SharePoint security fixes released with April 2024 PU and offered through Microsoft Update

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint Server 2016:

  • KB 5002583 – SharePoint Server 2016 (language independent)

Microsoft Support recommends to install the complete April 2024 CU for SharePoint 2016 rather than individual security fixes.

SharePoint Server 2019:

  • KB 5002580 – SharePoint Server 2019 (language independent)

Microsoft Support recommends to install the complete April 2024 CU for SharePoint 2019 rather than individual security fixes.

SharePoint Server Subscription Edition:

  • KB 5002581 – SharePoint Server Subscription Edition

This security fix includes the complete April 2024 CU for SharePoint Server Subscription Edition.

Office Online Server:

  • None
See the Security Update Guide below for more details about the relevant fixes:
More information:

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

 


Security Vulnerabilities fixed in this PU

Vulnerability SP 2016 SP 2019 SP SE OOS Impact Max Severity
CVE-2024-26251 x x x Spoofing Important
See the Security Update Guide below for more details about the relevant fixes:

8 Comments


  1. Hi Stefan, thanks for the info. Quick question, we just installed and configured March 2024 update on our DEV and Test environments and about to deploy on PRO environments. How critical is this April 2024 update considering there is a Security Vulnerabilities fixed in this PU? Can this update be delayed for a month or two as it is just out and we don’t know if there any known issues. Thanks.

    Reply

    1. Hi Abhi, please review the CVE from the link above to make an informed decision based on your business requirements.

      Reply

  2. After deploying KB5002583 in our environment last week for testing and this week in the production environment, I encountered the SPHA error indicating “Product/patch installation or server upgrade required,” despite all updates being successfully installed according to our best practices. At first I thought I did something wrong in the test environment but this week exactly the same issue in prod. Where did we go wrong and what steps should we take next?

    Reply

    1. Hi Sandra,
      it sounds as if the configuration wizard was not executed on the machines that are showing this message.
      Cheers,
      Stefan

      Reply

      1. But it did successfully it shows in the upgrade status

        Reply

        1. Hi Sandra,
          in this case I would recommend to open a support case with Microsoft to get this analyzed in more detail.
          Cheers,
          Stefan

          Reply

  3. Whats with Office Online Server never getting Security Updates since september 2023?

    Reply

    1. Hi Stefan,
      the info I received is that Microsoft will continue to create security fixes for OOS on a case by case basis.
      Cheers,
      Stefan

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.