SharePoint security fixes released with April 2019 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4464528 – SharePoint Foundation 2010
  • KB 4464525 – SharePoint Server 2010 (core components)

SharePoint 2013 Suite:

  • KB 4464515 – SharePoint Foundation 2013
  • KB 4464511 – SharePoint Server 2013 (core components)

SharePoint 2016 Suite:

  • KB 4464510 – SharePoint Server 2016 (language independent)

SharePoint 2019 Suite:

  • KB 4464518 – SharePoint Server 2019 (language independent)

See the Security Update Guide below for more details about the relevant fixes:

More information:

16 Comments




  1. Hi Stefan – I just inherited a multi-node 2013 Farm and verified that this farm has SP1 + August 2014 CU installed. I want to install all the available security updates ONLY but I’m not sure if I can just install the the latest PU (April 2019)? Can I install all the security updates en masse? What is the installation order for multiple security updates? Or should I skip some security updates and install only the latest ones? Thank you for your help.

    Reply

    1. Hi,
      first of all your System is unsupported.
      In order to have a supported Environment you need to have at least April 2018 CU installed (see here for details: https://blog.stefan-gossner.com/2017/12/13/updated-product-servicing-policy-for-sharepoint-2013/)

      Regarding your questin: you cannot just install the latest PU. The latest PU is cumulative only for the affected component. SharePoint Server 2013 consists of more than 30 individual components and you would have to install the latest security fix for each component.
      My recommendation would be to install the Uber package of the latest CU instead which contains all the security fixes for all the components plus various other fixes.
      Cheers,
      Stefan

      Reply

  2. Thanks Stefan for your help.

    My User Profile Service application and Search Service App broke after the updates were installed so I have to re-provision them again.

    One more question.

    After installing an update on the first SP server and running:

    “PSConfig.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd secureresources -cmd services -install”

    Shall I run the same command on the other SP servers or can I just run:

    “PSConfig.exe -cmd applicationcontent -install -cmd installfeatures -cmd secureresources”

    Thanks again.

    Reply

    1. You should run the same command again. upgraders are implemented by various different objects and perform different types of actions. Not all of them target a SQL database.

      Reply

  3. HI @Stefan, Quick question. I noticed that on SharePoint 2019 at least on version 16.0.10342.12113 the Microsoft.Office.Excel.WebUI.Internal.dll was not included. This was causing on my environment some issues. I had to grab the dll from SharePoint 2016. Do you know if this was done on purpose?

    https://social.msdn.microsoft.com/Forums/en-US/77bc78eb-9c99-48d8-8aed-e6ed9edc02a8/sharepoint-2019-sorry-something-went-wrong-could-not-load-file-or-assembly?forum=sharepointgeneral

    Reply

    1. Hi Antonio,
      copying a SharePoint Server 2016 dll to SharePoint Server 2019 is unsupported and can cause unexpected results.
      You should open a support case to get this analyzed.
      Cheers,
      Stefan

      Reply

  4. PSA: According to this source, CU 2019-04 should be applied to all SharePoint Servers (2010-2019) that are available from the internet as there seems to be an actual exploit for this vulnerability.

    Link ZDNet (trust at your discretion): https://www.zdnet.com/article/microsoft-sharepoint-servers-are-under-attack/

    Stefan, do you happen to have any more insight on this purportedly existing exploit that is being used?

    Thanks and best regards;
    Adrian

    Reply

  5. Hello Stefan,

    does this security Issue also effects SharePoint 2010 Server SP1 ?
    So would that mean that I have to install first SP2 and then the Security fix ?

    Best Regards,

    Andreas

    Reply

    1. SP2 is required before installing this fix.

      Reply

      1. Thanks, but I would like to know if this vulnerability also applies to SharePoint 2010 SP1 Systems ?

        Andreas

        Reply

        1. Systems without SP2 are unsupported and have not received any (security) fixes since 5 years. Nobody does an analysis if such a system would be affected by new vulnerabilities. My guess would be yes but as such a system misses fixes for more than 150 other vulnerabilities it sounds strange that you are looking for that specific one.

          Reply

  6. Hi Stefan,

    I have in my environment SP 2016 over SQL Server 2014 SP 3, everything was working well until the last update, we made the deployment of the CU Abril 2019. KB44645410 / KB4461507. After this deployment start to appear a lot of errors in the Event Viewer 5586. With this message.

    Unknown SQL Exception 15151 occurred. Additional error information from SQL Server is included below.

    Cannot drop the event session ‘SharePoint_Diagnostics_1c54f37b683f44cfaa2556e9b170e3d2_1’, because it does not exist or you do not have permission.

    We check all the permissions are all are well set from the SQL Side.

    Do you know for any error introduce with this update?

    Reply

    1. Hi William, this is not a known issue. I would recommend to open a support case to get this analyzed.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.