Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint Server 2016:
- KB 5002453 – SharePoint Server 2016 (language independent)
- KB 5002398 – SharePoint Server 2016 (language dependent)
Microsoft Support recommends to install the complete August 2023 CU for SharePoint 2016 rather than individual security fixes.
SharePoint Server 2019:
- KB 5002436 – SharePoint Server 2019 (language independent)
- KB 5002422 – SharePoint Server 2019 (language dependent)
Microsoft Support recommends to install the complete August 2023 CU for SharePoint 2019 rather than individual security fixes.
SharePoint Server Subscription Edition:
- KB 5002437 – SharePoint Server Subscription Edition
This security fix includes the complete August 2023 CU for SharePoint Server Subscription Edition.
Office Online Server:
- KB 5002435 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:
More information:
More information:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Security Vulnerabilities fixed in this PU
Vulnerability | SP 2016 | SP 2019 | SP SE | OOS | Impact | Max Severity |
---|---|---|---|---|---|---|
CVE-2023-35371 | x | Remote Code Execution | Important | |||
CVE-2023-36890 | x | x | Information Disclosure | Important | CVE-2023-36891 | x | x | Spoofing | Important | CVE-2023-36892 | x | x | Spoofing | Important |
CVE-2023-36894 | x | x | x | Information Disclosure | Important | |
CVE-2023-36896 | x | Remote Code Execution | Important |
See the Security Update Guide below for more details about the relevant fixes:
Permalink
Quick question… Is this CU (Aug 2023) ok in install with the know issue…
“You experience an issue in which a web part or web form control on the web part page cannot be displayed. For more information, see Web part or web form control cannot be displayed on SharePoint web part page (KB5029605).”
Is the workaround sate and effective solution to the problem?
Thanks Stefan Goßner for all you help!!!
Permalink
Hi Drake,
this should affect only custom webparts which use custom property names.
If you have such custom web parts in your system you should evaluate this fix in your test environment and test the relevant configuration to ensure that the correct properties can be enabled also in the production environment.
Cheers,
Stefan