SharePoint security fixes released with September 2023 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint Server 2016:

  • KB 5002494 – SharePoint Server 2016 (language independent)
  • KB 5002501 – SharePoint Server 2016 (language dependent)

Microsoft Support recommends to install the complete September 2023 CU for SharePoint 2016 rather than individual security fixes.

SharePoint Server 2019:

  • KB 5002472 – SharePoint Server 2019 (language independent)

Microsoft Support recommends to install the complete September 2023 CU for SharePoint 2019 rather than individual security fixes.

SharePoint Server Subscription Edition:

  • KB 5002474 – SharePoint Server Subscription Edition

This security fix includes the complete September 2023 CU for SharePoint Server Subscription Edition.

Office Online Server:

  • KB 5002470 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:
More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

 


Security Vulnerabilities fixed in this PU

Vulnerability SP 2016 SP 2019 SP SE OOS Impact Max Severity
CVE-2023-36762 x Remote Code Execution Important
CVE-2023-36764 x x x Elevation of Privilege Important
CVE-2023-36766 x Information Disclosure Important
See the Security Update Guide below for more details about the relevant fixes:

1 Comment


  1. I am not sure if this is related to this patch. But it seem that new web applications which gets a certificate binding shows a 500, and says that this site does not have a certificate.(eventhough there is a binding to the certificate in IIS) Anyone experienced similar problems?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.