January 2023 CU for SharePoint Server 2016 is available for download

The product group released the January 2023 Cumulative Update for SharePoint Server 2016 product family.

This CU also includes Feature Pack 1 which was released with December 2016 CU and Feature Pack 2 which was released with September 2017 CU.

The KB articles for January 2023 CU should be available at the following locations in a couple of hours:

  • KB 5002338 – January 2023 Update for SharePoint Server 2016 (language independent)
    This is also a security update!
  • There was no language dependent fix released this month.
    The most recent language dependent fix is KB 5002289 from November 2022 CU.

The downloads for January 2023 CU are available through the following links:

Important: It is required to install both fixes (language dependent and independent) to fully patch a SharePoint server. This applies also to servers which do not have language packs installed. The reason is that each SharePoint installation includes a language dependent component together with a language independent component. If additional language packs are added later (only) the language dependent fix has to be applied again.

It is irrelevant which language you pick on the drop down in download center. Even the language dependent fixes are all in the same package for all languages.

After installing the fixes you need to run the SharePoint 2016 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

SharePoint 2016 January 2023 CU Build Numbers:

Language independent fix: 16.0.5378.1000

To understand the different version numbers please have a look at my article which explains the different SharePoint build numbers.

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

Related Links:


  1. Good morning. Installed the 2016 on-premise update and PSCONFIG failed on my test farm with errors with distributed cache. I am combing through logs to see if I can find more info. This is a basic vanilla and clean farm with no active users. Still researching. May be something simple. Farm has been online for over a year with no previous update failures.

    ERROR Failed updating SecurityMode and ProtectionLevel in cluster. [Exception=System.Management.Automation.ParameterBindingException: A parameter cannot be found that matches parameter name ‘Path’. at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at Microsoft.SharePoint.DistributedCaching.Utilities.SPVelocityPowerShellWrapper.ExportCacheClusterConfig(String provider, String connectionString, String path)


  2. Hello Stefan,
    we have the problem since the January update that each page load takes over 40 seconds. In the ULS we have found errors from DistributedCache. Yesterday the performance was still ok (under 5 seconds per page load). Normally we patch our productive system on the following day (today), but this is of course not possible with such a performance.

    Attached is a part of the log:
    (AppFabricCache.EnsureCache) Microsoft.ApplicationServer.Caching.DataCacheException: ErrorCode:SubStatus:Transient error. Repeat the process later. (At least one of the specified cache servers is unavailable. Possible cause is high network or server load. For local caches, also check the following conditions. Ensure that this client account has been granted security permission and that the AppFabric cache service can pass through the firewall on all cache hosts. Also, the value of “MaxBufferSize” on the server must be greater than or equal to the size of the serialized object a being sent by the client). —> System.ServiceModel.CommunicationException: The socket connection was abort…

    Is there any known issue?


    1. I have the same errors after the patch, but I can attest that Use-CacheCluster errored on finding the cachehost after the December patch and prior to the January patch, but did not fail on December PSCONFIG. All this came to light with PSConfig after Jan patch. Nothing alerted me to the cachehost prior to patching January. No failed timer jobs, no access issues. Two unpatched farms can’t find the cachehost and it is possible it’s a timeout issue and may be a problem trying to read the connection string in the registry for me.


  3. We had no problems with Use-Cachehost.
    Fortunately, our problem was solved today by the very good support. Thanks again at this point!
    For us, the problem was that we (still) use the DC for our own solutions. To fix the problem, the solution had to be adapted.


  4. Is there a known issue here with KB5002338 resetting SQL permissions?


    1. I think this has been happening since October 2022 CU which is why we are currently adding manually db_owner permissions back to all SP databases to farm service account prior to CU update.

      Haven’t seen any resolution to this so far and other people are struggling with this too.


        1. Maybe Stefan would care to give opinion how the CU Update process should be done in this situation?

          Should we not add db_owner permissions to SP databases for farm service account prior to CU update since MS has decided to remove those and instead give SysAdmin server role for farm service account and remove it after the farm has been patched?


          1. Hi Kalervo,
            to get this correctly addressed and get an official statement from Microsoft a support case would be required to allow us to investigate this and get the product groups opinion on this.

        1. Haven’t seen this one before. Maybe because it’s part of so old CU update.

          So no, I haven’t applied it.

          Thanks for the tip though. I will try if that has any effect.


  5. Our SharePoint patching process has one step that is not automated. Do you offer an API which can be used to get and download the patches each month? If not, are you aware of anywhere this may be possible?


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.