Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint Server 2016:
- KB 5002583 – SharePoint Server 2016 (language independent)
Microsoft Support recommends to install the complete April 2024 CU for SharePoint 2016 rather than individual security fixes.
SharePoint Server 2019:
- KB 5002580 – SharePoint Server 2019 (language independent)
Microsoft Support recommends to install the complete April 2024 CU for SharePoint 2019 rather than individual security fixes.
SharePoint Server Subscription Edition:
- KB 5002581 – SharePoint Server Subscription Edition
This security fix includes the complete April 2024 CU for SharePoint Server Subscription Edition.
Office Online Server:
- None
See the Security Update Guide below for more details about the relevant fixes:
More information:
More information:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Security Vulnerabilities fixed in this PU
| Vulnerability | SP 2016 | SP 2019 | SP SE | OOS | Impact | Max Severity |
|---|---|---|---|---|---|---|
| CVE-2024-26251 | x | x | x | Spoofing | Important |
See the Security Update Guide below for more details about the relevant fixes:
Permalink
Hi Stefan, thanks for the info. Quick question, we just installed and configured March 2024 update on our DEV and Test environments and about to deploy on PRO environments. How critical is this April 2024 update considering there is a Security Vulnerabilities fixed in this PU? Can this update be delayed for a month or two as it is just out and we don’t know if there any known issues. Thanks.
Permalink
Hi Abhi, please review the CVE from the link above to make an informed decision based on your business requirements.
Permalink
After deploying KB5002583 in our environment last week for testing and this week in the production environment, I encountered the SPHA error indicating “Product/patch installation or server upgrade required,” despite all updates being successfully installed according to our best practices. At first I thought I did something wrong in the test environment but this week exactly the same issue in prod. Where did we go wrong and what steps should we take next?
Permalink
Hi Sandra,
it sounds as if the configuration wizard was not executed on the machines that are showing this message.
Cheers,
Stefan
Permalink
But it did successfully it shows in the upgrade status
Permalink
Hi Sandra,
in this case I would recommend to open a support case with Microsoft to get this analyzed in more detail.
Cheers,
Stefan
Permalink
Whats with Office Online Server never getting Security Updates since september 2023?
Permalink
Hi Stefan,
the info I received is that Microsoft will continue to create security fixes for OOS on a case by case basis.
Cheers,
Stefan
Permalink
Hi Stefan,
During the installation of this update (KB5002581) for my sharepoint subscribe edition, it got stuck, I’ve came back to the previus update and now, when i lunch the administart page it don’t work and show me this error:
Unknown server tag ‘AdminControls:EndOfSupportNotificationBar’, and i can’t update the system beacause windows don’t see the next update.
how i can fix this ?
Permalink
Hi Giorgio,
this error can occur if you did not run PSConfig after applying the fix.
Cheers,
Stefan