June 2017 CU for SharePoint 2013 product family is available for download

The product group released the June 2017 Cumulative Update for the SharePoint 2013 product family.

For June 2017 CU we have full server packages (also known as Uber packages). No other CU is required to fully patch SharePoint.

As this is a common question: Yes, June 2017 CU includes all fixes from June 2017 PU.


Be aware that all Updates for SharePoint 2013 require SharePoint Server 2013 SP1 to be installed first.

Please also have a look at the article that discusses how to properly patch a SharePoint 2013 farm which has Search enabled (see below).

This CU fixes the regression introduced in March 2017 CU and March 2017 PU (MS17-14) which prevents opening Word documents via Office Web Application Server if they are contained in sites with spaces in their names

Previous releases of the SharePoint Server 2013 cumulative update included both the executable and the .CAB file in the same self-extracting executable download. Because of the file size, the SharePoint Server 2013 package has been divided into several separate downloads. One contains the executable file, while the others contain the CAB file. All are necessary and must be placed in the same folder to successfully install the update. All are available by clicking the same Hotfix Download Available link in the KB article for the release.

This CU includes all SharePoint 2013 fixes (including all SharePoint 2013 security fixes) released since SP1. The CU does not include SP1. You need to install SP1 before installing this CU.

The KB articles for June 2017 CU should be available at the following locations in a couple of hours:

  • KB 3203428 - SharePoint Foundation 2013 June 2017 CU
  • KB 3203430 - SharePoint Server 2013 June 2017 CU
  • KB 3203429 - SharePoint Server 2013 with Project Server June 2017 CU
  • KB 3203391 - Office Web Apps Server 2013 June 2017 CU – this is also a security update!

The Full Server Packages for June 2017 CU are available through the following links:

Important: If your farm has been on a patch level lower than July 2015 CU: July 2015 CU and later contains a breaking change compared to earlier builds which requires running the SharePoint 2013 Products Configuration Wizard on each machine in the farm right after installing the CU.
If you don't run PSCONFIG after installing this CU (on a farm which had a lower patch level than July 2015 CU) crawl might no longer work - so ensure to schedule a maintenance window when installing this CU which includes PSCONFIG runs.
See here for detail: https://blogs.technet.microsoft.com/stefan_gossner/2015/07/15/important-psconfig-is-mandatory-for-july-2015-cu-for-sharepoint-2013/

Be aware that the SharePoint Server 2013 CU contains the SharePoint Foundation CU. And the SharePoint Server 2013 with Project Server CU contains Project Server CU, SharePoint Server CU and SharePoint Foundation CU.

Related Info:

Comments (36)

  1. FeytensJ says:

    Hi Stefan,

    Is the documentation complete?
    Can it be that there is only one server fix in this CU for SP2013?
    And I cannot find the description of the bug which prevents opening Word documents via Office Web Application Server if they are contained in sites with spaces in their names.



    1. Hi Feytens,
      the issue you are talking about was already fixed with April CU so it is not listed in the fixes in June CU.
      The following KB contains the documentation of the issue:

  2. themush1326 says:

    Any comments on 3203387? Seems like a very large security update.

    Is the June 2017 CU considered a critical update or just a normal CU?

    1. 3203387 is a security fix which is included in the CU.
      Each month we release security fixes and a CU. Customers can decide whether they would like to install the complete CU or only the security fixes.

      1. themush1326 says:

        Is there anything critical or different about this CU then any other one?
        If 3203387 is installed then are there are any other security patches for SharePoint needed?

          1. themush1326 says:

            thanks, I am aware of those, 3203387 plus the ones in the update guide
            My confusion was if I need June 2017 for security vulnerabilities in addition to the security patches released this month

          2. The security fixes are always sufficient to fix security vulnerabilities. The CU potentially contains additional non-security fixes not included in the security fixes.

  3. Hi Stefan – Regarding Office Web Apps 2013 PUs and CUs : Is there a requirement or recommendation to have the PU/CU versions of SharePoint 2013 and Office Web Apps 2013 be in sync ? For example, is it OK to run Office Web Apps Server 2013 with June 2017 CU installed, and run SharePoint 2013 with a CU older than June 2017 CU (say the Jan 2017 CU) installed ? Appreciate your feedback !

    1. Hi Mario,
      in general these are two differnet products and patching does not have to be completely in sync from a support perspective.
      On the other hand some fixes have to be implemented as well on the Office Web Apps side and on the SharePoint side and they will not work correctly if the patch level is different.
      So the recommendation would be to keep them in sync.

  4. Shane O says:

    Still having an issue that i believe started with the Nov 2016 CU.
    Iframe embeds do not preview/render (e.g. youtube video share)

    Could this be related to the Chrome rich text editor fixes that Nov CU introduced?

  5. Charls says:

    Hi Stefan,

    Installed this CU but database version is showing 15.0.4935.1000 opposed to 15.0.4937.100. Also I can see that with 15.0.4935.1000, one security vulnerability isn’t fixed.

    P.S: Upgrade status shows ‘Upgrade available’


    1. Charls says:

      I was able to run PSConfig to change status to ‘No Action Required’, still build number is 15.0.4935.1000

      1. Hi Charls,
        as SharePoint does not have a single build number I need to have more information. Where do you see this number?

        1. Kevin says:

          Hi Stefan,

          I have the same problem as Charles and was wondering if you might know of a fix. When I go to Central admin > System Settings > Manage servers in this farm, it says the configuration database version is 15.0.4935.1000 which I’m guessing is the same places Charles is seeing this at.


          1. Hi Kevin,
            there is nothing to fix. You are just not looking at the right place.
            The database schema version is not a valid indicator for a patch installation.
            See here for details:

    2. Hi Charls,
      the database schema version is not a build number. And the database schema is not changed with every CU or every build.
      You cannot expect that the database schema version is identical to the highest build number of SharePoint.
      See here for details:

      1. Charls says:

        Thanks Stefan, that makes sense.

        One of the XSS vulnerabilities we were hoping to get resolved after installing CU doesn’t seem to be fixed.

        1. Hi Charls,
          if you see an issue that needs a fix always ensure to open a support ticket with Microsoft.

  6. Tom Skowronski says:

    How should I handle the following case?:
    My production farm is not using SP1 yet, but our automated patch process already pushed down this June 2017 update.

    Should I download SP1 and run PSConfig and it will be smart enough to apply SP1 before the updates…
    Should I run PSConfig on just these already downloaded updates, and then download SP1 and run PSConfig again?

    1. Hi Tom,
      it is impossible to install June 2017 updates without SP1.
      So if June 2017 update was installed, then SP1 is installed on your servers as well.
      Without SP1 your server would be unsupported since more than two years and you would also not have been able to install any security fixes since April 2015.

      1. Tom Skowronski says:

        Hi Stefan – thanks very much for the info! I had thought SP1 wasn’t installed because I didn’t see the KB number in my patch status in central admin. I hadn’t realized that if SP1 was installed via volume licensing, it wouldn’t show the KB, and that you just relied on the Version number. Phew! Thank you again, I really appreciate it! — Tom

  7. Amey Mulay says:

    Hello Stefan,
    Your article is always self-explanatory however just a stupid question if I may…..it seems that in our farm the update https://support.microsoft.com/en-ph/help/3203399 (Description of the security update for Project Server 2013: June 13, 2017) was pushed on one of the servers which is for Project Server 2013. Now, we do not even have the said product installed but still Windows Update did install it causing it to affect Secure Store drastically. If that possible to happen ?
    Moreover, though we have already created a Premier Case with Microsoft just wanted to know if we install https://support.microsoft.com/en-us/help/3203430 (June 13, 2017, cumulative update for SharePoint Server 2013) will that also include the above mentioned patch ?
    Wherein, one of the server displays the status “Upgrade Blocked” & the other “Installation Required” ! I very well know what the statements mean however, when this started the update got installed on say “Server2” nut now it displays Server2 needs that update & Server1 has it which I think is a strange behavior ! What do you say ? Please advise.

    Thanks & Regards,

  8. Brad says:

    Hi Stefan,

    Quick question I notice each month when the updates are released if there is a security update for OWA the text beside it identifies that its also a security update. The actual SharePoint Server update package doesn’t but if I review the KB I notice some security vulnerabilities are identified. We are just trying to figure out how often we should be applying our SharePoint updates with the main concern as security and critical updates. Thank you as always, Brad

    1. Hi Brad,

      the recommendation is to evaluate security updates as soon as possible in your test environment to ensure that they do not cause any negative side effects on your applicaton and afterwards apply them to your production environments.


  9. Andy says:

    Hi Stefan,
    We have a SharePoint 2013 farm with Patchlevel CU Dec16 and want to set up Hybrid Search. The following article states that hybrid content types requires the June 2017 public update or later:
    Will it be sufficient to install all SharePoint security updates offered through Microsoft Update or do we need to download and install the June 17 CU? Is there one installer for June 17 PU or does PU just refer to the collection of security updates released in the respective month?

    1. Hi Andy,
      this article refers to the full server packages (or Uber packages) which is listed on my blog.
      From my knowledge the security fixes alone are not sufficient.

  10. Mauricio V says:

    Hi. Stefan,
    I have an environment with SharePoint Server Enterprise 2013 SP1, and the last week I installed the CU-May2017 and when I run PSConfig, I received and error/warning (missing updates required).
    I run the command Get-SpProduct -Local, but doesn’t work.
    What do you recommend me?


    1. Hi Mauricio,

      first of all check if on the affected server the fix is really installed.
      Second: what error do you get with get-spproduct -local? You mentioned that this command does not work. What do you mean by this?


  11. Peter TranD says:

    Hi Stefan,
    I am having an issue with opening office files on SharePoint using Google Chrome. Chrome does not open any office file and throws this error message: “The webpage at https://…. might be temporarily down or it may have moved permanently to a new web address”. It works fine with IE. Both OWA and SharePoint farms have the same patch level (April 2017 CU). Do you know is there a fix for this? or when it will be fixed?

    Thank you so much!



    1. Hi Peter,
      sorry I don’t have information about this issue.
      I would recommend to open a support case with Microsoft to get this analyzed.

      1. Peter TranD says:

        I will. Thanks Stefan!

  12. PoWaShell says:

    Hi Stefan,

    I have a SP 2013 UAT environment with a WFE and APP server currently patched to June 2015 CU. I recently discovered our SCCM team have inadvertently pushed the June 2017 PU and Security Updates to our APP server, thus causing our WFE to be out of sync. No other PUs or Security Updates have been installed or applied until then.

    I realize CUs are cumulative, but am concerned if I install the June 2017 PU and Security Updates on the WFE and run PSCONFIGUI.EXE or both servers I will end up breaking my environment because of the current patch level. Should it be ok to just simply apply June PU and Security Updates or would you recommend installing, applying and testing the CU to ensure all required dependencies are present.

    Thanks in advance for your help.


    1. PoWaShell says:

      Update: On further look, it appears that all outstanding Security Updates and PUs were installed.

      1. Hi Paul,
        if all servers are on the same patch level you should run PSConfig to finalize the update.

        1. PoWaShell says:

          Unfortunately only one of the servers had the updates installed.

Skip to main content