KB5002544: MinRole enhancements

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: December 10, 2024 (KB5002544)

Summary
This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, and Microsoft SharePoint information disclosure vulnerability. To learn more about the vulnerabilities, see the following security advisories:

• Microsoft Common Vulnerabilities and Exposures CVE-2024-49070
• Microsoft Common Vulnerabilities and Exposures CVE-2024-49068
• Microsoft Common Vulnerabilities and Exposures CVE-2024-49064
• Microsoft Common Vulnerabilities and Exposures CVE-2024-49062

Notes:

• This is build 16.0.5478.1000 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Enterprise Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePoint Server 2016. Feature Pack 2 contains the following feature:

• SharePoint Framework (SPFx)

This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including the following:

• Administrative Actions Logging
• MinRole enhancements
• SharePoint Custom Tiles
• Hybrid Taxonomy.
• OneDrive API for SharePoint on-premises
• OneDrive for Business modern user experience (available to Software Assurance customers)

Improvements and fixes

• This security update adds a banner in Central Administration to notify customers about the end of support for Search Content Service (SCS)-based hybrid search.