Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint Server 2016:
- KB 5002672 – SharePoint Server 2016 (language independent)
- KB 5002671 – SharePoint Server 2016 (language dependent)
Microsoft Support recommends to install the complete January 2025 CU for SharePoint 2016 rather than individual security fixes.
SharePoint Server 2019:
- KB 5002666 – SharePoint Server 2019 (language independent)
- KB 5002667 – SharePoint Server 2019 (language dependent)
Microsoft Support recommends to install the complete January 2025 CU for SharePoint 2019 rather than individual security fixes.
SharePoint Server Subscription Edition:
- KB 5002676 – SharePoint Server Subscription Edition
This security fix is identical with January 2025 CU for SharePoint Server Subscription Edition.
Office Online Server:
- KB 5002677 – Office Online Server
More information:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Security Vulnerabilities fixed in this PU
Vulnerability | SP 2016 | SP 2019 | SP SE | OOS | Impact | Max Severity |
---|---|---|---|---|---|---|
CVE-2025-21344 | x | x | x | Remote Code Execution | Important | |
CVE-2025-21348 | x | x | x | Remote Code Execution | Important | |
CVE-2025-21354 | x | Remote Code Execution | Critical | |||
CVE-2025-21362 | x | Remote Code Execution | Critical | |||
CVE-2025-21393 | x | x | x | Spoofing | Important |
See the Security Update Guide below for more details about the relevant fixes:
Permalink
Are CU’s still intended to be downloaded and installed manually as opposed through WSUS/SCCM? On one of our SP2019 farms I’m seeing this in Windows Update: “Security Update for Microsoft SharePoint Server 2019 Core (KB5002666) farm-deployment. Status: Pending Install”
Permalink
Nintex site workflows are affected
Errored with:
…workflow has ended unexpectedly.
Workflow was canceled by System Account.
Any solution?