Applies ToSharePoint Server 2016

Summary

This security update resolves a cross-site-scripting (XSS) vulnerability that exists when Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. This update also resolves a remote code execution vulnerability that exists in Microsoft Word software when it fails to correctly handle objects in memory. To learn more about the vulnerabilities, see the following:

Note To apply this security update, you must have the release version of Microsoft SharePoint Enterprise Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 contains the following feature:

  • SharePoint Framework (SPFx)

This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including the following:

  • Administrative Actions Logging

  • MinRole enhancements

  • SharePoint Custom Tiles

  • Hybrid Auditing (preview)

  • Hybrid Taxonomy

  • OneDrive API for SharePoint on-premises

  • OneDrive for Business modern user experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.

For more information, see the following Microsoft Docs articles:

Improvements and fixes

Contains the following improvements in SharePoint Server 2016:

  • Adds the new Japanese era name in the Japanese word breaker to make sure that the new era name can be correctly broken during a search.

  • Spanish is now an option among the search language preference in the SharePoint classic search if users from Argentina and other countries from South America set Spanish as their language preferences in the browser.

Contains fixes for the following nonsecurity issues in SharePoint Server 2016:

  • When you start crawling for some content that has many links, the crawl fails because the number of links exceeds a search limitation. After multiple failures, the content is deleted unexpectedly. After this update is installed, you can set the maximum number of links that are sent to the index by using the ContentPIMaxNumLinks property. To set ContentPIMaxNumLinks (for example, to 10,000), you can use commands that resemble the following:

    $ssa = Get-SPEnterpriseSearchServiceApplication
    $ssa.SetProperty("ContentPIMaxNumLinks", 10000)
    $ssa.Update()
  • Assume that you enable McAfee Security for SharePoint Server 2016. When you access a large OneNote file that has an attachment in SharePoint Server 2016, an application pool crashes intermittently.

  • You experience errors when you create a document that is set to use the DD/MM/YYYY date format. This issue may occur if users configure their My Site Profile information to use their local regional settings, such as French/Luxembourg.

  • The SharePoint file plan report doesn’t generate the hyperlink for a URL that contains special characters, such as white spaces.

  • Assume that you view a Datasheet View on a list by using the Internet Explorer browser. You try to paste a cell that has multiple lines of text from an Excel worksheet into a field that uses the Multiple lines of text type option in the Datasheet view. When you try to paste the cell, you receive an error message, and the paste operation fails.

Contains fixes for the following nonsecurity issues in Project Server 2016:

  • Adds the PublishSummary method for the ProjectCollection class in the client-side object model (CSOM) so that project-level fields on a project can be published independently from the entire project.

  • Updating resources through the client-side object model (CSOM) takes a long time or causes a time-out.

  • When you update a task in a timesheet, after the status update is applied to the project, in Project you may observe unexpected results to the resource assignment. For example, the custom remaining work contour has changed to Flat. Or, the finished date of the assignment on a fixed duration task is earlier than expected.

How to get and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: June 11, 2019.

Security update replacement information

This security update replaces previously released security update 4464549.

File hash information

File name

SHA1 hash

SHA256 hash

sts2016-kb4464594-fullfile-x64-glb.exe

C05969B67A7B456F4B1BE153C3E0AF2AE187BFD5

BF40C24305947D942733050B9FF8F33B29421049FC9DF88794F196498A1A2496

File information

Download the list of files that are included in security update 4464594.

How to get help and support for this security update

Help for installing updates: Protect yourself online Help for protecting your Windows-based computer from viruses and malware: Microsoft Security Local support according to your country: International Support

Kas vajate veel abi?

Kas soovite rohkem valikuvariante?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.