December 2019 CU for SharePoint 2010 product family is available for download

The product group released the December 2019 Cumulative Update for the SharePoint 2010 product family.

For December 2019 CU we have full server packages (also known as Uber packages) for SharePoint Server and Project Server.
The most recent fixes for SharePoint Foundation 2010 were released in November 2019.

As this is a common question: Yes, December 2019 CU includes all SharePoint security fixes released with December 2019 PU.

Be aware that CU is a Post-SP2 hotfix. It is required to have SP2 installed before installing the CU.
It is required to have SP2 installed for the base product and all installed language packs to install December 2019 CU for SharePoint 2010.

This CU includes all SharePoint 2010 fixes (including all SharePoint 2010 security fixes) released since SP2. The CU does not include SP2.

The KB articles for December 2019 CU should be available at the following locations in a couple of hours:

  • There was no fix released for SharePoint Foundation 2010 this month
  • KB 4484195 – SharePoint Server 2010 December 2019 CU
  • KB 4484194 – Project Server 2010 December 2019 CU

The Full Server Packages for December 2019 CU are already available through the following links:

After installing the fixes you need to run the SharePoint 2010 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

Be aware that the SharePoint Server 2010 CU contains the SharePoint Foundation CU.
That means only one package has to be installed for the SharePoint 2010 product family.

Related Links:

4 Comments


    1. Hi Henry,
      a fix for this has not been released.
      Cheers,
      Stefan

      Reply

  1. Dear Stefan according to cve 2019-149 release in Dec 2019 there is no mitigation and work around available on Microsoft website. Is it correct that there is still not mitigation.

    Reply

    1. Hi Michael,
      can you send the CVE link? The CVE number you pasted seems to be incorrect.
      Cheers,
      Stefan

      Reply

Leave a Reply to Henry Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.