This is a very common question: “I just installed some security fixes for SharePoint – do I have to run the SharePoint Configuration Wizard?”
The simple answer is: You should run the SharePoint Configuration Wizard (psconfigui.exe or psconfig.exe with the correct parameters) after all SharePoint fixes!
The more complex answer is here:
- SharePoint Configuration Wizard updates the database schema to the latest version
- SharePoint Configuration Wizard fixes security settings on the file system to match what SharePoint needs
- SharePoint Configuration Wizard copies required binaries from the install location into the _app_bin directories of the web applications
- SharePoint Configuration Wizard updates features registrations with SharePoint
Depending on which patch level you were before installing the security fix and depending on what component got fixed each of the above listed actions can be part of the security fix to be applied. E.g. some security fixes might require a modification of some stored procedures in a SharePoint database. Or security settings on the file system need to be updated to remove an attack vector. Or the fix is inside a DLL that usually resides in the _app_bin directory of the web application.
With other words: not running the configuration wizard after installing a SharePoint fix means that the fix is not completely applied and that means that specific security fixes might not be active without running PSCONFIG.
As a result let me repeat my initial answer: You should run the SharePoint Configuration Wizard (psconfigui.exe or psconfig.exe with the correct parameters) after all SharePoint fixes!