April 2019 CU for SharePoint 2013 product family is available for download

The product group released the April 2019 Cumulative Update for the SharePoint 2013 product family.

For April 2019 CU we have full server packages (also known as Uber packages). No other CU is required to fully patch SharePoint.

As this is a common question: Yes, April 2019 CU includes all fixes from April 2019 PU.

ATTENTION:

Be aware that all Updates for SharePoint 2013 require SharePoint Server 2013 SP1 to be installed first.

Please also have a look at the article that discusses how to properly patch a SharePoint 2013 farm which has Search enabled (see below).

Previous releases of the SharePoint Server 2013 cumulative update included both the executable and the .CAB file in the same self-extracting executable download. Because of the file size, the SharePoint Server 2013 package has been divided into several separate downloads. One contains the executable file, while the others contain the CAB file. All are necessary and must be placed in the same folder to successfully install the update. All are available by clicking the same Hotfix Download Available link in the KB article for the release.

This CU includes all SharePoint 2013 fixes (including all SharePoint 2013 security fixes) released since SP1. The CU does not include SP1. You need to install SP1 before installing this CU.

The KB articles for April 2019 CU should be available at the following locations in a couple of hours:

  • KB 4464512 – SharePoint Foundation 2013 April 2019 CU
  • KB 4464514 – SharePoint Server 2013 April 2019 CU
  • KB 4464513 – Project Server 2013 April 2019 CU
  • There was no fix released for Office Web Apps Server 2013 this month

The Full Server Packages for April 2019 CU are available through the following links:

After installing the fixes you need to run the SharePoint 2013 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct Options.

Be aware that the SharePoint Server 2013 CU contains the SharePoint Foundation 2013 CU. And the Project Server 2013 CU also contains the SharePoint Server 2013 CU and SharePoint Foundation 2013 CU.

Related Info:

23 Comments


  1. Hi Stefan,

    I realize there is not an update for office web apps this month, but could you confirm whether these updates are cumulative or not.

    Many thanks

    Paul

    Reply

    1. They are cumulative.

      Reply

      1. Awesome! Thanks for replying so quickly.

        Reply

    1. you can see in the CVE that some fixes came with February and some with March.

      Reply

  2. Hi Stefen,

    This is regarding the SharePoint server 2013 security update mentioned here https://support.microsoft.com/en-us/help/4462202/description-of-the-security-update-for-sharepoint-enterprise-server

    The above article says this SharePoint security update is available through Windows Update. Does it mean,

    Can we install this security patch as a normal windows update in SharePoint servers?
    Do we really need to run SharePoint configuration wizard after installing this update? or not required?

    We have SharePoint Server 2013 SP1, September 2014 CU

    Thanks in advance! Looking forward for an answer…

    Reply

    1. Hi,
      in general yes as long as you enabled the option to install updates for other Microsoft products and not just for Windows.
      Usually we recommend to install the fixes manually as we also recommend to evaluate them in a test environment before applying to production.
      Also be aware that independent if you install the fix with Windows Update or manually you always have to run the sharepoint config wizard after installing the binaries.
      Cheers,
      Stefan

      Reply

      1. Hi Stefan, Thanks for your suggestions. We have our SharePoint server 2013 farm patched with September 2014 CU long back. There is no patch happened after that. In this case, will this march 2019 security patch will work? or will there be any dependency on CUs released in between 2014-2019?

        Reply

        1. Hi Adhi,
          technically there is no dependency to other CUs. But your system will still be unsupported after installing the fix as the current supported baseline in April 2018 CU.

          Aside of that: why would you like to install just that one single March Security Patch? This does not make sense to me.
          You haven’t patched your server for nearly 5 years. We release an average of around 2-3 security patches per month. So your System is missing out between 100 and 150 security fixes.
          Even if those had no exploit when the fixes were released – such a long time allows hackers to reverse engineer our fixes and create exploits for at least some of the underlying issues. With other words: your system was potentially open to hackers since a long time as you did not install any security updates for such a long time.
          Installing now March security fix fixes one new security issue.
          Assuming that your system will be safe after that is misleading with hundreds of other security issues unpatched.

          Just my personal opinion on this.

          Cheers,
          Stefan

          Reply

          1. Hi Stefen, I agree with you… Thanks for your valuable suggestions..


  3. Hi Stefan , will this update (April 2019 CU for SharePoint 2013) contain the security issue CVE-2019-0604

    Reply

    1. The fix for CVE-2019-0604 was first shipped in March 2019 CU and of course it is also included in April 2019 CU.

      Reply

      1. Thanks a lot , have wonderful day 🙂

        Reply

  4. Hello Stefan. We have ithe sharepoint 2013 2017 CU patch level currently. We want to patch to 2019 Apr CU.
    Is it possible to install without any problem or we need to install an older version than the 2019 apr. CU.
    And one more question. We don’t install any windows update that contains .Net version or internet explorer updates.
    Can we install some more updated, for example:
    Thiese updates will be a problem if we install them?

    2017-09 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Server 2012 for x64 (KB4041091)
    2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4055270)
    2018-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4099638)
    2018-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB4340005)
    2018-08 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB4345680)
    2018-12 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB4471982)
    2019-02 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB4487122)
    2019-03 Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB4489487)
    2019-05 Preview of Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4499145)
    2019-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB4499407)
    2019-05 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB4498962)
    2019-05 Update for Windows Server 2012 for x64-based Systems (KB4501226)
    April, 2017 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Server 2012 for x64 (KB4014986)
    May, 2017 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Server 2012 for x64 (KB4019110)
    Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2894851)
    Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166)

    Reply

    1. Hi Ferenc,
      you can directly go to April 2019 CU – no need to install older SharePoint fixes before that.
      And installing security fixes for other servers on this machine is recommended as well.
      Cheers,
      Stefan

      Reply

      1. Hello Stefan,
        thank you for your answer.
        So I can install all the updates for .NET .3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 ?
        One more question.
        After that, we planning the virtual machines to upgrade
        from windows server 2012 to windows server 2012 R2 Is Sharepoint 2013 support thatupgrade , and maybe windows server 2016?

        Cheers,
        Feri

        Reply

        1. Hi Feri,
          all security updates for products you have installed should be applied.
          Regarding the virtual machines: I assume you mean that SharePoint is hosted inside such a virtual machine.
          SharePoint does not care if the virtual machine is running in a VM hosted on Windows Server 2012, 2012 R2 or 2016.
          Cheers,
          Stefan

          Reply

          1. Hello Stefan,
            sorry that I’m uncomprehending but I need your confirmation that after we will install the patches there will be all right.
            Thank you for your help so far, too.
            Cheers,
            Feri


          2. As always ensure to take a backup (db and machine) before applying any patches to ensure you can roll back if there are problems.

            Cheers,
            Stefan


          3. FYI, SharePoint 2013 is not officially supported on Windows Server 2016


  5. Hello,
    Thank your very much.
    We will try to update at this case.
    Have a good day,
    Cheers,
    Feri

    Reply

    1. And one more note: I will write the result. And of course, with backups.
      Cheers,
      Feri

      Reply

  6. Is there any issue or regression in April 2019 CU for sharePoint 2013 ?

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.