KB5002778: Enables the automatic machine key rotation feature.
Description of the security update for SharePoint Server 2016: September 09, 2025 (KB5002778)
Summary
This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft Word information disclosure vulnerability, and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities, see the following security advisories:
- Microsoft Common Vulnerabilities and Exposures CVE-2025-54906
- Microsoft Common Vulnerabilities and Exposures CVE-2025-54905
- Microsoft Common Vulnerabilities and Exposures CVE-2025-54897
Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issue in SharePoint Server 2016.
- You can now use the Test-DefenderAndAmsiWorkProperly cmdlet in SharePoint Management Shell to verify that all Windows Defender components are installed and active, and that SharePoint AMSI (Antimalware Scan Interface) integration is functioning correctly.
- In order to use workflows in SharePoint Server, you must now have the latest update for SharePoint Workflow Manager installed.
- To strengthen security in SharePoint Server, users in the WSS_WPG group are now restricted from running administrative processes, such as the SharePoint Products Configuration Wizard (Psconfig). For more information, see Account permissions and security settings in SharePoint Servers.
- Enables the automatic machine key rotation feature.
- Enhances the AMSI Filter feature module. Changes the default setting to be always on.