Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0254 and Microsoft Common Vulnerabilities and Exposures CVE-2017-0281.

Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.

This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:

  • Administrative Actions Logging

  • MinRole enhancements

  • SharePoint Custom Tiles

  • Hybrid Auditing (preview)

  • Hybrid Taxonomy

  • OneDrive API for SharePoint on-premises

  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that it is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn the OneDrive for Business modern user experience off. See New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) for more information.

Improvements and fixes

This security update contains the following improvements:

  • Enable administrators to change document parsing timeout and memory limit.


  • Adds a PreserveDeletedUserMetadataReferences switch to Import-SPWeb. Adding this switch lets references to deleted users who are referenced by the list item author and editor metadata be preserved.


  • Translates some terms in multiple languages to make sure that the meaning is accurate.


This security update fixes the following nonsecurity issues for Project Server 2016:

  • The March 2017 public update provided the necessary WSDL files in order to programmatically access the Project Server Interface (PSI). However, the WDSL files were not completely correct. Therefore, even after the update is installed, it wasn't possible to access the various PSI end points.


  • When you run an administrative backup and an administrative restore of Enterprise custom fields, the restore fails at 29 percent completion. You also see a DatabaseForeignKeyViolationError (50002) queue error.


This security update fixes the following nonsecurity issues for SharePoint Server 2016:

  • When you lose SharePoint sites that are upgraded from SharePoint 2013 to SharePoint 2016, sites fail to load because of multiple web parts not upgrading and referencing the wrong version. SSRS Web Part and SPListFilter are two examples. After you install this update, the upgrade of such pages will complete without errors.


  • When you run an administrative backup and an administrative restore of Enterprise custom fields, the restore fails at 29 percent completion. You also see a DatabaseForeignKeyViolationError (50002) queue error.


  • For remote SharePoint calls in hybrid, the query rewrite in the result source is added to the query two times. This could cause an unexpected recall for custom query rewrites.


  • SharePoint outbound email messages incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages from being sent. After you install this update, SharePoint sends email messages anonymously without authentication.



How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: May 9, 2017.

Security update replacement information

This security update doesn't replace any previously released update.

File hash information

Package name

Package hash SHA 1

Package hash SHA 2




File information

For a list of the files that are provided in this cumulative update KB3191880, download the file information for update KB3191880.

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Propose a feature or provide feedback on SharePoint: SharePoint User Voice portal

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!