SharePoint security fixes released with January 2023 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint Foundation security fixes also have to be applied on SharePoint Server installations.
SharePoint Server security fixes also have to be applied on Project Server installations.

SharePoint 2013 Suite:

SharePoint Server 2016:

SharePoint Server 2019:

SharePoint Server Subscription Edition:

Office Online Server:

  • None
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.


  1. I’m confused – there’s no wss file?
    Do we need one file, or two.

    For instance:
    If I have an on-prem SharePoint 2019 installation, do I need both
    – sts2019-kb5002329-fullfile-x64-glb.exe
    – sts-subscription-kb5002331-fullfile-x64-glb.exe

    Or just the subscription file?



    1. Hi Keith,
      for SharePoint Server 2019 we released only a single fix for the language independent component with January 2023 CU.
      The most recent language dependent fix is from December 2023.
      See the linked CU article for details:
      The sts-subscription-kb5002331-fullfile-x64-glb.exe is not for SharePoint Server 2019 – it is for SharePoint Subcription Edition.


      1. Thank you for the clarification.

        So if I understand correctly:
        I have not installed the December fixes (things were hectic and the User Profile issue scared me off). My SharePoint is only patched through the November releases.
        So, now I should run the WSS file from December, and this latest STS file from January, correct?

        I appreciate the quick responses!


  2. Hello,

    After i upgrade to the latest version, I found that the block file type not only block file extensions, but also block the folder name. For exmple, the “dw” was appended in the block file list, then i create an folder named ‘aws’, it show me “The file you are attempting to save or retrieve has been blocked from this Web site by the server administrators.”

    The question I want to ask is: Is this our real intention?
    Hope your reply.



    1. Hi Addision,
      this issue is planned to be fixed in the upcoming February 2023 CU.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.