Description of the security update for SharePoint Server 2016: September 12, 2017
Summary
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8742.
Note To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:
Improvements and fixes
This security update contains improvements and fixes for SharePoint Server 2016:
- Reduce the memory usage for dictionary compilation.
- You can’t access a content type hub after the Hybrid Content Type feature is enabled.
- After you edit the recurrence count of an event series of a SharePoint calendar list, event ID 5214 is logged in the Application Event Log.
- You can now create and deploy Client-Side Web Parts to SharePoint On-Premises sites.
- Translate some terms in multiple languages to make sure that the meaning is accurate.
- Multiple properties in Microsoft Identity Manager (MIM) can’t be updated at a same time by using existing update mechanisms. For example, the Assistant and Manager properties can’t be updated at a same time.
- Custom properties of documents can now be mapped in the search schema. This update also increases PDF compatibility when indexing.
- In a trusted Security Assertion Markup Language (SAML) configuration, Office Web Apps Server flows and other OAuth-based flows don’t work when certain claims aren’t available in the token. For example, when you sign in to a web application that uses AD FS authentication, you can’t open a file for which you have permissions granted through an AD security group membership in the browser (Office Web Apps Server Server).
- If a page doesn’t have a published version, the variation page creates a page that has version “1.511” rather than the expected version of “0.1” in the target labels.
- You can’t access the SharePoint Admin site after you create a farm.
- When you select to show more posts on MySite host, some feeds may be missing.
- In a multi-tenant configuration, the People Picker will respect the tenant (subscription) property (UserAccountDirectoryPath) for search and resolve operations. Therefore, the resolve operation will not find a user in another organization unit.
- Farm administrators can now add and remove other users from the User Profile Service Application administration.
- When you try to upload files to a folder that has Swedish characters, you receive the following error message:
Sorry, something went wrong. The file or folder name “FolderName” contains invalid characters. Please use a different name.
This security update contains improvements and fixes for Project Server 2016:
The view failed to load. Press OK to reload this view with the default settings. Press Cancel to select another view.
- When you edit a task and select the Show More button, the focus isn’t set on the first uncovered field.
- When you call the GetTimePhase method on the StatusAssignmentCollection that’s exposed on an EnterpriseResource object in CSOM, the Status Broker permission is ignored.
How to get and install the update
Method 1: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Method 2: Microsoft Download Center
You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
More Information
Security update deployment information
For deployment information about this update, see security update deployment information: September 12, 2017.
Security update replacement information
This security update doesn’t replace any previously released update.
File hash information
Package Name |
Package Hash SHA 1 |
Package Hash SHA 2 |
sts2016-kb4011127-fullfile-x64-glb.exe |
8999E93063FD45B9674BA9DCC884659FDE90487D |
12739D0B8BE3A26AAF2B08F6304B93D7FCBF6258B7780A4880CD8470F6D2BF1D |
File information
For the list of files that cumulative update 4011127 contains, download the file information for update 4011127.
How to get help and support for this security update
Help for installing updates: Windows Update FAQSecurity solutions for IT professionals: Security Support and TroubleshootingHelp for protecting your Windows-based computer from viruses and malware: Microsoft SecureLocal support according to your country: International SupportPropose a feature or provide feedback on Office: Office User Voice portal