KB5002770: Fixes an issue in which users cannot use Business Connectivity Services (BCS)

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 (KB5002770)

Summary
This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Word information disclosure vulnerability. To learn more about the vulnerabilities, see the following security advisories:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-53733
• Microsoft Common Vulnerabilities and Exposures CVE-2025-53736

Notes:

• This is build 16.0.10417.20041 of the security update package.
• To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer.

Improvements and fixes
This security update contains an improvement and a fix for the following nonsecurity issue in SharePoint Server 2019 Language Pack. To get the improvement and fix the issue completely, you have to install KB 5002769 together with this update.

• Adds a warning when deleting a Cloud Search Service Application (Cloud SSA) if users have not verified that the hybrid indexes are removed.
• Fixes an issue in which users cannot use Business Connectivity Services (BCS) together with the DotNetAssembly or WebService system type, because these system types are not enabled by default.

To support Business Data Connectivity (BDC) models that are based on the DotNetAssembly or WebService system type, enable the support by running the following commands in SharePoint Management Shell if you trust your BDC models:

$farm = Get-SPFarm
$farm.ServerDebugFlags.Add(57007)
$farm.ServerDebugFlags.Add(57008)
$farm.update()
iisreset