SharePoint security fixes released with June 2023 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint 2013:
SharePoint 2013 has reached end of support. No further security fixes will be released for this product. Please update to a supported SharePoint version to ensure that your environment stays secure.

SharePoint Server 2016:

  • KB 5002404 – SharePoint Server 2016 (language independent)

Microsoft Support recommends to install the complete June 2023 CU for SharePoint 2016 rather than individual security fixes.

SharePoint Server 2019:

  • KB 5002402 – SharePoint Server 2019 (language independent)
  • KB 5002403 – SharePoint Server 2019 (language dependent)

Microsoft Support recommends to install the complete June 2023 CU for SharePoint 2019 rather than individual security fixes.

SharePoint Server Subscription Edition:

  • KB 5002416 – SharePoint Server Subscription Edition

This security fix includes the complete June 2023 CU for SharePoint Server Subscription Edition.

Office Online Server:

  • KB 5002401 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:

More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.


Security Vulnerabilities fixed in this PU

Vulnerability SP 2016 SP 2019 SP SE OOS Impact Max Severity
CVE-2023-29357 x Elevation of Priviledge Critical
CVE-2023-32029 x Remote Code Execution Important
CVE-2023-33129 x x x Denial of Service Important
CVE-2023-33130 x x Spoofing Important
CVE-2023-33132 x x Spoofing Important
CVE-2023-33133 x Remote Code Execution Important
CVE-2023-33137 x Remote Code Execution Important
CVE-2023-33142 x x Elevation of Priviledge Important


  1. Hi Stefan,
    nice work, keeping us informed, from your side as usual.
    To my regret Microsoft didn’t to a 100% job, because the hyperlink columns within custom lists using the modern experience will crash the new item slide in dialogs. This can be byassed by using the Quickedit view or switching back to classic UI.
    Regards Simon


    1. Hi Simon,
      please open a ticket with Microsoft to ensure that this gets analyzed.


    2. Thanks Stefan as usual good job.


    3. “Me too”. Just patched our Sharepoint 2019 Testserver with the June 2023 CU. I am also seeing problems with the hyperlink column in document libraries in modern UI.


  2. I can confirm the problems.
    A Support request has been opend.
    Regards Boris


  3. Hi Stefan and thanks for your amazing job 🙂

    I would like to know the reason for SP19 about “Microsoft Support recommends to install the complete June 2023 CU for SharePoint 2019 rather than individual security fixes.”



    1. Hi Alexandre,

      thanks for the question! But the answer will be a little bit longer than you might expect:

      For SharePoint there are no fix packages which only include security fixes. If you (e.g.) install the June 2023 Security fixes for Sharepoint Server 2019 you will get all the security fixes – but also all the non-security fixes released in this month and all previous months.
      Although most security fixes are code only fixes without any changes to the UI – the non-security fixes installed together with the security fixes often include code changes which require changes to the code only parts but also to the UI.
      Usually the security fixes are only in the language independent package as in most cases they do not require changes to the UI elements. If you now install only the language independent fixes, then those fixes which required changing the UI AND code will only be partially installed and therefor might not work correctly.
      This especially affects the modern UI or modern experience. The modern experience relies on having both the language dependent and language independent fixes in sync. There is a good chances that installing only the language independent fix without the language dependent will break the modern experience in SharePoint.

      This fact was the key driver for having only a single package in SharePoint Server Subscription Edition – to ensure that customers cannot break their farms by installing only a partial fix.
      I hope this explains it.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.