SharePoint security fixes released with November 2019 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4484159 – Excel Service 2010
  • KB 4484165 – SharePoint Foundation 2010

SharePoint 2013 Suite:

  • KB 4484151 – Excel Service 2013
  • KB 4484157 – SharePoint Foundation 2013 (core component)

SharePoint 2016 Suite:

  • KB 4484143 – SharePoint Server 2016 (language independent)

SharePoint 2019 Suite:

  • KB 4484142 – SharePoint Server 2019 (language independent)
  • KB 4484149 – SharePoint Server 2019 (language dependent)

Office Online Server:

  • KB 4484141 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

12 Comments


  1. If the SharePoint 2013 security updates can be pushed through WSUS is there any need for the product config wizard to be ran afterwards?

    Reply

    1. Hi Brad, yes most definitely running the config wizard is required as WSUS will only install binaries and resource files and any other needed updates / reconfiguration need to be performed by the wizard.

      Reply

  2. Hi Stefan!

    I wonder about KB4484143 for SP2016 – it’s described as a “security update”, but I thought the only type of SharePoint updates that exist nowadays are CU:s? (I believe you said that, but I might have misunderstood…)

    Thanks for any insights!

    Reply

    1. Hi Will,
      SharePoint fixes are always cumulative and that was always the case. CU means cumulative update. So this term applies to every single update we ever released since SP2003.
      Up to SP2013 we also had so called “Uber” packages which bundled all CUs to a single package (otherwise there would have been 30+ cumulative update packages for different SharePoint components a administrator would have to take care of. Since SP2016 we no longer have Uber packages as there are only 2 components (a language dependent and a language independent one).
      The list on this page lists all SharePoint fixes which include security updates released in this month.
      Hope this helps.
      Cheers,
      Stefan

      Reply

      1. Thanks Stefan!

        Sorry I’m a bit confused. 🙂 I always interpreted the “CU/Cumulative Update” term as a fixed definition referring a certain type of SP update (the ones you post every month), not as a descriptive property that can be applied to ANY type of SharePoint update.

        I’ve understood that there were basically three kind of updates for SharePoint:

        security fixes (smaller updates, delivered via WSUS)
        Cumulative Updates (bigger packages, downloaded manually, sometimes as 2 separate files)
        Service Packs (really large packages, released rarely – now discontinued for SP2016+)

        Both security fixes and CU:s seem to be released via WSUS, which isn’t always convenient. (Last time my farm received just 1 of 2 needed files for a CU from our internal WSUS…)

        Reply

        1. Hi Will,

          each fix is cumulative.

          Every month we are releasing a CU for each product. For some products such a CU consists of one or more files. Uber packages bundle them.

          Plain security fixes do not exist in SharePoint an never existed.
          Security fixes are released in packages which always also include all non security fixes for the patched component as security fixes are cumulative and always were. The historic term for these packages is public update.

          This articles explains it:
          https://blog.stefan-gossner.com/2014/08/18/sharepoint-patching-demystified/

          Cheers,
          Stefan

          Reply

          1. Thank you so much for your explanation and patience and the link.

            Just double-checking two things:

            1) So I could exclude all upcoming SharePoint PU:s from Windows Update (like KB4484143 on this page) and just deploy the monthly CU:s you publish (see #1 below), and be safe and still get all fixes and updates?

            2) The Nov 2019 CU (#1 below) is still an “Uber” package, right? (Even though “Uber” is not mentioned on that page.)

            Thanks, your help is very much appreciated!

            #1
            Nov 2019 CU for SP2016
            https://blog.stefan-gossner.com/2019/11/12/november-2019-cu-for-sharepoint-server-2016-is-available-for-download/)


          2. Hi Will,
            1) yes
            2) as I mentioned earlier: there are no Uber packages for SP2016. You have to install both fixes (language dependent and language independent).
            Cheers,
            Stefan


  3. Hi,

    I recently took over administration for a SharePoint 2013 farm, it hasn’t been patched since the May 2015 update.

    I was told the update for KB 4484157 was a high priority but bringing the server up to the latest patch level wasn’t.

    I installed the patch onto the 2 SharePoint servers, that went fine.

    When I ran the config wizard I got the error message: „…Some farm products and patches were not detected…“ in the config wizard, it noted KB4484157 as the missing patch and listed both servers as missing that patch.

    I ran the „Get-SPProduct -Local“ command, recycled the app pools, restarted the server…etc (on both servers) but the message keeps appearing in the config wizard.

    Looking at the „Manage Patch Status“ page in central admin I see 2 entries for the same patch, one with „Installed“ against it and one with „Missing/Required“ against it:

    Security Update for Microsoft SharePoint Foundation 2013 (KB4484157) 64-Bit Edition 15.0.5189.1000 Missing/Required

    Security Update for Microsoft SharePoint Foundation 2013 (KB4484157) 64-Bit Edition 15.0.5189.1000 Installed

    I have two questions:
    1. What is going on here?
    2. Can I just run a PSConfig.exe command to force the config to run without checking that the patches have been installed on each server.

    Reply

    1. Hi David, in this case you should open a ticket with Microsoft support to analyze this. You should not bypass the install check as this can cause serious trouble if there is a mismatch.

      Reply

  4. Hi after installing:
    KB 4484151 – Excel Service 2013
    KB 4484157 – SharePoint Foundation 2013 (core component)

    We ran the Configuration Wizzard and it finishes as “Successful”.
    When looking into Central Admin and look at Upgrade Status it shows our latest Configuration Wizard as Failed.
    We than ran the PSConfig command “Psconfig.exe -cmd upgrade -inplace b2b” and received an error message.

    When we look at the log we see an error related to Workflow:
    Type Microsoft.SharePoint.Administration.SPWorkflowFailOverJobDefinition, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c not changed (id = bdeadf17-c265-11d0-bced-00a0c90ab50f). 00000000-0000-0000-0000-000000000000
    01/15/2020 08:55:44.51 PSCONFIG (0x3BEC) 0x57FC SharePoint Foundation Upgrade SPUpgradeSession aj6p9 DEBUG

    As anyone seen this before ?

    Thanks in advance .

    Stephane

    Reply

Leave a Reply to David Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.