Description of the security update for SharePoint Enterprise Server 2016: December 11, 2018

2020-04-13T02:05:01
ID KB4461541
Type mskb
Reporter Microsoft
Modified 2020-04-16T08:35:22

Description

<html><body><p>Description of the security update for SharePoint Enterprise Server 2016: December 11, 2018</p><h2>Summary</h2><div><p class="MsoNormal">This security update resolves vulnerabilities in MicrosoftOffice that could allow remote code execution if a user opens a speciallycrafted Office file. To learn more about these vulnerabilities, see <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568" target="_blank"></a><a aria-label="CTRL+Click or CTRL+Enter to follow link https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580" href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580">Microsoft Common Vulnerabilities and Exposures CVE-2018-8580</a>, <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568" target="_blank"></a><a aria-label="CTRL+Click or CTRL+Enter to follow link https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635" href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635">Microsoft Common Vulnerabilities and Exposures CVE-2018-8635</a>, and<a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572" target="_blank"></a><a aria-label="CTRL+Click or CTRL+Enter to follow link https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628" href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628">Microsoft Common Vulnerabilities and Exposures CVE-2018-8628</a>.</p><p class="MsoNormal"><span style="font-weight:bold;">Note </span>To apply this security update, you must have therelease version of SharePoint Enterprise Server 2016 installed on the computer.</p><p class="MsoNormal">This public update delivers Feature Pack 2 for SharePointServer 2016, which contains the following feature:</p><p class="MsoNormal"></p><ul><li>SharePoint Framework (SPFx)</li></ul><p></p><p class="MsoNormal">This public update also delivers all the features that wereincluded in Feature Pack 1 for SharePoint Server 2016, including:</p><p class="MsoNormal"></p><ul><li>Administrative Actions Logging</li><li>MinRole enhancements</li><li>SharePoint Custom Tiles</li><li>Hybrid Auditing (preview)</li><li>Hybrid Taxonomy</li><li>OneDrive API for SharePoint on-premises</li><li>OneDrive for Business modern experience (available toSoftware Assurance customers)</li></ul><p></p><p class="MsoNormal"></p><p class="MsoNormal"></p><p class="MsoNormal"></p><p class="MsoNormal"></p><p class="MsoNormal"></p><p class="MsoNormal"></p><p class="MsoNormal">The OneDrive for Business modern user experience requires anactive Software Assurance contract at the time that the experience is enabled,either by installation of the public update or by manual enablement. If youdon't have an active Software Assurance contract at the time of enablement, youmust turn off the OneDrive for Business modern user experience.</p><p class="MsoNormal">For more information, see the following Microsoft Docsarticles:</p><p class="MsoNormal"></p><ul><li><a href="https://go.microsoft.com/fwlink/?linkid=832679" target="_blank">New features included in the November 2016 Public Update forSharePoint Server 2016 (Feature Pack 1)</a></li><li><a href="https://go.microsoft.com/fwlink/?linkid=856819" target="_blank">New features included in the September 2017 Public Update forSharePoint Server 2016 (Feature Pack 2)</a></li></ul><p></p><p class="MsoNormal"></p></div><h2>Improvements and fixes</h2><div><p class="MsoNormal">This security update contains improvements and fixes for thefollowing nonsecurity issues for SharePoint Server 2016:<br/></p><p class="MsoNormal"></p><ul><li>If there is a "Multiple lines of text" column in aSharePoint list and the "Enhanced rich text " setting is applied tothis column, the content in the column may not be always searchable in a searchcrawl.</li><li>After youapply an update, the database reporting association views aren't regenerated asexpected when the SharePoint Configuration wizard is run.</li><li><a href="https://apac01.safelinks.protection.outlook.com/?url=https://support.microsoft.com/en-us/help/4052414?preview&data=02%7c01%7cv-weizhu%40microsoft.com%7cf97bce67f8cf47d269a808d6569f05bf%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636791638361493557&sdata=Fozxmg5kAf2bs75VRXPs%2BH5FudUNLXvV4ljY8h1cVlA%3D&reserved=0"></a>After security update <a href="https://support.microsoft.com/en-us/help/4032233/description-of-the-security-update-for-office-2016-august-14-2018">KB 4032233</a>or <a href="https://support.microsoft.com/en-us/help/4032256/description-of-the-security-update-for-sharepoint-enterprise-server">KB 4032256</a>is applied, Word 2016 may crash.<br/></li></ul><p class="MsoNormal"></p><p>This update also fixes a vulnerability through the followingchanges in SharePoint Server 2016:</p><p></p><ul><li>All existing Search Results Web Parts are automaticallyswitched to use asynchronous loading.</li><li>All newly created Search Results Web Parts use asynchronousloading.</li><li>Loading behavior is no longer an option in the SearchResults Web Part properties user interface (UI).</li></ul><p></p><p>See <a href="https://support.microsoft.com/en-us/help/4052414">KB 4052414</a> fordetails.<br/><br/></p><p class="MsoNormal"></p><p></p><p class="MsoNormal">This security update contains improvements and fixes for thefollowing nonsecurity issues for Project Server 2016:<br/></p><p class="MsoNormal"></p><ul><li>This update provides the UpdateCreatePDP method so that youcan set the "New Project Page" Project Detail Page (PDP) for an enterpriseproject type (EPT) through the Client-Side Object Model (CSOM).</li><li>While on theTimesheet Adjustment page, you click the <b>Filter</b> button and then you manuallyenter a Custom Date Range date that is outside of the allowable range for the project(such as between 1/1/1984 and 12/31/2149). When you then click the <b>Apply</b> button, thepage fails to load and becomes unrecoverable. You see the following error message: <br/><br/>“Sorry, something went wrong.<br/>Your request has failed for an undetectable reason; you may need to contactyour system or database administrator."</li></ul><p></p></div><h2>How to get and install the update</h2><div><p class="MsoNormal"><span style="font-weight:bold;">Method 1: Microsoft Update</span></p><p class="MsoNormal">This update is available through Windows Update. When youturn on automatic updating, this update will be downloaded and installedautomatically. For more information about how to turn on automatic updating,see <a href="https://support.microsoft.com/en-us/help/12373/windows-update-faq">WindowsUpdate: FAQ</a>.</p><p class="MsoNormal"><span style="font-weight:bold;">Method 2: Microsoft Update Catalog</span></p><p class="MsoNormal">To get the standalone package for this update, go tothe <a href="http://www.catalog.update.microsoft.com/Search.aspx?q=KBxxxxxxx"></a><a aria-label="CTRL+Click or CTRL+Enter to follow link http://www.catalog.update.microsoft.com/Search.aspx?q=KB4461541" href="http://www.catalog.update.microsoft.com/Search.aspx?q=KB4461541">MicrosoftUpdate Catalog</a> website.</p><p class="MsoNormal"><span style="font-weight:bold;">Method 3: Microsoft Download Center</span></p><p class="MsoNormal">You can get the standalone update package through theMicrosoft Download Center. Follow the installation instructions on the downloadpage to install the update.</p><p class="MsoNormal"></p><ul><li><a aria-label="CTRL+Click or CTRL+Enter to follow link http://www.microsoft.com/download/details.aspx?familyid=1d2333ca-bd80-46e6-8c88-cbc9a81d4ced" href="http://www.microsoft.com/download/details.aspx?familyid=1d2333ca-bd80-46e6-8c88-cbc9a81d4ced">Downloadsecurity update KB 4461541 for the 64-bit version of SharePoint Enterprise Server 2016</a></li></ul><p></p></div><h2>Update information</h2><div><p class="MsoNormal"><span style="font-weight:bold;">Security update deployment information</span></p><p class="MsoNormal">For deployment information about this update, see <a href="https://support.microsoft.com/en-us/help/20181211" target="_blank">securityupdate deployment information: December 11, 2018</a>.</p><p class="MsoNormal"><span style="font-weight:bold;">Security update replacement information</span></p><p class="MsoNormal">This security update replaces previously released securityupdate <a aria-label="CTRL+Click or CTRL+Enter to follow link https://support.microsoft.com/en-us/help/4461501" href="https://support.microsoft.com/en-us/help/4461501">KB 4461501</a>.</p></div><h2>File information</h2><div><p class="MsoNormal"><span style="font-weight:bold;">File hash information</span></p><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse:collapse;border:none;"> <tbody><tr style=""> <td style="width:134.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;" valign="top" width="180"> <p align="center" class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;text-align:center;line-height:normal;"><b style="">File name</b></p> </td> <td style="width:135.0pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;" valign="top" width="180"> <p align="center" class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;text-align:center;line-height:normal;"><b style="">SHA1 hash</b></p> </td> <td style="width:197.75pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt;" valign="top" width="264"> <p align="center" class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;text-align:center;line-height:normal;"><b style="">SHA256 hash</b></p> </td> </tr> <tr style="height:28.75pt;"> <td style="width:134.75pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;height:28.75pt;" valign="top" width="180"> <p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;"><span style="color:black;">sts2016-kb4461541-fullfile-x64-glb.exe</span></p> </td> <td style="width:135.0pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:28.75pt;" valign="top" width="180"> <p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;">C644AAF7D815E83C07E034FD9845A3937F0330CA</p> </td> <td style="width:197.75pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:28.75pt;" valign="top" width="264"> <p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;">979D1674EDCCED396819B225F453D86D7456D50A7567140CD2CCA614BA3B38B1</p> </td> </tr></tbody></table><p class="MsoNormal" style=""> </p><p class="MsoNormal"></p><p class="MsoNormal"><span style="font-weight:bold;">File information</span></p><p class="MsoNormal">For the list of files that are included in the securityupdate 4461541, download the <a aria-label="CTRL+Click or CTRL+Enter to follow link http://download.microsoft.com/download/6/9/0/690BA9D1-267C-42DD-8E8F-022CB08CD2AA/4461541.csv" href="http://download.microsoft.com/download/6/9/0/690BA9D1-267C-42DD-8E8F-022CB08CD2AA/4461541.csv">file information</a>.</p><p></p></div><h2>How to get help and support for this security update</h2><div><p class="MsoNormal">Protect yourself online and at home: <a href="https://www.microsoft.com/en-us/safety/pc-security/updates.aspx">WindowsSecurity support</a> </p><p class="MsoNormal">Help for protecting your Windows-based computer from virusesand malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master">MicrosoftSecure</a></p><p class="MsoNormal">Local support according to your country: <a href="https://www.microsoft.com/en-us/locale.aspx">International Support</a></p></div></body></html>