SharePoint security fixes released with August 2023 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint Server 2016:

  • KB 5002453 – SharePoint Server 2016 (language independent)
  • KB 5002398 – SharePoint Server 2016 (language dependent)

Microsoft Support recommends to install the complete August 2023 CU for SharePoint 2016 rather than individual security fixes.

SharePoint Server 2019:

  • KB 5002436 – SharePoint Server 2019 (language independent)
  • KB 5002422 – SharePoint Server 2019 (language dependent)

Microsoft Support recommends to install the complete August 2023 CU for SharePoint 2019 rather than individual security fixes.

SharePoint Server Subscription Edition:

  • KB 5002437 – SharePoint Server Subscription Edition

This security fix includes the complete August 2023 CU for SharePoint Server Subscription Edition.

Office Online Server:

  • KB 5002435 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:
More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

 


Security Vulnerabilities fixed in this PU

Vulnerability SP 2016 SP 2019 SP SE OOS Impact Max Severity
CVE-2023-35371 x Remote Code Execution Important
CVE-2023-36890 x x Information Disclosure Important
CVE-2023-36891 x x Spoofing Important
CVE-2023-36892 x x Spoofing Important
CVE-2023-36894 x x x Information Disclosure Important
CVE-2023-36896 x Remote Code Execution Important
See the Security Update Guide below for more details about the relevant fixes:

2 Comments


  1. Quick question… Is this CU (Aug 2023) ok in install with the know issue…

    “You experience an issue in which a web part or web form control on the web part page cannot be displayed. For more information, see Web part or web form control cannot be displayed on SharePoint web part page (KB5029605).”

    Is the workaround sate and effective solution to the problem?

    Thanks Stefan Goßner for all you help!!!

    Reply

    1. Hi Drake,
      this should affect only custom webparts which use custom property names.
      If you have such custom web parts in your system you should evaluate this fix in your test environment and test the relevant configuration to ensure that the correct properties can be enabled also in the production environment.
      Cheers,
      Stefan

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.