Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint Foundation security fixes also have to be applied on SharePoint Server installations.
SharePoint Server security fixes also have to be applied on Project Server installations.
SharePoint 2013 Suite:
- KB 5002336 – SharePoint Foundation 2013 (core component)
Microsoft Support recommends to install the complete January 2023 CU for SharePoint 2013 rather than individual security fixes
SharePoint Server 2016:
- KB 5002338 – SharePoint Server 2016 (language independent)
Microsoft Support recommends to install the complete January 2023 CU for SharePoint 2016 rather than individual security fixes
SharePoint Server 2019:
- KB 5002329 – SharePoint Server 2019 (language independent)
Microsoft Support recommends to install the complete January 2023 CU for SharePoint 2019 rather than individual security fixes
SharePoint Server Subscription Edition:
- KB 5002331 – SharePoint Server Subscription Edition (language independent)
Microsoft Support recommends to install the complete January 2023 CU for SharePoint Subscription Edition rather than individual security fixes
Office Online Server:
I’m confused – there’s no wss file?
Do we need one file, or two.
If I have an on-prem SharePoint 2019 installation, do I need both
Or just the subscription file?
for SharePoint Server 2019 we released only a single fix for the language independent component with January 2023 CU.
The most recent language dependent fix is from December 2023.
See the linked CU article for details: https://blog.stefan-gossner.com/2023/01/10/january-2023-cu-for-sharepoint-server-2019-is-available-for-download/
The sts-subscription-kb5002331-fullfile-x64-glb.exe is not for SharePoint Server 2019 – it is for SharePoint Subcription Edition.
Thank you for the clarification.
So if I understand correctly:
I have not installed the December fixes (things were hectic and the User Profile issue scared me off). My SharePoint is only patched through the November releases.
So, now I should run the WSS file from December, and this latest STS file from January, correct?
I appreciate the quick responses!
After i upgrade to the latest version, I found that the block file type not only block file extensions, but also block the folder name. For exmple, the “dw” was appended in the block file list, then i create an folder named ‘aws’, it show me “The file you are attempting to save or retrieve has been blocked from this Web site by the server administrators.”
The question I want to ask is: Is this our real intention?
Hope your reply.
this issue is planned to be fixed in the upcoming February 2023 CU.