SharePoint security fixes released with June 2019 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4461611 – Word Automation Services for SharePoint 2010
  • KB 4464571 – SharePoint Server 2010 (core component)
  • KB 4461621 – Office Web Apps Server 2010
  • KB 4092442 – Project Server 2010

SharePoint 2013 Suite:

  • KB 4464602 – SharePoint Foundation 2013 (core component)
  • KB 4464597 – SharePoint Server 2013 (core component)

SharePoint 2016 Suite:

  • KB 4464594 – SharePoint Server 2016 (language independent)

SharePoint 2019 Suite:

  • KB 4475512 – SharePoint Server 2019 (language independent)

Office Online Server:

  • KB 4475511 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

15 Comments


  1. Hi Stefan, really appreciate the blog. Do you know if this update needs psconfig runningn to apply fix?

    Reply

    1. Hi Joe,
      all SharePoint fixes require psconfig.
      No exceptions.
      Cheers,
      Stefan

      Reply

  2. Thanks for such a fast reply. I was just hoping, as the mentioned the ms update install instructions page doesnt say to run it. And having just patched many many farms in a tight timescale for the people picket vulnerability, my heart sank at another important vuln this month.

    Reply

    1. Hi Joe,
      if this is SP2016 or SP2019 you can run psconfig in the middle of the day as it does not cause any downtime. Only for SP2010 and SP2013 you have to use a maintenence window.
      Cheers,
      Stefan

      Reply

      1. Indeed. Alas i have 2010/13 as well still, so its ordinarily not a monthly job to do psconfig. Thanks for the advice though.

        Reply

  3. Hello,

    I have tried to install “KB 4464597” but it says no product found. kb2880552 already installed to apply this security update!

    Reply

    1. Hi Amer,

      The message indicates that either the fix is already installed or something is wrong with your Installation.
      If you are unsure you should open a ticket with Microsoft to get this analyzed.

      Cheers,
      Stefan

      Reply

      1. Hi Kevin, if you need assistance with this I would recommend to open a support case with Microsoft.

        Reply

  4. Thank you stefan.

    KB4464597 is security update replacement for kb4464511 which not installed on the servers. Is it necessary to install “KB4464597”. Whether it’s necessary or not, is using PACKAGE.BYPASS.DETECTION.CHECK=1 to install this update security could cause issue to the servers?.

    Reply

    1. Never use PACKAGE.BYPASS.DETECTION.CHECK=1. This is an undocumented parameter which is only allowed to be used if requested by Microsoft support.
      Using this parameter can destabilize your system as required dependencies might not be available and will lead to an unsupported environment.

      Reply

    1. Hi Bob,
      as you are installing individual security fixes and not the whole CU you need to install both patches as they affect different components.
      Cheers,
      Stefan

      Reply

  5. First, thank you for this blog.

    SharePoint Security Patch use to be Specific to Services like Excel Services, Word Services and Core Services. For about a year now all Security Patches are for Core Services is there any reasons for that ? Next questions that could sound silly is why are we finding security issues every months ? Could we not make SP Secure once for all ? Or at least fix security bugs few times a year but not on a monthly basis ? We have so many servers to patch it is now almost a full time job only for patching. Other than stopping all SharePoint Services when installing the binaries is their any Microsoft Supported Product we can use to add some automation to SharePoint Patching ?

    Sorry for these many questions … 🙂

    Thank you

    Reply

    1. Hi Stephane,
      SharePoint 2010 and 2013 consist of 30+ components which are patched independently.
      Core services and Excel services are two of these components. Word automation service is another one and so on.
      If there are no excel services fixes in one month it means there was no security fix for excel services in this month.
      Cheers,
      Stefan

      Reply

Leave a Reply to Stefan Goßner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.