As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.
SharePoint 2010 Suite:
- KB 4484460 – SharePoint Server 2010 (core component)
- KB 4484374 – Business Productivity Services for SharePoint 2010
- KB 4484370 – Word Automation Services for SharePoint 2010
- KB 4484381 – Office Web Apps Server 2010
SharePoint 2013 Suite:
- KB 4484448 – SharePoint Foundation 2013 (core component)
- KB 4484443 – SharePoint Server 2013 (core component)
- KB 4484353 – Business Productivity Services for SharePoint 2013
- KB 4484348 – Word Automation Services for SharePoint 2013
- KB 4484357 – Office Web Apps Server 2013
SharePoint 2016 Suite:
- KB 4484436 – SharePoint Server 2016 (language independent)
- KB 4484440 – SharePoint Server 2016 (language dependent)
SharePoint 2019 Suite:
- KB 4484453 – SharePoint Server 2019 (language independent)
- KB 4484452 – SharePoint Server 2019 (language dependent)
Office Online Server:
- KB 4484451 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Here you posted that the CU July 2020 is released:
In the actually post you said that this is PU July 2020 and you refereced to the same KB Articles…
Now I’m confused… are KB4484436 + KB4484440 PU’s or CU’s?
they are both. All SharePoint fixes are always cumulative – so they are always cumulative updates.
The two cumulative updates for SharePoint 2016 also include new security fixes.
This may not be the right channel, but I have the following issue. We have some SP 2013 Server which show vulnerabilities classified as HIGH. Fixes were released in May – June 2015. Is there a way to get those fixes?
please install the uber packages listed here:
They include all previously release (security) fixes.
Thanks for the information, Stefan. We’re looking to patch our SP 2013 farm to protect us against CVE-2020-1147. We’re actively trying to move off of this farm and would rather not take significant downtime that a CU typically requires (backing up databases, servers, taking down sites, etc…). If we install KB 4484443, does it require us to run psconfig.exe afterward?
If psconfig is necessary, is it better to install the full July/August CU or just stick with the security patch (as far as risk of introducing a new issue)?
yes – the config wizard is required for all SharePoint patches.
About the fix: we support to install only the security fix – but that means that you will end up with a version mix in your farm which has not been tested by the product group (there is an endless combination of fix versions you can combine and it is technically impossible to test all of them). The only tested combination is to have the most recent patches for the given time.
Even that we support such a version mix we have seen issues with some combinations which required to install the full patch afterwards.
So my take would be to install the full CU rather than just go with the security fix.
Thanks for the confirmation, Sefan.
Great blog and fantastic information. This is my company’s first go-to resource for all SP update information. Keep up the good work!