SharePoint security fixes released with May 2020 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4484383 – SharePoint Server 2010 (core component)

SharePoint 2013 Suite:

  • KB 4484364 – SharePoint Foundation 2013 (core component)
  • KB 4484352 – SharePoint Server 2013 (core component)

SharePoint 2016 Suite:

  • KB 4484336 – SharePoint Server 2016 (language independent)

SharePoint 2019 Suite:

  • KB 4484332 – SharePoint Server 2019 (language independent)

Office Online Server:

  • none
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 

9 Comments


  1. Hi Stefan,

    We are using SharePoint 2016 and usually do not include SharePoint patch in windows update. However my team accidentally installed April sts and March wssloc.on SharePoint servers with Window update.
    Database and farm require upgrade.
    In this situation, here are my questions hoping that you can advice me one option.
    1. Do I need to run psoconfig now?
    2. April has wssloc. Do I need to install April wssloc then run psconfig?
    2. My ultimate goal is to install May sts. Can I install May sts and April wssloc then run psconfig?

    Reply

    1. Hi Yuseon,

      on your questions:

      1) yes
      2) yes that is recommended otherwise you have a mix in patch level which is not recommended
      3) yes – that would ensure that your SharePoint farm is on the latest patch level for both components.

      Cheers,
      Stefan

      Reply

      1. Hi Stefan,

        If one opts for the option 3, is there a “time limit” for applying May CU? Or for example, if he decides to wait another month so he can apply June CU instead, what would be the harm for leaving the system the way it is now? I’ve seen a case where this was done by mistake on SP2010 years ago (bits installed but psconfig not ran for weeks, that is) but didn’t notice any harm.

        Samson

        Reply

        1. Malicious users might reverse engineer the security fixes included in the patches and might find ways to exploit these fixed issues. Unpatched servers would then be vulnerable.

          Reply

  2. Hi Stefan!
    I have a question for you….
    we patch SharePoint every month, for business reasons, in April we did not pass the SharePoint hotfixes. Next week we will perform the SharePoint update by installing the May patches (which you described in this post) and the April patches. Except that in WSUS I no longer have these April patches listed. I show you the missing pathc and if you can help me:
    KB4484321
    KB4011584
    KB4484308
    KB4011581
    KB4484307
    KB4484322
    KB4462153

    quewste are all KB not installed in April, do you think I can not install them and I have to download them manually because they are useful for SharePoint and for the continuation of the patching activities?

    Thank you very much!!

    Reply

    1. Hi Roberto,
      if the patches have not been installed before you can download and install them manually, of course.
      Cheers,
      Stefan

      Reply

      1. Thank you Stefan,
        but i dont know if its normal that in our WSUS this Hotfix is not present 🙁
        Do you think these April patches are necessary or not?

        Reply

        1. Hi Roberto,
          yes – these are all security fixes which we recommend to install.
          Cheers,
          Stefan

          Reply

          1. Thank you!
            Have a nice evening!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.