September 2022 CU for SharePoint Server 2016 is available for download

The product group released the September 2022 Cumulative Update for SharePoint Server 2016 product family.

This CU also includes Feature Pack 1 which was released with December 2016 CU and Feature Pack 2 which was released with September 2017 CU.

The KB articles for September 2022 CU should be available at the following locations in a couple of hours:

  • KB 5002269 – September 2022 Update for SharePoint Server 2016 (language independent)
    This is also a security update!
  • KB 5002142 – September 2022 Update for SharePoint Server 2016 (language dependent)
    This is also a security update!

The downloads for September 2022 CU are available through the following links:

Important: It is required to install both fixes (language dependent and independent) to fully patch a SharePoint server. This applies also to servers which do not have language packs installed. The reason is that each SharePoint installation includes a language dependent component together with a language independent component. If additional language packs are added later (only) the language dependent fix has to be applied again.

It is irrelevant which language you pick on the drop down in download center. Even the language dependent fixes are all in the same package for all languages.

After installing the fixes you need to run the SharePoint 2016 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

 
SharePoint 2016 September 2022 CU Build Numbers:

Language independent fix: 16.0.5361.1002
Language dependent fix: 16.0.5361.1000

 
To understand the different version numbers please have a look at my article which explains the different SharePoint build numbers.

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

Related Links:

5 Comments


  1. Stefan,

    The STS patch says, “SharePoint no longer trusts all types in the System.Workflow.Activities and System.Workflow.ComponentModel assemblies as authorized types by default. Instead, individual types from these assemblies have been added as authorized or unauthorized.”

    Can you provide details of what was unauthorized, I believe information like this should have made the KB.

    Reply

    1. Hi Gene,
      for the article we can see this note:

      Types that are in the AuthorizedTypes list of SharePoint’s Web.config file have gone through security review and are considered safe for use by the SharePoint 2010 workflow engine. You should run a security review of any types that you want to add to the list to make sure that they are safe for use in your environment.

      I would assume that any type not in this list which is used by a SharePoint 2010 workflow should be added to the configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes node as outlined in the related article:
      https://support.microsoft.com/en-us/topic/sharepoint-2010-workflows-may-be-blocked-by-enhanced-security-policy-kb5017760-e67ac943-832e-40c8-a8f0-fc10a2af6195

      As always we recommend to evaluate SharePoint fixes in a test environmant against all important business processes to ensure that no compatiblitly issues occur.

      Reply

      1. I guess I should have been clearer – will SPD Workflows be affected? Our Workflows do not use any additional libraries, just OOTB functionality.

        Cheers

        Reply

  2. Hi,

    It seems, the Build number for the Language Independant Fix is : 16.0.5361.1002

    Reply

    1. Hi Guillaume,
      indeed – a new drop was done after I created the drafts for this article.
      Thanks for pointing this out. I corrected the info above.
      Stefan

      Reply

Leave a Reply to Guillaume LEGENDRE Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.