7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.242 Low
EPSS
Percentile
96.5%
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0254 and Microsoft Common Vulnerabilities and Exposures CVE-2017-0281.
Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:
This security update contains the following improvements:
This security update fixes the following nonsecurity issues for SharePoint Server 2016:
When you lose SharePoint sites that are upgraded from SharePoint 2013 to SharePoint 2016, sites fail to load because of multiple web parts not upgrading and referencing the wrong version. SSRS Web Part and SPListFilter are two examples. After you install this update, the upgrade of such pages will complete without errors.
When you run an administrative backup and an administrative restore of Enterprise custom fields, the restore fails at 29 percent completion. You also see a DatabaseForeignKeyViolationError (50002) queue error.
For remote SharePoint calls in hybrid, the query rewrite in the result source is added to the query two times. This could cause an unexpected recall for custom query rewrites.
SharePoint outbound email messages incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages from being sent. After you install this update, SharePoint sends email messages anonymously without authentication.
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
For deployment information about this update, see security update deployment information: May 9, 2017.
This security update doesn’t replace any previously released update.
Package name | Package hash SHA 1 | Package hash SHA 2 |
---|---|---|
sts2016-kb3191880-fullfile-x64-glb.exe | 78CC17726DCA743AC8E9917FC50F5AA5E72C0710 | 340459F54B2CCCBB263A240C5C77C44D6141438A3859BE9B98C5FDE4A0A6CCFA |
For a list of the files that are provided in this cumulative update KB3191880, download the file information for update KB3191880.
Help for installing updates: Support for Microsoft Update
Security solutions for IT professionals: TechNet Security Troubleshooting and Support
Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.242 Low
EPSS
Percentile
96.5%