SharePoint security fixes released with November 2022 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

Important:
SharePoint Foundation security fixes also have to be applied on SharePoint Server installations.
SharePoint Server security fixes also have to be applied on Project Server installations.

SharePoint 2013 Suite:

  • KB 5002303 – SharePoint Foundation 2013 (core component)
  • KB 5002235 – Word Automation Services for SharePoint 2013
  • KB 5002261 – Office Web Apps Server 2013
  • Microsoft Support recommends to install the complete November 2022 CU for SharePoint 2013 rather than individual security fixes

SharePoint Server 2016:

SharePoint Server 2019:

SharePoint Server Subscription Edition:

Office Online Server:

  • KB 5002276 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 

5 Comments


  1. Hello Stefan,

    please do you know if there is any security update for Workflow Manager to work with the patched Azure Fabric Service Host that had the severe vulnerability one or two months ago? It’s should be patched from 9.0 CU4. I tried to update to 9.1 but – unsurprisingly – it didn’t work and I rolled back to the unpatched version. I know it’s almost end of life but extended support ends in 10/2023 so I would have expected Microsoft still patches this. Thanks for any hint!

    Reply

    1. Hi Martin,
      I don’t have an answer to this question as Workflow Manager is not supported by my team.
      Please open a support case with Microsoft to get this investigated.
      Cheers,
      Stefan

      Reply

  2. We are trying to apply the patches and in the end when running the config wize getting the following on the 9th task
    An exception of type Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException was thrown. Additional exception information:
    Upgrade [SearchAdminDatabase Name=Cloud_Search_Service_Application] failed. (EventID:an59t)

    Exception: There is already an object named ‘domain\xyz’ in the database.CREATE SCHEMA failed due to previous errors. (EventID:an59t)

    Reply

  3. Hello Stefan,
    In the October CU for Sharepoint 2016, the rights of the farm administrator disappeared. In November CU for Sharepoint 2013, the rights of the farm administrator disappeared. Haven’t installed the November 2016 update yet for Sharepoint 2016, maybe it will happen again. This is not a question, this is my observation. I see it showing up in other people too.

    Reply

  4. Can the SharePoint 2016 security patches be installed without the cumulative update or do both CU and security patch have to be installed? Is there a dependency between the security patch and the CU? Or is there only a dependency between the CU and security patch, but not vice versa?

    Reply

Leave a Reply to Stefan Goßner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.