Lucene search

K
mskbMicrosoftKB4493163
HistoryJan 12, 2021 - 8:00 a.m.

Description of the security update for SharePoint Enterprise Server 2016: January 12, 2021

2021-01-1208:00:00
Microsoft
support.microsoft.com
12

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description of the security update for SharePoint Enterprise Server 2016: January 12, 2021

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following security advisories:

Improvements and fixes

This security update enables the Search administrator to use the case-insensitive crawl behavior instead of case-sensitive crawling by setting the CaseSensitiveUrls property to0. To do this, use the following PowerShell script:`

$ssa = Get-SPEnterpriseSearchServiceApplication
$ssa.SetProperty(“CaseSensitiveUrls”, 0)
$ssa.Update()

`This update also contains fixes for the following nonsecurity issues in Project Server 2016:

  • If you delete many thousands of timesheets, the process might be slow.
  • Going to the Approvals page may take much longer than expected.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information

Security update deployment information

For deployment information about this update, see security update deployment information: January 12, 2021.

Security update replacement information

This security update replaces previously released security update 4486753.

File hash information

File name SHA1 hash SHA256 hash
sts2016-kb4493163-fullfile-x64-glb.exe 4807D885EB29946889DFEC19E89E89CF866AE5C4 DA066E9BBA80180187668D03BD1A95FBE5C2CC998BFFB0FD13CD03CDA2DCDE36

File information

Download the list of files that are included in security update 4493163.

Information about protection and security

Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C