SharePoint security fixes released with January 2023 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

Important:
SharePoint Foundation security fixes also have to be applied on SharePoint Server installations.
SharePoint Server security fixes also have to be applied on Project Server installations.

SharePoint 2013 Suite:

SharePoint Server 2016:

SharePoint Server 2019:

SharePoint Server Subscription Edition:

Office Online Server:

  • None
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 

5 Comments


  1. I’m confused – there’s no wss file?
    Do we need one file, or two.

    For instance:
    If I have an on-prem SharePoint 2019 installation, do I need both
    – sts2019-kb5002329-fullfile-x64-glb.exe
    AND
    – sts-subscription-kb5002331-fullfile-x64-glb.exe

    Or just the subscription file?

    Thanks,

    Reply

    1. Hi Keith,
      for SharePoint Server 2019 we released only a single fix for the language independent component with January 2023 CU.
      The most recent language dependent fix is from December 2023.
      See the linked CU article for details: https://blog.stefan-gossner.com/2023/01/10/january-2023-cu-for-sharepoint-server-2019-is-available-for-download/
      The sts-subscription-kb5002331-fullfile-x64-glb.exe is not for SharePoint Server 2019 – it is for SharePoint Subcription Edition.
      Cheers,
      Stefan

      Reply

      1. Thank you for the clarification.

        So if I understand correctly:
        I have not installed the December fixes (things were hectic and the User Profile issue scared me off). My SharePoint is only patched through the November releases.
        So, now I should run the WSS file from December, and this latest STS file from January, correct?

        I appreciate the quick responses!

        Reply

  2. Hello,

    After i upgrade to the latest version, I found that the block file type not only block file extensions, but also block the folder name. For exmple, the “dw” was appended in the block file list, then i create an folder named ‘aws’, it show me “The file you are attempting to save or retrieve has been blocked from this Web site by the server administrators.”

    The question I want to ask is: Is this our real intention?
    Hope your reply.

    Thanks.

    Reply

    1. Hi Addision,
      this issue is planned to be fixed in the upcoming February 2023 CU.
      Cheers,
      Stefan

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.