The product group released the June 2017 Cumulative Update for the SharePoint 2013 product family.
For June 2017 CU we have full server packages (also known as Uber packages). No other CU is required to fully patch SharePoint.
As this is a common question: Yes, June 2017 CU includes all fixes from June 2017 PU.
ATTENTION:
Be aware that all Updates for SharePoint 2013 require SharePoint Server 2013 SP1 to be installed first.
Please also have a look at the article that discusses how to properly patch a SharePoint 2013 farm which has Search enabled (see below).
This CU fixes the regression introduced in March 2017 CU and March 2017 PU (MS17-14) which prevents opening Word documents via Office Web Application Server if they are contained in sites with spaces in their names
Previous releases of the SharePoint Server 2013 cumulative update included both the executable and the .CAB file in the same self-extracting executable download. Because of the file size, the SharePoint Server 2013 package has been divided into several separate downloads. One contains the executable file, while the others contain the CAB file. All are necessary and must be placed in the same folder to successfully install the update. All are available by clicking the same Hotfix Download Available link in the KB article for the release.
This CU includes all SharePoint 2013 fixes (including all SharePoint 2013 security fixes) released since SP1. The CU does not include SP1. You need to install SP1 before installing this CU.
The KB articles for June 2017 CU should be available at the following locations in a couple of hours:
- KB 3203428 – SharePoint Foundation 2013 June 2017 CU
- KB 3203430 – SharePoint Server 2013 June 2017 CU
- KB 3203429 – SharePoint Server 2013 with Project Server June 2017 CU
- KB 3203391 – Office Web Apps Server 2013 June 2017 CU – this is also a security update!
The Full Server Packages for June 2017 CU are available through the following links:
- Download SharePoint Foundation 2013 June 2017 CU
- Download SharePoint Server 2013 June 2017 CU
- Download Project Server 2013 June 2017 CU
- Download Office Web Apps Server 2013 June 2017 CU – this is also a security update!
Important: If your farm has been on a patch level lower than July 2015 CU: July 2015 CU and later contains a breaking change compared to earlier builds which requires running the SharePoint 2013 Products Configuration Wizard on each machine in the farm right after installing the CU.
If you don’t run PSCONFIG after installing this CU (on a farm which had a lower patch level than July 2015 CU) crawl might no longer work – so ensure to schedule a maintenance window when installing this CU which includes PSCONFIG runs.
See here for detail: https://blogs.technet.microsoft.com/stefan_gossner/2015/07/15/important-psconfig-is-mandatory-for-july-2015-cu-for-sharepoint-2013/
Be aware that the SharePoint Server 2013 CU contains the SharePoint Foundation CU. And the SharePoint Server 2013 with Project Server CU contains Project Server CU, SharePoint Server CU and SharePoint Foundation CU.
Related Info:
- Blog: Common Question: What is the difference between a PU, a CU and a COD?
- Blog: SharePoint Patching demystified
- Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
- Blog: Support for SharePoint 2013 RTM has ended
- Blog: SP1 for SharePoint 2013
- Blog: June 2017 Office Update Release
- Technet: CHANGE: SharePoint 2013 Rollup Update for the December 2013 Cumulative Update Packaging
- Technet: Install a software update for SharePoint 2013
- Blog: How to: install update packages on a SharePoint 2013 farm where search component and high availability search topologies are enabled
- Technet: Update Center for Microsoft Office, Office Servers, and Related Products
- Blog: SQL Server 2014 and SharePoint Server 2013
Permalink
Hi Stefan,
Is the documentation complete?
Can it be that there is only one server fix in this CU for SP2013?
https://support.microsoft.com/en-us/help/3203431/june-13-2017-update-for-sharepoint-server-2013-kb3203431
And I cannot find the description of the bug which prevents opening Word documents via Office Web Application Server if they are contained in sites with spaces in their names.
Regards,
Johan
Permalink
Hi Feytens,
the issue you are talking about was already fixed with April CU so it is not listed in the fixes in June CU.
The following KB contains the documentation of the issue:
https://support.microsoft.com/en-us/help/3178732/april-11-2017-update-for-sharepoint-foundation-2013-kb3178732
Cheers,
Stefan
Permalink
Any comments on 3203387? Seems like a very large security update.
Is the June 2017 CU considered a critical update or just a normal CU?
Permalink
3203387 is a security fix which is included in the CU.
Each month we release security fixes and a CU. Customers can decide whether they would like to install the complete CU or only the security fixes.
Permalink
Is there anything critical or different about this CU then any other one?
If 3203387 is installed then are there are any other security patches for SharePoint needed?
Permalink
Yes – of course there are several security fixes for SharePoint 2013 in June.
See here for details:
https://blogs.technet.microsoft.com/stefan_gossner/2017/06/13/sharepoint-security-fixes-released-with-june-2017-pu-and-offered-through-microsoft-update/
Permalink
thanks, I am aware of those, 3203387 plus the ones in the update guide
My confusion was if I need June 2017 for security vulnerabilities in addition to the security patches released this month
Permalink
The security fixes are always sufficient to fix security vulnerabilities. The CU potentially contains additional non-security fixes not included in the security fixes.
Permalink
Hello Stefan,
I need to understand how can install only securtiy fix from the CU as you said earlier. When we go to download any CU it comes with some uber backage and exe file. How I can install only CU or security fix only if require.
Permalink
Hi RN,
security fixes are included in the CU.
So you can either only install the security fixes or you can install the CU which includes regular fixes and security fixes.
Cheers,
Stefan
Permalink
Hi Stefan – Regarding Office Web Apps 2013 PUs and CUs : Is there a requirement or recommendation to have the PU/CU versions of SharePoint 2013 and Office Web Apps 2013 be in sync ? For example, is it OK to run Office Web Apps Server 2013 with June 2017 CU installed, and run SharePoint 2013 with a CU older than June 2017 CU (say the Jan 2017 CU) installed ? Appreciate your feedback !
Permalink
Hi Mario,
in general these are two differnet products and patching does not have to be completely in sync from a support perspective.
On the other hand some fixes have to be implemented as well on the Office Web Apps side and on the SharePoint side and they will not work correctly if the patch level is different.
So the recommendation would be to keep them in sync.
Cheers,
Stefan
Permalink
Still having an issue that i believe started with the Nov 2016 CU.
Iframe embeds do not preview/render (e.g. youtube video share)
Could this be related to the Chrome rich text editor fixes that Nov CU introduced?
Permalink
Hi Stefan,
Installed this CU but database version is showing 15.0.4935.1000 opposed to 15.0.4937.100. Also I can see that with 15.0.4935.1000, one security vulnerability isn’t fixed.
P.S: Upgrade status shows ‘Upgrade available’
Regards
Charls
Permalink
I was able to run PSConfig to change status to ‘No Action Required’, still build number is 15.0.4935.1000
Permalink
Hi Charls,
as SharePoint does not have a single build number I need to have more information. Where do you see this number?
Thanks,
Stefan
Permalink
Hi Stefan,
I have the same problem as Charles and was wondering if you might know of a fix. When I go to Central admin > System Settings > Manage servers in this farm, it says the configuration database version is 15.0.4935.1000 which I’m guessing is the same places Charles is seeing this at.
Thanks
Permalink
Hi Kevin,
there is nothing to fix. You are just not looking at the right place.
The database schema version is not a valid indicator for a patch installation.
See here for details:
https://blogs.technet.microsoft.com/stefan_gossner/2016/08/23/sharepoint-does-not-have-a-build-version-full-stop/
Cheers,
Stefan
Permalink
Hi Charls,
the database schema version is not a build number. And the database schema is not changed with every CU or every build.
You cannot expect that the database schema version is identical to the highest build number of SharePoint.
See here for details:
https://blogs.technet.microsoft.com/stefan_gossner/2016/08/23/sharepoint-does-not-have-a-build-version-full-stop/
Cheers,
Stefan
Permalink
Thanks Stefan, that makes sense.
One of the XSS vulnerabilities we were hoping to get resolved after installing CU doesn’t seem to be fixed.
Permalink
Hi Charls,
if you see an issue that needs a fix always ensure to open a support ticket with Microsoft.
Cheers,
Stefan
Permalink
How should I handle the following case?:
My production farm is not using SP1 yet, but our automated patch process already pushed down this June 2017 update.
Should I download SP1 and run PSConfig and it will be smart enough to apply SP1 before the updates…
or
Should I run PSConfig on just these already downloaded updates, and then download SP1 and run PSConfig again?
Permalink
Hi Tom,
it is impossible to install June 2017 updates without SP1.
So if June 2017 update was installed, then SP1 is installed on your servers as well.
Without SP1 your server would be unsupported since more than two years and you would also not have been able to install any security fixes since April 2015.
Cheers,
Stefan
Permalink
Hi Stefan – thanks very much for the info! I had thought SP1 wasn’t installed because I didn’t see the KB number in my patch status in central admin. I hadn’t realized that if SP1 was installed via volume licensing, it wouldn’t show the KB, and that you just relied on the Version number. Phew! Thank you again, I really appreciate it! — Tom
Permalink
Hello Stefan,
Is it correct that CU can be installed automatically from automatic updates on, on server?
Please correct me if I am wrong, I think they cannot be installed automatically as a part of system updates.
Permalink
Hi RN,
CUs are not automatically installed.
You need to install them manually.
Cheers,
Stefan
Permalink
Hello Stefan,
Your article is always self-explanatory however just a stupid question if I may…..it seems that in our farm the update https://support.microsoft.com/en-ph/help/3203399 (Description of the security update for Project Server 2013: June 13, 2017) was pushed on one of the servers which is for Project Server 2013. Now, we do not even have the said product installed but still Windows Update did install it causing it to affect Secure Store drastically. If that possible to happen ?
Moreover, though we have already created a Premier Case with Microsoft just wanted to know if we install https://support.microsoft.com/en-us/help/3203430 (June 13, 2017, cumulative update for SharePoint Server 2013) will that also include the above mentioned patch ?
Wherein, one of the server displays the status “Upgrade Blocked” & the other “Installation Required” ! I very well know what the statements mean however, when this started the update got installed on say “Server2” nut now it displays Server2 needs that update & Server1 has it which I think is a strange behavior ! What do you say ? Please advise.
Thanks & Regards,
AMEY.
Permalink
Hi Stefan,
Quick question I notice each month when the updates are released if there is a security update for OWA the text beside it identifies that its also a security update. The actual SharePoint Server update package doesn’t but if I review the KB I notice some security vulnerabilities are identified. We are just trying to figure out how often we should be applying our SharePoint updates with the main concern as security and critical updates. Thank you as always, Brad
Permalink
Hi Brad,
the recommendation is to evaluate security updates as soon as possible in your test environment to ensure that they do not cause any negative side effects on your applicaton and afterwards apply them to your production environments.
Cheers,
Stefan
Permalink
Hi Stefan,
We have a SharePoint 2013 farm with Patchlevel CU Dec16 and want to set up Hybrid Search. The following article states that hybrid content types requires the June 2017 public update or later:
https://support.office.com/en-us/article/Plan-hybrid-SharePoint-taxonomy-and-hybrid-content-types-71ae4d00-da98-407b-bee2-8d9972e1875c?ui=en-US&rs=en-US&ad=US
Will it be sufficient to install all SharePoint security updates offered through Microsoft Update or do we need to download and install the June 17 CU? Is there one installer for June 17 PU or does PU just refer to the collection of security updates released in the respective month?
Permalink
Hi Andy,
this article refers to the full server packages (or Uber packages) which is listed on my blog.
From my knowledge the security fixes alone are not sufficient.
Cheers,
Stefan
Permalink
Hi. Stefan,
I have an environment with SharePoint Server Enterprise 2013 SP1, and the last week I installed the CU-May2017 and when I run PSConfig, I received and error/warning (missing updates required).
I run the command Get-SpProduct -Local, but doesn’t work.
What do you recommend me?
Thanks.
Mauricio
Permalink
Hi Mauricio,
first of all check if on the affected server the fix is really installed.
Second: what error do you get with get-spproduct -local? You mentioned that this command does not work. What do you mean by this?
Cheers,
Stefan
Permalink
Hi Stefan,
I am having an issue with opening office files on SharePoint using Google Chrome. Chrome does not open any office file and throws this error message: “The webpage at https://…. might be temporarily down or it may have moved permanently to a new web address”. It works fine with IE. Both OWA and SharePoint farms have the same patch level (April 2017 CU). Do you know is there a fix for this? or when it will be fixed?
Thank you so much!
Regards,
Peter
Permalink
Hi Peter,
sorry I don’t have information about this issue.
I would recommend to open a support case with Microsoft to get this analyzed.
Cheers,
Stefan
Permalink
I will. Thanks Stefan!
Permalink
Hi Stefan,
I have a SP 2013 UAT environment with a WFE and APP server currently patched to June 2015 CU. I recently discovered our SCCM team have inadvertently pushed the June 2017 PU and Security Updates to our APP server, thus causing our WFE to be out of sync. No other PUs or Security Updates have been installed or applied until then.
I realize CUs are cumulative, but am concerned if I install the June 2017 PU and Security Updates on the WFE and run PSCONFIGUI.EXE or both servers I will end up breaking my environment because of the current patch level. Should it be ok to just simply apply June PU and Security Updates or would you recommend installing, applying and testing the CU to ensure all required dependencies are present.
Thanks in advance for your help.
Paul
Permalink
Update: On further look, it appears that all outstanding Security Updates and PUs were installed.
Permalink
Hi Paul,
if all servers are on the same patch level you should run PSConfig to finalize the update.
Cheers,
Stefan
Permalink
Unfortunately only one of the servers had the updates installed.
Permalink
We have SharePoint Project Server 2013 farm and need to apply June 2017 CU, first do we need to apply SharePoint June CU or Project Server 2013 June 2017 CU is enough?
Permalink
Hi Sajid,
The “Project Server CU” includes also the SharePoint Server CU.
Cheers,
Stefan
Permalink
Hi Stefan,
Thank You for your reply and support.
Regards
Sajid
Permalink
Hello Stefan,
We have SharePoint 2013 with SP1 version (15.0.4569.1506) installed. We also have update our farm with September 2015 CU.
The additional language packs are installed and they also have their SP1 installed with version 15.0.4571.1502. Now we need to install this JUNE 2017 CU on our farm. Is it necessary to reinstall SharePpint SP1 version 15.0.4571.1502 and then apply the June 2017 CU.
Permalink
Hi RN,
from the info you provided it seems you installed the slipstream install of SharePoint 2013 which includes SP1 already.
If that is correct there is no need to install the SP1 version with build 15.0.4571.1502.
You can install just June 2017 CU on this farm.
Cheers,
Stefan
Permalink
Hello Stefan,
Thanks for you quick response. I dont have any idea if it is slipstream SP1 of SharePoint 2013. But when I go to “view install updates” in control panel, I don’t see SP1 installation separately for SharePoint 2013. I think the SharePoint was installed using MSDN copy which includes SP in it.