SharePoint security fixes released with April 2020 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4484298 – SharePoint Foundation 2010
  • KB 4484297 – SharePoint Server 2010 (core components)
  • KB 4484293 – Word Automation Services for SharePoint 2010
  • KB 2553306 – Business Productivity Services for SharePoint 2010
  • KB 4484296 – Office Web Apps Server 2010

SharePoint 2013 Suite:

  • KB 4484321 – SharePoint Foundation 2013 (core component)
  • KB 4484322 – SharePoint Foundation 2013
  • KB 4484308 – SharePoint Server 2013 (core component)
  • KB 4011581 – Translation Services component for SharePoint Server 2013
  • KB 4011584 – Business Productivity Services for SharePoint 2013
  • KB 4484307 – Word Automation Services for SharePoint 2013
  • KB 4475609 – Office Web Apps Server 2013
  • KB 4462153 – Project Server 2013

SharePoint 2016 Suite:

  • KB 4484299 – SharePoint Server 2016 (language independent)
  • KB 4484301 – SharePoint Server 2016 (language dependent)

SharePoint 2019 Suite:

  • KB 4484292 – SharePoint Server 2019 (language independent)
  • KB 4484291 – SharePoint Server 2019 (language dependent)

Office Online Server:

  • KB 4484290 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 

17 Comments


  1. Has anyone seen a strange issue related to your Lists only? We’re seeing behavior where, user even with full permission, when you select an item, the “Edit Item”, “View Item” and other icons remain grayed out except “New Item”. If you have read permission, and you select an item, the “View Item” on Ribbon is enabled. If you give contribute permission, all icons are grayed except “New Item”. Created new list, view, sites and this issue remains same. We have 4 farms, and behavior is exactly same on all 4 SharePoint 2010.

    Reply

    1. Hi Sami, this is a known issue. If you check the KB article you will find a note in the “Known issues” section of the KB article.
      A fix for this issue is currently in development.

      Reply

      1. Thanks Stefan. When I posted this, the “known issue” wasn’t posted yet.

        Reply

  2. We are seeing similar. Clicking the context menu of a list item displays a yellow “Loading…” but no progress. Using dev tools indicates an undefined variable which I think is a typo on line 7262 of core.debug.js

    I think

    strAction="EditItemWithCheckoutAlert(event, '"+ctxt.editFormUrl+strSeperator+"ID="+currentItemID+ contentTypeParam;

    should be

    strAction="EditItemWithCheckoutAlert(event, '"+ctx.editFormUrl+strSeperator+"ID="+currentItemID+ contentTypeParam;

    and changing it makes the context menu work again

    Reply

    1. Hi Kenny,
      if you are using this approach ensure to create a copy of any files changed in this directory and replace the file with the original one before applying further updates to ensure that further updates can correctly update the files.
      Cheers,
      Stefan

      Reply

    2. Kenny,

      Thanks. I was able to fix it for now, but error on our side was core.js, line 2, 127454. I changed .ctxt to .ctx. Of course after making a copy of the file. IISreset and context menu worked.

      Reply

      1. Hi Samir,

        Glad to hear to you managed to get a fix for now. Sorry I planned to update to say that I’d had to change 4 instances in the end but my post didn’t appear. In the end 2 instances in core.js and 2 in core.debug.js

        Rather strangely the paste in my post is even the wrong piece of code (though line number was correct for us) the edit should have been

        strAction=”EditItem2(event, ‘”+STSScriptEncode(ctxt.editFormUrl)+strSeperator+ “ID=”+currentItemID+contentTypeParam+”‘)”;

        to

        strAction=”EditItem2(event, ‘”+STSScriptEncode(ctx.editFormUrl)+strSeperator+ “ID=”+currentItemID+contentTypeParam+”‘)”;

        Anyway, hopefully Microsoft will issue a replacement patch soon.

        Reply

  3. Yes, I have the same issue described by Samir. Including issue, when you try to open context menu.. stull loading.. In the background the page says “object ctxt not defined”. Is there any fix from Microsoft? The issue is related only to LISTs. Library’s context menu and Ribbon work with no issue.

    Reply

    1. Hi Ondreij, as mentioned above this is a known issue. If you check the KB article you will find a note in the “Known issues” section of the KB article.
      A fix for this issue is currently in development.

      Reply

      1. Hi, I work for more clients and one of them still has older update installed, I finally found out that until previous update the files core.js and core.debug.js were not changed since the SharePoint 2010 foundation was installed. They have been changed in the very last update.
        So I copied both files from the client’s installation and the issue has been resolved and all seems to be working fine.
        Files are located at C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\TEMPLATE\LAYOUTS\1029

        Reply

        1. Copying a file from an older patch level is unsupported as it means you have a file mix from different versions on your box.
          I would recommend to restore the versions applied by the fix. If you see a need to modify the file, create a backup of the latest version and apply the single character change suggested in other threads here in the comments.

          Reply

  4. Hi Stefan, can you notify us here when the patch becomes available? We have deployed this April CU across all of our SharePoint servers and customers are already starting to complain.

    Reply

    1. Hi Vinny, I will post an update on my blog as soon as the fix is available.

      Reply

  5. Look at my reply to Stefan to my previous post. Hope it helps. I have no chance to share both files, maybe Stefan has.

    Reply

Leave a Reply to Stefan Goßner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.