As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.
SharePoint 2010 Suite:
- KB 4484460 – SharePoint Server 2010 (core component)
- KB 4484374 – Business Productivity Services for SharePoint 2010
- KB 4484370 – Word Automation Services for SharePoint 2010
- KB 4484381 – Office Web Apps Server 2010
SharePoint 2013 Suite:
- KB 4484448 – SharePoint Foundation 2013 (core component)
- KB 4484443 – SharePoint Server 2013 (core component)
- KB 4484353 – Business Productivity Services for SharePoint 2013
- KB 4484348 – Word Automation Services for SharePoint 2013
- KB 4484357 – Office Web Apps Server 2013
SharePoint 2016 Suite:
- KB 4484436 – SharePoint Server 2016 (language independent)
- KB 4484440 – SharePoint Server 2016 (language dependent)
SharePoint 2019 Suite:
- KB 4484453 – SharePoint Server 2019 (language independent)
- KB 4484452 – SharePoint Server 2019 (language dependent)
Office Online Server:
- KB 4484451 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:
More information:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Permalink
Hi Stefan
Here you posted that the CU July 2020 is released:
https://blog.stefan-gossner.com/2020/07/14/july-2020-cu-for-sharepoint-server-2016-is-available-for-download/
In the actually post you said that this is PU July 2020 and you refereced to the same KB Articles…
Now I’m confused… are KB4484436 + KB4484440 PU’s or CU’s?
Permalink
Hi Mario,
they are both. All SharePoint fixes are always cumulative – so they are always cumulative updates.
The two cumulative updates for SharePoint 2016 also include new security fixes.
Cheers,
Stefan
Permalink
Hello Stefan,
This may not be the right channel, but I have the following issue. We have some SP 2013 Server which show vulnerabilities classified as HIGH. Fixes were released in May – June 2015. Is there a way to get those fixes?
KB3085483
KB3101364
KB3039725
KB3054861
KB3085568
Thank you.
Permalink
Hi Gregory,
please install the uber packages listed here:
https://blog.stefan-gossner.com/2020/07/14/july-2020-cu-for-sharepoint-2013-product-family-is-available-for-download/
They include all previously release (security) fixes.
Cheers,
Stefan
Permalink
Thanks Stefan.
Permalink
Thanks for the information, Stefan. We’re looking to patch our SP 2013 farm to protect us against CVE-2020-1147. We’re actively trying to move off of this farm and would rather not take significant downtime that a CU typically requires (backing up databases, servers, taking down sites, etc…). If we install KB 4484443, does it require us to run psconfig.exe afterward?
If psconfig is necessary, is it better to install the full July/August CU or just stick with the security patch (as far as risk of introducing a new issue)?
Permalink
Hi Ryan,
yes – the config wizard is required for all SharePoint patches.
About the fix: we support to install only the security fix – but that means that you will end up with a version mix in your farm which has not been tested by the product group (there is an endless combination of fix versions you can combine and it is technically impossible to test all of them). The only tested combination is to have the most recent patches for the given time.
Even that we support such a version mix we have seen issues with some combinations which required to install the full patch afterwards.
So my take would be to install the full CU rather than just go with the security fix.
Cheers,
Stefan
Permalink
Thanks for the confirmation, Sefan.
Great blog and fantastic information. This is my company’s first go-to resource for all SP update information. Keep up the good work!