't show the current name of the group when you edit a group in the Summary Links Web Part.
  • Fixes an issue in which calling REST API FieldValuesAsText fails.
This security update contains fixes for the following nonsecurity issues. To fix these issues completely, you have to install KB 4486715 together with this update:
  • Fixes an issue in which the Date Picker doesn't render in the Modern Item Properties pane in document libraries.
  • Fixes an issue in which the role of the Theme pane is not announced, and the position is announced by the screen reader.
  • Fixes an issue in which the incorrect Theme pane position is announced by the screen reader.
  • Fixes an issue in which a tooltip isn't provided for the Add a link and More options buttons.
  • Fixes an issue in which the Activity Web Part doesn't generate the correct URLs when the site is hosted on a non-default port.
  • Fixes an issue in which search results aren't announced by the screen reader on an available search edit field after you activate "+ add web part."
  • Fixes an issue in which elements that have an Aria role that requires the child role aren't contained by them in a TeamSite page under the News and Activity Web Part.
  • Fixes an issue in which the Aria label isn't defined for the Cancel button (X) when you search for various Web Parts in the canvas toolbox.
This security update contains fixes for the following nonsecurity issues in Project Server 2019:
  • Fixes a scheduling engine crash, and adds additional logging to help identify possible future crashes.
  • Fixes an issue in which the "Reporting (Timesheet Save)" queue job runs very slowly. This job is created when timesheets are submitted. This issue creates a backup of queue jobs and causes other slow performance problems.
  • Fixes an issue in which grouping in a task list that's in a project site breaks the quick edit experience.
  • Fixes an issue in which a resource's availability or maximum units information is lost after the resource is updated through the Client Side Object Model (CSOM) or the Project Web App user interface (UI).

Known issues in this update


Issue
An error may occur when you upload a file that's larger than 100 MB to a classic document library.

Status
Microsoft is investigating this issue and will post more information in this article when a fix becomes available.

Workaround
Use one of the following methods:

  • Use the Upload button on the ribbon.
     
    Note You must set Allow management of content types to Yes in document library settings.
     
  • Use the Open with Explorer command.
     
    Note This option can be used to open Internet Explorer 32-bit to do file transfers.
     
  • Use another upload page for which the URL resembles the following: 
     
    http://<site_url>/_layouts/15/uploadex.aspx.
     

    Notes

    • In this URL, <site_url> represents the actual URL of the webpage.

    • This method uploads the file to the root of the specific library. The file must be copied manually to the final folder structure destination.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information


Security update deployment information

For deployment information about this update, see security update deployment information: November 10, 2020.

Security update replacement information

This security update replaces previously released security update 4486676.

File hash information

File name SHA1 hash SHA256 hash
sts2019-kb4486714-fullfile-x64-glb.exe 4289283702BB71EB51AF01A27D58E9728E1B3383 AC838054068015BFC362981AD17E116FD7DB4CFF64C8DC1F77712774AE7B07E0


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Information about protection and security


Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security