Summary

This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities, see the following security advisories:

Improvements and fixes

This security update contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition:

  • Fixes an issue in which you receive an "Exception from HRESULT: 0x80131904" error message when you double-click the Issues list in the asset picker.

  • Fixes an issue in which you receive a "Type not allowed" error message when you try to restore a search service application.

  • Fixes an issue in which a "No UI" error message is generated if a user cannot be added to a group in a modern team site.

  • Fixes an issue in which you unexpectedly are able to match the registered issue name with a null string.

  • Fixes an issue in which the Import-SPWeb cmdlet does not import a site that was created in Microsoft SharePoint Server 2007.

  • Fixes an issue in which the icon of the OneNote (.one) files is not displayed correctly on the search results page of the SharePoint home page.

  • Fixes an issue in which a document library in the Modern UI view is blank if the URL contains Unicode characters.

  • Fixes an issue in which the DetailsList component does not have valid values in the list of a modern team site or a communication site.

  • Fixes an issue in which the issue buttons do not have valid values in the share panel of a communication site.

  • Fixes an issue in which a label is not associated with the drop-down button in the left navigation pane of a modern team site.

  • Fixes an issue in which the Hero web part does not have valid values in a communication site.

  • Fixes an issue in which a link does not follow the system settings in the high contrast mode of the Quick Links web part.

  • Fixes an issue in which uninstalling or changing Microsoft SharePoint Server Subscription Edition in the Programs and Features item of Control Panel does not open a dialog box that prompts you to uninstall or change the program. After you install this update, when you uninstall or change Microsoft SharePoint Server Subscription Edition, you will see a dialog box that asks a question similar to "Are you sure you want to uninstall (or change) Microsoft SharePoint Server Subscription Edition?"

  • Fixes an issue in which the focus is not visible when you select Create a site in the high contrast mode of a modern team site.

  • Fixes an issue in which the screen reader remains silent when a user who depends on the assistive technologies navigates to the search box on the Site Contents page.

This security update also contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition. To enable the improvements or fix the issues completely, you have to install KB 5002047 together with this update.

  • Adds a Timer job to detect and repair content database inconsistencies in the SharePoint Server configuration.

  • Fixes an issue in which the New-SPCertificate does not accurately show which parameters are required and which are optional.

  • Fixes an issue in which the classic view does not show the Follow status.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information

Security update deployment information

For deployment information about this update, see Security update deployment information: December 14, 2021 (KB5008541).

Security update replacement information

This security update replaces no previously released security update.

File hash information

File name

SHA256 hash

sts-subscription-kb5002045-fullfile-x64-glb.exe

7333592910C07884936148D1BD17B4EA9FE652D284E6F5362C3247E00219F0B6

File information

Download the list of files that are included in security update 5002045.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.