Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint 2013:
SharePoint 2013 has reached end of support. No further security fixes will be released for this product. Please update to a supported SharePoint version to ensure that your environment stays secure.
SharePoint Server 2016:
- KB 5002404 – SharePoint Server 2016 (language independent)
Microsoft Support recommends to install the complete June 2023 CU for SharePoint 2016 rather than individual security fixes.
SharePoint Server 2019:
- KB 5002402 – SharePoint Server 2019 (language independent)
- KB 5002403 – SharePoint Server 2019 (language dependent)
Microsoft Support recommends to install the complete June 2023 CU for SharePoint 2019 rather than individual security fixes.
SharePoint Server Subscription Edition:
- KB 5002416 – SharePoint Server Subscription Edition
This security fix includes the complete June 2023 CU for SharePoint Server Subscription Edition.
Office Online Server:
- KB 5002401 – Office Online Server
More information:
Security Vulnerabilities fixed in this PU
| Vulnerability | SP 2016 | SP 2019 | SP SE | OOS | Impact | Max Severity |
|---|---|---|---|---|---|---|
| CVE-2023-29357 | x | Elevation of Priviledge | Critical | |||
| CVE-2023-32029 | x | Remote Code Execution | Important | |||
| CVE-2023-33129 | x | x | x | Denial of Service | Important | |
| CVE-2023-33130 | x | x | Spoofing | Important | ||
| CVE-2023-33132 | x | x | Spoofing | Important | ||
| CVE-2023-33133 | x | Remote Code Execution | Important | |||
| CVE-2023-33137 | x | Remote Code Execution | Important | |||
| CVE-2023-33142 | x | x | Elevation of Priviledge | Important |
Permalink
Hi Stefan,
nice work, keeping us informed, from your side as usual.
To my regret Microsoft didn’t to a 100% job, because the hyperlink columns within custom lists using the modern experience will crash the new item slide in dialogs. This can be byassed by using the Quickedit view or switching back to classic UI.
Regards Simon
Permalink
Hi Simon,
please open a ticket with Microsoft to ensure that this gets analyzed.
Cheers,
Stefan
Permalink
Thanks Stefan as usual good job.
Permalink
“Me too”. Just patched our Sharepoint 2019 Testserver with the June 2023 CU. I am also seeing problems with the hyperlink column in document libraries in modern UI.
Permalink
I can confirm the problems.
A Support request has been opend.
Regards Boris
Permalink
Hi Stefan and thanks for your amazing job 🙂
I would like to know the reason for SP19 about “Microsoft Support recommends to install the complete June 2023 CU for SharePoint 2019 rather than individual security fixes.”
Thanks
Permalink
Hi Alexandre,
thanks for the question! But the answer will be a little bit longer than you might expect:
For SharePoint there are no fix packages which only include security fixes. If you (e.g.) install the June 2023 Security fixes for Sharepoint Server 2019 you will get all the security fixes – but also all the non-security fixes released in this month and all previous months.
Although most security fixes are code only fixes without any changes to the UI – the non-security fixes installed together with the security fixes often include code changes which require changes to the code only parts but also to the UI.
Usually the security fixes are only in the language independent package as in most cases they do not require changes to the UI elements. If you now install only the language independent fixes, then those fixes which required changing the UI AND code will only be partially installed and therefor might not work correctly.
This especially affects the modern UI or modern experience. The modern experience relies on having both the language dependent and language independent fixes in sync. There is a good chances that installing only the language independent fix without the language dependent will break the modern experience in SharePoint.
This fact was the key driver for having only a single package in SharePoint Server Subscription Edition – to ensure that customers cannot break their farms by installing only a partial fix.
I hope this explains it.
Cheers,
Stefan