SharePoint security fixes released with August 2019 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4475575 – SharePoint Foundation 2010 (core component)
  • KB 4475530 – Word Automation Services for SharePoint 2010
  • KB 4475534 – Office Web Apps Server 2010

SharePoint 2013 Suite:

  • KB 4475565 – SharePoint Foundation 2013 (core component)
  • KB 4475557 – SharePoint Server 2013 (core component)
  • KB 4462137 – Word Automation Services for SharePoint 2013
  • KB 4462216 – Office Web Apps Server 2013

SharePoint 2016 Suite:

  • KB 4475549 – SharePoint Server 2016 (language independent)

SharePoint 2019 Suite:

  • KB 4475555 – SharePoint Server 2019 (language independent)

Office Online Server:

  • KB 4475528 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

15 Comments


  1. Hi, I am having issue on SharePoint search not returning results for Read users. The green loading image keeps on turning and no results shown. Weirdly if i allow Edit permission to those users, they start to return results again.

    This seem to happen since we updated this patch. Does anyone else having this issue? The ULS Log shows “The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.” and nothing much other errors captured.

    Vers: SP2010 SP2

    Thanks

    Reply

    1. We are receiving the same error in our ULS logs. Search results for some of our users just “clocks” and never returns results. No browser side errors are being generated either.

      Will be opening a support case with Microsoft on this.

      Reply

    2. After some troubleshooting, it does seem that the issue lies with the Content Editor WebPart CEWP. After removing the CEWP from the Search Results page, the result page back in working condition.

      Hope the above workaround works for you if you did have the same issue.

      As baffled as i am, if i try to re-added a simple CEWP onto the page with some simple text, the error comes back. The above workaround is without the need for any content recrawl or settings change.

      Hope Microsoft can look into this issue. Thanks!

      Reply

      1. Hi Ng,
        be aware that Microsoft Support will only look into this if someone opens a support ticket.
        So if this is important for you, please open a support case to get this analyzed.
        Cheers,
        Stefan

        Reply

  2. Is this the same fix for XSS as from the July PU or is there a new XSS vulnerability?

    Reply

    1. Hi Bob, I’m not sure which of the above fixes you are talking about but you can always check the CVE associated with the KB to see which vulnerability it addresses.

      Reply

  3. Office Online Server June fix was 4475511 so our version is 16.0.10346.20001. August is 4462216 and we get ‘Does not apply’. ???

    Reply

  4. Hi, Do you know if there is a link with this update of Office Web Apps and the last version On Chrome ?
    We are blocke with Excel and PowerPoint when whe want ton change documents with OWA and Chrome last version… 🙁

    Reply

    1. Hi Jean-François,
      I’m not aware of such an issue. You should open a support case for this.
      Cheers,
      Stefan

      Reply

  5. Hello,
    did anyone open a support case regarding this issue?
    Any solution/workaround provided?

    We have an open support case and still waiting for a fix/solutions.
    MS support Germany was able to replicate the issue.

    We’ve got some workaroungs, but are not happy with this
    1. give more permissions than read
    2. disable viewstate – MS support is not able to name detailed site-effects/impacts.

    Cheers,
    Chris

    Reply

  6. Hi Stefan,

    I have a question about applying Office Web App 2010 security updates. We’ve just applied the
    “September 10, 2019, CU for SharePoint Server 2010 (KB4475603)” on our SharePoint 2010 farm. And currently, Office Web App version is 14.0.7015.1000 (SP2)

    We want to know the following in order to make sure we have the most up to date security patch for Office Web App.

    Does Sep 20 2019 KB4475603 includes any Office Web App 2010 patches, such as KB3203469, KB4461620 and KB4475534? If so, then does mean we will only need to apply SharePoint CU going forward?
    If not, then we will need to apply security patch separately for Office Web App 2010, the latest one for Office Web app security is KB4475534. If we apply KB4475534, doesn’t this mean KB4475534 will include all previous KB.
    If we need to apply Office Web App separately (KB4475534),, do we need to run PSConfig?

    Thanks in advance for your help.

    Henry

    Reply

    1. I just want to put my questions in a nicer format

      Does Sep 20 2019 KB4475603 includes any Office Web App 2010 patches, such as KB3203469, KB4461620 and KB4475534? If so, then does mean we will only need to apply SharePoint CU going forward?
      If not, then we will need to apply security patch separately for Office Web App 2010, the latest one for Office Web app security is KB4475534. If we apply KB4475534, doesn’t this mean KB4475534 will include all previous KB.
      If we need to apply Office Web App separately (KB4475534),, do we need to run PSConfig?

      Thanks again
      Henry

      Reply

      1. Yes, KB4475603 includes the other fixes. You have to run PSConfig with all SharePoint fixes.

        Reply

        1. Thank you so much Stefan.

          Reply

Leave a Reply to Stefan Goßner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.