Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint Server 2016:
- KB 5002494 – SharePoint Server 2016 (language independent)
- KB 5002501 – SharePoint Server 2016 (language dependent)
Microsoft Support recommends to install the complete September 2023 CU for SharePoint 2016 rather than individual security fixes.
SharePoint Server 2019:
- KB 5002472 – SharePoint Server 2019 (language independent)
Microsoft Support recommends to install the complete September 2023 CU for SharePoint 2019 rather than individual security fixes.
SharePoint Server Subscription Edition:
- KB 5002474 – SharePoint Server Subscription Edition
This security fix includes the complete September 2023 CU for SharePoint Server Subscription Edition.
Office Online Server:
- KB 5002470 – Office Online Server
See the Security Update Guide below for more details about the relevant fixes:
More information:
More information:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Security Vulnerabilities fixed in this PU
| Vulnerability | SP 2016 | SP 2019 | SP SE | OOS | Impact | Max Severity |
|---|---|---|---|---|---|---|
| CVE-2023-36762 | x | Remote Code Execution | Important | |||
| CVE-2023-36764 | x | x | x | Elevation of Privilege | Important | |
| CVE-2023-36766 | x | Information Disclosure | Important |
See the Security Update Guide below for more details about the relevant fixes:
Permalink
I am not sure if this is related to this patch. But it seem that new web applications which gets a certificate binding shows a 500, and says that this site does not have a certificate.(eventhough there is a binding to the certificate in IIS) Anyone experienced similar problems?