CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.5%
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS17-002.
Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.
For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article 3214291.
This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:
This security update contains the following improvements and fixes for SharePoint Server 2016:
Some terms are translated into multiple languages to make sure that the meaning is accurate.
You can’t access the Shortcuts link through keyboard in grid edit mode of a SharePoint task list. Additionally, screen readers can’t read or access information panels in SharePoint Server 2016.
The PSConfig tool may recommend incorrect cmdlets.
Sometimes, the PSConfig tool shows the upgrade as 100 percent completed even though it still takes some time before the tool moves to the next status. This problem occurs because the tool must complete some minor steps after it upgrades the products. Progress messages are displayed for these steps.
Fixes the following cmdlet legacy issues of the Administrative Actions Logging feature:
After you try to configure and use the Lotus Notes connector for SharePoint Server, the crawl fails.
You can’t use the CSOM API to set the BookingType property for enterprise resources in projects.
A system access control list (SACL) isn’t read correctly for large file paths that exceed the Windows limitation of 260 characters. This causes the SACL to be discoverable by any user in the query results even if the user doesn’t have the appropriate permissions.
After you make multiple changes to the same user in quick succession in SharePoint Server 2016, the Quick Sync job can’t be completed successfully.
When you configure hybrid taxonomy, the specified Local Term Store Name parameter is now case-insensitive even though it was previously case-sensitive.
You can’t restore site collection that have site URLs. Additionally, you receive the following error message:
Error: Violation of PRIMARY KEY constraint ‘PK_SiteUrlMap’. Cannot insert duplicate key in object ‘dbo.SiteUrlMap’
When you add a subtask to an existing subtask of a SharePoint task list, multiple subtasks are created instead of just one subtask, in certain conditions.
When you copy and paste subtasks in grid edit mode of a SharePoint task list, multiple subtasks are created unexpectedly.
SharePoint Server 2016 becomes unresponsive and the server experiences high CPU usage that requires a restart. Additionally, you can’t access sites, or you get extremely slow page load times.
This security update also contains improvements and fixes for Project Server 2016:
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
For deployment information about this update, see Microsoft Knowledge Base article 3214291.
This security update doesn’t replace any previously released update.
Package name | Package hash SHA 1 | Package hash SHA 2 |
---|---|---|
sts2016-kb3141486-fullfile-x64-glb.exe | 1B30B50FEB5FB3F8D764C6C0D6523DBA5BE05C1E | 4A21ACD01FD617A60C7A3782E322289C15252E5FD297C298AF32B09744B340E1 |
For the list of files that cumulative update KB3141486 contains, download the file information for update KB3141486.
__
How to get help and support for this security update
Help for installing updates:
Support for Microsoft Update
Security solutions for IT professionals:
TechNet Security Troubleshooting and Support
Help for protecting your Windows-based computer from viruses and malware:
Virus Solution and Security Center
Local support according to your country: International Support
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.5%