SharePoint security fixes released with July 2020 PU and offered through Microsoft Update

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

  • KB 4484460 – SharePoint Server 2010 (core component)
  • KB 4484374 – Business Productivity Services for SharePoint 2010
  • KB 4484370 – Word Automation Services for SharePoint 2010
  • KB 4484381 – Office Web Apps Server 2010

SharePoint 2013 Suite:

  • KB 4484448 – SharePoint Foundation 2013 (core component)
  • KB 4484443 – SharePoint Server 2013 (core component)
  • KB 4484353 – Business Productivity Services for SharePoint 2013
  • KB 4484348 – Word Automation Services for SharePoint 2013
  • KB 4484357 – Office Web Apps Server 2013

SharePoint 2016 Suite:

  • KB 4484436 – SharePoint Server 2016 (language independent)
  • KB 4484440 – SharePoint Server 2016 (language dependent)

SharePoint 2019 Suite:

  • KB 4484453 – SharePoint Server 2019 (language independent)
  • KB 4484452 – SharePoint Server 2019 (language dependent)

Office Online Server:

  • KB 4484451 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 

8 Comments


    1. Hi Mario,
      they are both. All SharePoint fixes are always cumulative – so they are always cumulative updates.
      The two cumulative updates for SharePoint 2016 also include new security fixes.
      Cheers,
      Stefan

      Reply

  1. Hello Stefan,

    This may not be the right channel, but I have the following issue. We have some SP 2013 Server which show vulnerabilities classified as HIGH. Fixes were released in May – June 2015. Is there a way to get those fixes?

    KB3085483
    KB3101364
    KB3039725
    KB3054861
    KB3085568

    Thank you.

    Reply

  2. Thanks for the information, Stefan. We’re looking to patch our SP 2013 farm to protect us against CVE-2020-1147. We’re actively trying to move off of this farm and would rather not take significant downtime that a CU typically requires (backing up databases, servers, taking down sites, etc…). If we install KB 4484443, does it require us to run psconfig.exe afterward?

    If psconfig is necessary, is it better to install the full July/August CU or just stick with the security patch (as far as risk of introducing a new issue)?

    Reply

    1. Hi Ryan,

      yes – the config wizard is required for all SharePoint patches.
      About the fix: we support to install only the security fix – but that means that you will end up with a version mix in your farm which has not been tested by the product group (there is an endless combination of fix versions you can combine and it is technically impossible to test all of them). The only tested combination is to have the most recent patches for the given time.
      Even that we support such a version mix we have seen issues with some combinations which required to install the full patch afterwards.
      So my take would be to install the full CU rather than just go with the security fix.
      Cheers,
      Stefan

      Reply

  3. Thanks for the confirmation, Sefan.

    Great blog and fantastic information. This is my company’s first go-to resource for all SP update information. Keep up the good work!

    Reply

Leave a Reply to Gregory Murillo Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.