Description of the security update for SharePoint Server Subscription Edition: April 12, 2022 (KB5002191)

Summary

This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft Excel remote code execution vulnerability. To learn more about the vulnerabilities, see the following security advisories:

• Microsoft Common Vulnerabilities and Exposures CVE-2022-24472
• Microsoft Common Vulnerabilities and Exposures CVE-2022-26901

Improvements and fixes

This security update contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition:

• Fixes an issue in which you cannot see the files that are accessed recently under the Recent tab in OneDrive. This issue occurs because the search API does not work when the HTTP_Origin header is not null.
• Fixes an issue in which you cannot retore a subsite by using System Center Data Protection Manager (DPM).
• Enables the “kid” claim for OpenID Connect (OIDC) when a metadata endpoint is in use.
• Fixes an issue in which the group header is shown incorrectly when you select Group by Date on theDate column in a document library modern view.
• Fixes an issue in which you cannot copy and paste values into the Person or Group column by usingQuick Edit in a custom list if the account has same first and last name values as other accounts have.
• Fixes an issue in which users who don’t have the “View Items” permission can’t see the left navigation pane on modern sites that have the publishing features enabled.
• Fixes an issue in which the filter functionality does not work in a lookup column that contains a DateTime-type value.
• Fixes an issue in which the “Share with me” page is broken in the Internet Explorer browser.
• Sets the incremental crawl schedule to null when you disable continuous crawl.
• Fixes an issue in which multiline deletion does not work as expected when you edit in grid view for a list.
• Fixes an issue in which the heading level is incorrectly defined as H4 on the Change theme pane.
• Fixes an accessibility issue in which the New link dialog box is missing the dialog role and name.
  This security update also contains fixes and improvements for the following nonsecurity issues in Project Server:
• Fixes the DatabaseUndefinedErrorand System.Data.SqlClient.SqlException (0x80131904): There is already an object named ‘pk_lt_uids’ in the database errors that occur when you query lookup tables by using the SharePoint client-side object model (CSOM).
• Fixes an issue in which the language of the values inflag-type custom fields within an online analytical processing (OLAP) cube do not match the Project Server language.For example, the flag values appear as “True” or “False” in English, and they are “Vero” or “Falso” in Italian, but the values are always displayed in the English form.
• Fixes an issue in which upgrading from Project Server 2019 to Project Server Subscription Edition fails and generates an “Object too new” error message in some cases.

Known issues in this update

• Modern home page (or any site pages) cannot render well in Internet Explorer browser. To work around this issue, you can use other modern browsers such as Microsoft Edge, Google Chrome to access the page.
• In modern home page (or any site pages), you cannot do the “open the detail pane” action in the List web part and Document Library web part. To work around this issue, access the corresponding list or document page to do the similar operation.
• Modern site pages cannot work properly in the left navigation panel, web part editing panel, and site page title editing. Microsoft will provide the fix in the next release.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

• Download security update 5002191 for the 64-bit version of SharePoint Server Subscription Edition

More information

Security update deployment information

For deployment information about this update, see Security update deployment information: April 12, 2022 (KB5012926).

Security update replacement information

This security update replaces previously released security update 5002145.

File hash information

File name	SHA256 hash
sts-subscription-kb5002191-fullfile-x64-glb.exe	91BCDFF9524E0DDC604887188A18F4D9AF0B368C02836C72582A2E80CA7D1EE5

File information

Download the list of files that are included in security update 5002191.

Information about protection and security

Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security

Change history

The following table summarizes some of the most important changes to this topic.Date	Description
April 15, 2022	Added a workaround to the “Known issues in this update” section for the first known issue.
April 27, 2022	Added a known issue to the “Known issues in this update” section.