Description of the security update for SharePoint Server Subscription Edition: January 11, 2022 (KB5002111)
Summary
This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the Microsoft Common Vulnerabilities and Exposures CVE-2022-21837 and Microsoft Common Vulnerabilities and Exposures CVE-2022-21840.
Improvements and fixes
This security update contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition:
- To better protect and strengthen the security of SharePoint, SharePoint now restricts access to its Web.config files. Users cannot access Web.config files unless theyβre local administrators, farm administrators, or managed by SharePoint. This change does not impact standard SharePoint functionality. For more information about this improvement, see Permissions of Web.config files are restricted in SharePoint Server (KB5010126).
- Fixes an issue in which you cannot copy and paste list items in quick edit mode by using a modern browser.
- Removes unnecessary stored procedure executions that can cause SQL Server deadlocks when multiple apps are present on a page together with a high user load.
- Improves the page rendering performance.
- Fixes an issue in which all other terms of the hierarchy are selected if a subterm is selected when you filter a Managed Metadata Services (MMS)-based column in modern user experience (UX).
- Fixes an issue in which the hidden nodes of the left navigation pane are shown in the modern team site when the Publishing feature is enabled.
- Fixes an issue in which you cannot add an event to a modern site page.
- Fixes an issue in which the Content Deployment feature cannot publish incremental changes.
- Fixes an issue in which several ARIA attributes of the People Picker are not allowed in a new item of a modern team site.
- Fixes an issue in which the field does not have a rectangular border when it is focused on in the edit list dialog box.
- Fixes an issue in which the username is truncated on the ribbon at the top of the screen if the selected language is he-il (Hebrew - Israel).
- Fixes an issue in which a scope property is shown in SAML providers.
- Fixes an issue in which the document sets that contain non-ASCII characters are not crawled successfully.
- Fixes an issue in which a recursive token folder copy occurs when you run the Copy-SPSideBySideFiles cmdlet to do an upgrade that fails to delete the older token folders.
- Fixes an accessibility issue in which the focus is going out of the New link dialog box when you use the Tab key to navigate.
- Fixes an issue in which you cannot replace the certificate assignment when the certificate is not assigned during the import certificate operation.
- Fixes an issue in which the Create list pane is opened two times when you use the keyboard to activate theAdd a list button.
- Fixes an issue in which a No UI error message occurs when a group member tries to share a modern team site.
- Fixes an issue in which the new OpenID Connect (OIDC) token issuer cannot use the UPA-backed claim provider.
- Fixes an issue in which changing the start day of the week from other days back to Sunday does not work for calendar view.
- Fixes an issue in which the recently shared item is not displayed immediately in the OneDrive mobile app for Android because of an incorrect site URL of the recently shared item.
- Fixes an issue in which the focus is not visible for the show actions button in the high contrast mode of theSite Contents page.
- Fixes an issue in which the More Options button is not descriptive in theComments section of a page.
- Fixes an issue in which the New Site button is missing on theSite Contents page when the zoom value is set to 200 percent.
- Fixes an issue in which you cannot access _admin/certificatesettings.aspx by using the least-restrictive permissions.
- Fixes an issue in which you receive a βRequestNotSupportedβ Colbalt error when you replace a duplicate file from a SharePoint Server 2010 content database in the modern UI.
- Fixes an issue in which selecting the New button in the form library opens a dialog box to upload files instead of opening the InfoPath client application.
- Fixes an issue in which selecting an existing form in a form library that is set to OpenInClient does not start the InfoPath client application, and you receive the following error message:
This action couldnβt be performed because Office doesnβt recognize the command it was given.
This security update also contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition. To enable the improvements or fix the issues completely, you have to install KB 5002110 together with this update.
- Fixes an issue in which the Export-SPCertificate cmdlet parameter names donβt match in PowerShell help.
- Fixes an issue in which the Name list web part is not defined for the tick button in the attachments edit field.
- Capitalizes the word βdatabaseβ in the PowerShell descriptions of the Add-SPShellAdmin, Get-SPShellAdmin, and Remove-SPShellAdmin cmdlets.
- Fixes an issue in which the More options button is not accessible by using the keyboard when the zoom value is set to 400 percent.
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
- Download security update 5002111 for the 64-bit version of SharePoint Server Subscription Edition
More information
Security update deployment information
For deployment information about this update, see Security update deployment information: January 11, 2022 (KB5010029).
Security update replacement information
This security update replaces previously released security update 5002045.
File hash information
File name |
SHA256 hash |
sts-subscription-kb5002111-fullfile-x64-glb.exe |
39DDC16F03A730B804C8C7D70B9CB16B68464542BBBB286489847232751A15BD |
File information
Download the list of files that are included in security update 5002111.
Information about protection and security
Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security
Change history
The following table summarizes some of the most important changes to this topic.Date |
Description |
February 11, 2022 |
Removed the βKnown issues in this updateβ section and added the KB5010126 as an improvement into the βImprovements and fixesβ section. |