SharePoint security fixes released with April 2024 PU and offered through Microsoft Update

Stefan Goßner - April 9, 2024 - 6 Comments

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint Server 2016:

KB 5002583 – SharePoint Server 2016 (language independent)

Microsoft Support recommends to install the complete April 2024 CU for SharePoint 2016 rather than individual security fixes.

SharePoint Server 2019:

KB 5002580 – SharePoint Server 2019 (language independent)

Microsoft Support recommends to install the complete April 2024 CU for SharePoint 2019 rather than individual security fixes.

SharePoint Server Subscription Edition:

KB 5002581 – SharePoint Server Subscription Edition

This security fix includes the complete April 2024 CU for SharePoint Server Subscription Edition.

Office Online Server:

None

See the Security Update Guide below for more details about the relevant fixes:
More information:

KB 5002548 – April 2024 updates for Microsoft Office

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

Security Vulnerabilities fixed in this PU

Vulnerability	SP 2016	SP 2019	SP SE	OOS	Impact	Max Severity
CVE-2024-26251	x	x	x		Spoofing	Important

See the Security Update Guide below for more details about the relevant fixes:

Security Update Guide

6 Comments

Abhi
On 10. April 2024 Permalink

Hi Stefan, thanks for the info. Quick question, we just installed and configured March 2024 update on our DEV and Test environments and about to deploy on PRO environments. How critical is this April 2024 update considering there is a Security Vulnerabilities fixed in this PU? Can this update be delayed for a month or two as it is just out and we don’t know if there any known issues. Thanks.

Reply
1. Stefan Goßner
  On 10. April 2024 Permalink
  
  Hi Abhi, please review the CVE from the link above to make an informed decision based on your business requirements.
  
  Reply
Sandra
On 19. April 2024 Permalink

After deploying KB5002583 in our environment last week for testing and this week in the production environment, I encountered the SPHA error indicating “Product/patch installation or server upgrade required,” despite all updates being successfully installed according to our best practices. At first I thought I did something wrong in the test environment but this week exactly the same issue in prod. Where did we go wrong and what steps should we take next?

Reply
1. Stefan Goßner
  On 19. April 2024 Permalink
  
  Hi Sandra,
  it sounds as if the configuration wizard was not executed on the machines that are showing this message.
  Cheers,
  Stefan
  
  Reply
  1. Sandra
    On 19. April 2024 Permalink
    
    But it did successfully it shows in the upgrade status
    
    Reply
    1. Stefan Goßner
      On 19. April 2024 Permalink
      
      Hi Sandra,
      in this case I would recommend to open a support case with Microsoft to get this analyzed in more detail.
      Cheers,
      Stefan
      
      Reply

Share this:

6 Comments

Leave a Reply Cancel reply