SharePoint security fixes released with March 2021 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint 2010 Suite:

  • KB 3101541 – Infopath Forms Services for SharePoint 2010

SharePoint 2013 Suite:

  • KB 4493238 – SharePoint Foundation 2013 (core component)
  • KB 4493177 – SharePoint Foundation 2013
  • KB 4493234 – Office Web Apps Server 2013

SharePoint 2016 Suite:

  • KB 4493232 – SharePoint Server 2016 (language independent)
  • KB 4493199 – SharePoint Server 2016 (language dependent)

SharePoint 2019 Suite:

  • KB 4493230 – SharePoint Server 2019 (language independent)
  • KB 4493231 – SharePoint Server 2019 (language dependent)

Office Online Server:

  • KB 4493229 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 

13 Comments


  1. Hi Stefen, the March 2021 update for SP2013 is causing an issue when we are trying to connect and configure an out-of-the-box Filter webpart i.e the query string filter. The configure screen is just showing blank. Is this a known bug? We are using IE11 since this is an active x component. Thanks and have a nice day!

    Reply

    1. Hi Payatzki,
      I haven’t heard about this issue.
      If you need this investigated, please open a support case with Microsoft.
      Cheers,
      Stefan

      Reply

  2. Hi Stefan,

    In reviewing the March 2021 PU notes for 2019 it appears to install the same non-security fixes as the CU. I see the same for Feb 2021. Isn’t the PU only supposed to contain the security fixes?

    This is causing confusion for me given that a CU install is discouraged unless experiencing the issues but installing the PU is recommended, but seems to install the same non-security fixes as a CU.

    Thanks for the time!

    Reply

    1. Hi GB,
      no thats not the case. For SharePoint 2019 there are two patchable components: the language dependent fix and the language independent one.
      If one of these two includes a security fix (aside of dozends of other non-security fixes) it will be marked as a fix which includes security fixes (PU).

      See here for details:
      https://blog.stefan-gossner.com/2014/08/18/sharepoint-patching-demystified/
      Cheers,
      Stefan

      Reply

      1. Thank you Stefan for the reply. I looked at the article you linked and I guess what’s confusing to me, and for the sake of simplicity, let’s look at March 2021 for SP 2019. Both the PU and the CU link to the same KB articles.

        In other articles I’ve read the PU is recommended to all customers to install ASAP, while the CU is recommended only when you are experiencing the issues fixed by the CU. Yet for March 2021 the PU and CU appear to install the same fixes.

        For March 2021 is it that all fixes (security and non-security) impact much of the community and have been tested reasonably well by Microsoft; resulting in the contents of the PU? If there had been a less wide spread issue (with less testing by Microsoft) that would otherwise go into the CU? It just happens for March 2021 there aren’t any of those types of fixes?

        I’ve traditionally installed CU’s after much testing for SP 2010. For 2019 should I consider switching to installing PU’s?

        Thanks again for your time

        Reply

  3. Hello Stefan,

    Is the office online security update a cumulative update? Or I need to install all the previous security update for office online before installing the March update?

    Thank you.

    Reply

    1. Hi Raj, it is cumulative.

      Reply

  4. Hi,

    After installing latest SharePoint 2013 CU, we are unable to set DefaultValue in any of our lists.
    Either SPField.set_DefaultValue or SPRequest.GetSafeHtml is causing DISP_E_EXCEPTION.
    Any ideas what might be causing this?

    Thanks

    Reply

    1. Hi Ekowc,
      I have not seen this issue.
      If you need assistance to get this analyzed I would recommend to open a support case with Microsoft.
      Cheers,
      Stefan

      Reply

      1. Trying to open a support case via ttps://support.serviceshub.microsoft.com/supportforbusiness
        but its giving out internal server error all the time 😀

        Reply

  5. Hi Stefan,

    It appears after applying KB4493177 we receive the error message “This HTML cannot be inserted because it contains unsafe script” when using the “Embed Code” button in Wiki Pages when trying insert pretty much anything other than blocks.

    Is this expected? Is there anyway to white list tags?

    Reply

Leave a Reply to Ekowc Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.