This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures ADV170008, Microsoft Common Vulnerabilities and Exposures CVE-2017-8509, Microsoft Common Vulnerabilities and Exposures CVE-2017-8511, Microsoft Common Vulnerabilities and Exposures CVE-2017-8512, and Microsoft Common Vulnerabilities and Exposures CVE-2017-8514.
Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.This public update delivers the first feature pack (Feature Pack 1) for SharePoint Server 2016 that contains the following features:
Microsoft Office 2016 clients use modern authentication by default. In certain configurations, modern authentication isnβt supported by the Office 2016 clients with SharePoint Server 2016, such as when it is used for Active Directory Federation Services (AD FS) 3.0 installations. SharePoint administrators can now configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients.
To configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients, follow these steps to run Microsoft PowerShell commands in the SharePoint 2016 Management Shell:
* You must have membership in the** securityadmin** fixed server role on the SQL Server instance.
* You must have membership in the **db_owner** fixed database role on all databases that are to be updated.
* You must be a member of the Administrators group on the server on which you are running the Microsoft PowerShell cmdlet.
$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients = $true
$sts.Update()
3. Restart Internet Information Services (IIS). To do this, run the following command:
iisreset /restart
4. Restart the SharePoint Timer Service (SPTimerV4). To do this, run the following commands:
Net Stop SPTimerV4
Net Start SPTimerV4
5. Run the following commands to verify that the change is made:
$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients
The last command should return True.Note Microsoft Office 2013 clients are also affected. We are investigating this behavior.
This security update contains improvements and fixes for the following nonsecurity issues in Project Server 2016:
Improve the performance of the Reporting (Project Publish) queue jobs.
Fixes the following issues:
Consider the following scenario:
The Reporting (Project Publish) job takes longer than expected in Project Server 2016.
Suppose you go to the Project Center page in the Project Web app and select many projects. When you click the Open In Microsoft Project option, nothing seems to happen, and the expected master project isnβt created in Project Professional. Now, when youβve selected more projects than can be used to create a master project via this method, youβll see a message that resembles the following:Your selection exceeds the limit for the number of projects we can open at a time from Project Web App. We created a master project with the supported number of projects. You can then add additional projects by going through Insert Subproject.
Resources from approved engagements become local resources in Project Professional if the project manager doesnβt have sufficient permissions to that resource.
When you add new tasks to a project while editing a project in PWA, formulas that use the Now() or**CurrentDate() **functions calculate incorrect results.
An assignmentβs Finish Date, Work, and Remaining Work values are wrong when team members enter material units in PWA Tasks or Timesheets views.
User-generated (ad hoc) custom filters that are applied to PWA views donβt display data values. For example, you open a custom filter dialog box in Project Center to add a filter on a date column. After you save, close, and then reopen the dialog box, the date you set isnβt displayed.
When you submit a status update, task-level baseline data disappears from the Tasks view for the given task assignments.
This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server 2016:
Translate some terms in multiple languages to make sure that the meaning is accurate.
Fixes the following issues:
Word documents and PowerPoint presentations that have invalid hyperlinks arenβt searchable.
The body property of large files is dropped in Content Enrichment Web Service (CEWS). This update deletes the thresholds of the maximum body size of a document before sending it to CEWS.
Administrators who wish to suppress modern authentication with Office 2016 applications can now configure the SPSecurityTokenServiceConfig object when the SuppressModernAuthForOfficeClients property is set to $false.
Currently, Office 2016 clients and SharePoint Server 2016 use the Modern Authentication protocol to communicate. In certain scenarios, Modern Authentication isnβt supported by the Office 2016 clients, such as with ADFS installations. Weβve made improvements so that SharePoint administrators can now configure SharePoint to suppress Modern Authentication in Office 2016 clients in the June 2017 PU, final version.
To configure SharePoint Server 2016 to suppress Modern Authentication in Office 2016 clients, run the following Windows PowerShell syntax in SharePoint 2016 Management Shell:
1. Before you can use the **Add-SPShellAdmin** cmdlet to grant permissions for users to run SharePoint Server 2016 cmdlets, verify that you meet all the following minimum requirements:
* You must have membership in the **securityadmin** fixed server role on the SQL Server instance.
* You must have membership in the **db_owner** fixed database role on all databases that are to be updated.
* You must be a member of the Administrators group on the server on which you are running the Windows PowerShell cmdlet.
2. At the Windows PowerShell command prompt, type the following commands:
Add-pssnapin Microsoft.sharepoint.powershell.dll
$sts = get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients = $true
$sts.Update()
3. Type iisreset /restart to restart IIS.
4. Type Net stop sptimerv4, and then typeNet start sptimerv4 to restart the SPTimerService.
5. In Windows PowerShell, run the following command to verify that the change persisted:
Note If you have closed the previous Windows PowerShell session then you must run the following command as shown. If you are in the same session, then you do not have to run the βAdd-pssnapin Microsoft.sharepoint.powershell.dllβ command again.
Add-pssnapin Microsoft.sharepoint.powershell.dll
$sts = get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients
Note Office 2013 clients are also affected. Microsoft is researching this problem and will post more information in this article when the information becomes available.
* The** SPFile.Author** property now has a value for installations after migrating from the classic-mode authentication to claims-based mode authentication.
* SPWebApplication FileNotFoundPage is not displayed correctly in some web browsers.
* Server-side defined timesheet view grouping doesnβt work with custom fields.
* After you delete a search center sub site, you canβt download search reports from site settings.
* When there are more than 100 site collections, you can see paging on the Tenant Admin page (TA_SiteCollections.aspx).
* Metadata navigation does not work for task lists.
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
For deployment information about this update, see security update deployment information: June 13, 2017.
This security update replaces previously released security update KB3191880.
Package Name | Package Hash SHA 1 | Package Hash SHA 2 |
---|---|---|
sts2016-kb3203432-fullfile-x64-glb.exe | 41CC4C6FEC4889D137834B673FF1DF44B95489F4 | BA03B641F0359473BB36464B07AA5A354F02C807C3B404B57D617355CC23C49B |
For a list of the files that are provided in this update KB3203432, download the file information for update KB3203432.
Help for installing updates: Windows Update FAQ
Security solutions for IT professionals: TechNet Security Support and Troubleshooting
Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure
Local support according to your country: International SupportPropose a feature or provide feedback on SharePoint: SharePoint User Voice portal