This security update resolves a Microsoft SharePoint Server spoofing vulnerability, Microsoft SharePoint Server information disclosure vulnerability, and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerabilities, see the following security advisories:
This is build 16.0.16130.20420 of the security update package.
To apply this security update, you must have the release version of Microsoft SharePoint Server Subscription Edition installed on the computer.
Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:
Updates SharePoint search to be compatible with versions of the Hybrid Configuration Wizard and cloud hybrid search PowerShell configuration scripts that were released on or after May 9, 2023. Previous versions of the wizard and scripts used the Active Directory Authentication Library (ADAL) and Microsoft Online PowerShell module that will both reach the end of support on June 30, 2023. The new wizard and scripts use the Microsoft Authentication Library (MSAL) and Microsoft Graph PowerShell module that will remain in support after June 30, 2023.
Optimizes the logic of checking the Internet Information Services (IIS) application pool state in stop or start operations.
Increases BLOB cache performance counters.
Fixes issues in the SharePoint Distributed Cache service that were first introduced in the January 10, 2023, security update for SharePoint Server Subscription Edition (KB 5002331). Those issues include having difficulty connecting to the SharePoint Distributed Cache service if the service is running on servers that are assigned the custom server role, and having difficulty connecting to the Distributed Cache service if it's running on another server in a multi-server SharePoint farm.
Fixes an issue in which you cannot create Search service applications successfully starting with the March 14, 2023, security update for SharePoint Server Subscription Edition (KB 5002355).
Fixes an issue in which the search box isn't visible on communication sites starting with the March 14, 2023, security update for SharePoint Server Subscription Edition (KB 5002355).
Fixes an issue that affects reacquiring identity tokens. This could cause authorization failures in certain scenarios, such as opening and saving documents by using Office Online Server.
Fixes an issue in which stub files are shown in the document library even though they should be hidden by default and never visible in the library.
Fixes an issue in which you cannot add the File viewer web part link from the root site.
Fixes an issue in which the "New Item" label isn't translated at the Modern list page.
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
Security update deployment information
For deployment information about this update, see Deployments - Security Update Guide.
Security update replacement information
This security update replaces previously released security update 5002375.
File hash information
Information about protection and security
Protect yourself online: Windows Security support
Learn how we guard against cyber threats: Microsoft Security