June 2017 CU for SharePoint 2013 product family is available for download

The product group released the June 2017 Cumulative Update for the SharePoint 2013 product family.
For June 2017 CU we have full server packages (also known as Uber packages). No other CU is required to fully patch SharePoint.
As this is a common question: Yes, June 2017 CU includes all fixes from June 2017 PU.
ATTENTION:
Be aware that all Updates for SharePoint 2013 require SharePoint Server 2013 SP1 to be installed first.
Please also have a look at the article that discusses how to properly patch a SharePoint 2013 farm which has Search enabled (see below).
This CU fixes the regression introduced in March 2017 CU and March 2017 PU (MS17-14) which prevents opening Word documents via Office Web Application Server if they are contained in sites with spaces in their names
Previous releases of the SharePoint Server 2013 cumulative update included both the executable and the .CAB file in the same self-extracting executable download. Because of the file size, the SharePoint Server 2013 package has been divided into several separate downloads. One contains the executable file, while the others contain the CAB file. All are necessary and must be placed in the same folder to successfully install the update. All are available by clicking the same Hotfix Download Available link in the KB article for the release.
This CU includes all SharePoint 2013 fixes (including all SharePoint 2013 security fixes) released since SP1. The CU does not include SP1. You need to install SP1 before installing this CU.
The KB articles for June 2017 CU should be available at the following locations in a couple of hours:

  • KB 3203428 – SharePoint Foundation 2013 June 2017 CU
  • KB 3203430 – SharePoint Server 2013 June 2017 CU
  • KB 3203429 – SharePoint Server 2013 with Project Server June 2017 CU
  • KB 3203391 – Office Web Apps Server 2013 June 2017 CU – this is also a security update!

The Full Server Packages for June 2017 CU are available through the following links:

Important: If your farm has been on a patch level lower than July 2015 CU: July 2015 CU and later contains a breaking change compared to earlier builds which requires running the SharePoint 2013 Products Configuration Wizard on each machine in the farm right after installing the CU.
If you don’t run PSCONFIG after installing this CU (on a farm which had a lower patch level than July 2015 CU) crawl might no longer work – so ensure to schedule a maintenance window when installing this CU which includes PSCONFIG runs.
See here for detail: https://blogs.technet.microsoft.com/stefan_gossner/2015/07/15/important-psconfig-is-mandatory-for-july-2015-cu-for-sharepoint-2013/
Be aware that the SharePoint Server 2013 CU contains the SharePoint Foundation CU. And the SharePoint Server 2013 with Project Server CU contains Project Server CU, SharePoint Server CU and SharePoint Foundation CU.
Related Info:

46 Comments


  1. Any comments on 3203387? Seems like a very large security update.
    Is the June 2017 CU considered a critical update or just a normal CU?

    Reply

    1. 3203387 is a security fix which is included in the CU.
      Each month we release security fixes and a CU. Customers can decide whether they would like to install the complete CU or only the security fixes.

      Reply

      1. Is there anything critical or different about this CU then any other one?
        If 3203387 is installed then are there are any other security patches for SharePoint needed?

        Reply

          1. thanks, I am aware of those, 3203387 plus the ones in the update guide
            My confusion was if I need June 2017 for security vulnerabilities in addition to the security patches released this month


          2. The security fixes are always sufficient to fix security vulnerabilities. The CU potentially contains additional non-security fixes not included in the security fixes.


      2. Hello Stefan,
        I need to understand how can install only securtiy fix from the CU as you said earlier. When we go to download any CU it comes with some uber backage and exe file. How I can install only CU or security fix only if require.

        Reply

        1. Hi RN,
          security fixes are included in the CU.
          So you can either only install the security fixes or you can install the CU which includes regular fixes and security fixes.
          Cheers,
          Stefan

          Reply

  2. Hi Stefan – Regarding Office Web Apps 2013 PUs and CUs : Is there a requirement or recommendation to have the PU/CU versions of SharePoint 2013 and Office Web Apps 2013 be in sync ? For example, is it OK to run Office Web Apps Server 2013 with June 2017 CU installed, and run SharePoint 2013 with a CU older than June 2017 CU (say the Jan 2017 CU) installed ? Appreciate your feedback !

    Reply

    1. Hi Mario,
      in general these are two differnet products and patching does not have to be completely in sync from a support perspective.
      On the other hand some fixes have to be implemented as well on the Office Web Apps side and on the SharePoint side and they will not work correctly if the patch level is different.
      So the recommendation would be to keep them in sync.
      Cheers,
      Stefan

      Reply

  3. Still having an issue that i believe started with the Nov 2016 CU.
    Iframe embeds do not preview/render (e.g. youtube video share)
    Could this be related to the Chrome rich text editor fixes that Nov CU introduced?

    Reply

  4. Hi Stefan,
    Installed this CU but database version is showing 15.0.4935.1000 opposed to 15.0.4937.100. Also I can see that with 15.0.4935.1000, one security vulnerability isn’t fixed.
    P.S: Upgrade status shows ‘Upgrade available’
    Regards
    Charls

    Reply

    1. I was able to run PSConfig to change status to ‘No Action Required’, still build number is 15.0.4935.1000

      Reply

      1. Hi Charls,
        as SharePoint does not have a single build number I need to have more information. Where do you see this number?
        Thanks,
        Stefan

        Reply

        1. Hi Stefan,
          I have the same problem as Charles and was wondering if you might know of a fix. When I go to Central admin > System Settings > Manage servers in this farm, it says the configuration database version is 15.0.4935.1000 which I’m guessing is the same places Charles is seeing this at.
          Thanks

          Reply

      1. Thanks Stefan, that makes sense.
        One of the XSS vulnerabilities we were hoping to get resolved after installing CU doesn’t seem to be fixed.

        Reply

        1. Hi Charls,
          if you see an issue that needs a fix always ensure to open a support ticket with Microsoft.
          Cheers,
          Stefan

          Reply

  5. How should I handle the following case?:
    My production farm is not using SP1 yet, but our automated patch process already pushed down this June 2017 update.
    Should I download SP1 and run PSConfig and it will be smart enough to apply SP1 before the updates…
    or
    Should I run PSConfig on just these already downloaded updates, and then download SP1 and run PSConfig again?

    Reply

    1. Hi Tom,
      it is impossible to install June 2017 updates without SP1.
      So if June 2017 update was installed, then SP1 is installed on your servers as well.
      Without SP1 your server would be unsupported since more than two years and you would also not have been able to install any security fixes since April 2015.
      Cheers,
      Stefan

      Reply

      1. Hi Stefan – thanks very much for the info! I had thought SP1 wasn’t installed because I didn’t see the KB number in my patch status in central admin. I hadn’t realized that if SP1 was installed via volume licensing, it wouldn’t show the KB, and that you just relied on the Version number. Phew! Thank you again, I really appreciate it! — Tom

        Reply

      2. Hello Stefan,
        Is it correct that CU can be installed automatically from automatic updates on, on server?
        Please correct me if I am wrong, I think they cannot be installed automatically as a part of system updates.

        Reply

        1. Hi RN,
          CUs are not automatically installed.
          You need to install them manually.
          Cheers,
          Stefan

          Reply

  6. Hello Stefan,
    Your article is always self-explanatory however just a stupid question if I may…..it seems that in our farm the update https://support.microsoft.com/en-ph/help/3203399 (Description of the security update for Project Server 2013: June 13, 2017) was pushed on one of the servers which is for Project Server 2013. Now, we do not even have the said product installed but still Windows Update did install it causing it to affect Secure Store drastically. If that possible to happen ?
    Moreover, though we have already created a Premier Case with Microsoft just wanted to know if we install https://support.microsoft.com/en-us/help/3203430 (June 13, 2017, cumulative update for SharePoint Server 2013) will that also include the above mentioned patch ?
    Wherein, one of the server displays the status “Upgrade Blocked” & the other “Installation Required” ! I very well know what the statements mean however, when this started the update got installed on say “Server2” nut now it displays Server2 needs that update & Server1 has it which I think is a strange behavior ! What do you say ? Please advise.
    Thanks & Regards,
    AMEY.

    Reply

  7. Hi Stefan,
    Quick question I notice each month when the updates are released if there is a security update for OWA the text beside it identifies that its also a security update. The actual SharePoint Server update package doesn’t but if I review the KB I notice some security vulnerabilities are identified. We are just trying to figure out how often we should be applying our SharePoint updates with the main concern as security and critical updates. Thank you as always, Brad

    Reply

    1. Hi Brad,
      the recommendation is to evaluate security updates as soon as possible in your test environment to ensure that they do not cause any negative side effects on your applicaton and afterwards apply them to your production environments.
      Cheers,
      Stefan

      Reply

  8. Hi Stefan,
    We have a SharePoint 2013 farm with Patchlevel CU Dec16 and want to set up Hybrid Search. The following article states that hybrid content types requires the June 2017 public update or later:
    https://support.office.com/en-us/article/Plan-hybrid-SharePoint-taxonomy-and-hybrid-content-types-71ae4d00-da98-407b-bee2-8d9972e1875c?ui=en-US&rs=en-US&ad=US
    Will it be sufficient to install all SharePoint security updates offered through Microsoft Update or do we need to download and install the June 17 CU? Is there one installer for June 17 PU or does PU just refer to the collection of security updates released in the respective month?

    Reply

    1. Hi Andy,
      this article refers to the full server packages (or Uber packages) which is listed on my blog.
      From my knowledge the security fixes alone are not sufficient.
      Cheers,
      Stefan

      Reply

  9. Hi. Stefan,
    I have an environment with SharePoint Server Enterprise 2013 SP1, and the last week I installed the CU-May2017 and when I run PSConfig, I received and error/warning (missing updates required).
    I run the command Get-SpProduct -Local, but doesn’t work.
    What do you recommend me?
    Thanks.
    Mauricio

    Reply

    1. Hi Mauricio,
      first of all check if on the affected server the fix is really installed.
      Second: what error do you get with get-spproduct -local? You mentioned that this command does not work. What do you mean by this?
      Cheers,
      Stefan

      Reply

  10. Hi Stefan,
    I am having an issue with opening office files on SharePoint using Google Chrome. Chrome does not open any office file and throws this error message: “The webpage at https://…. might be temporarily down or it may have moved permanently to a new web address”. It works fine with IE. Both OWA and SharePoint farms have the same patch level (April 2017 CU). Do you know is there a fix for this? or when it will be fixed?
    Thank you so much!
    Regards,
    Peter

    Reply

    1. Hi Peter,
      sorry I don’t have information about this issue.
      I would recommend to open a support case with Microsoft to get this analyzed.
      Cheers,
      Stefan

      Reply

      1. I will. Thanks Stefan!

        Reply

  11. Hi Stefan,
    I have a SP 2013 UAT environment with a WFE and APP server currently patched to June 2015 CU. I recently discovered our SCCM team have inadvertently pushed the June 2017 PU and Security Updates to our APP server, thus causing our WFE to be out of sync. No other PUs or Security Updates have been installed or applied until then.
    I realize CUs are cumulative, but am concerned if I install the June 2017 PU and Security Updates on the WFE and run PSCONFIGUI.EXE or both servers I will end up breaking my environment because of the current patch level. Should it be ok to just simply apply June PU and Security Updates or would you recommend installing, applying and testing the CU to ensure all required dependencies are present.
    Thanks in advance for your help.
    Paul

    Reply

    1. Update: On further look, it appears that all outstanding Security Updates and PUs were installed.

      Reply

      1. Hi Paul,
        if all servers are on the same patch level you should run PSConfig to finalize the update.
        Cheers,
        Stefan

        Reply

        1. Unfortunately only one of the servers had the updates installed.

          Reply

  12. We have SharePoint Project Server 2013 farm and need to apply June 2017 CU, first do we need to apply SharePoint June CU or Project Server 2013 June 2017 CU is enough?

    Reply

    1. Hi Sajid,
      The “Project Server CU” includes also the SharePoint Server CU.
      Cheers,
      Stefan

      Reply

      1. Hi Stefan,
        Thank You for your reply and support.
        Regards
        Sajid

        Reply

  13. Hello Stefan,
    We have SharePoint 2013 with SP1 version (15.0.4569.1506) installed. We also have update our farm with September 2015 CU.
    The additional language packs are installed and they also have their SP1 installed with version 15.0.4571.1502. Now we need to install this JUNE 2017 CU on our farm. Is it necessary to reinstall SharePpint SP1 version 15.0.4571.1502 and then apply the June 2017 CU.

    Reply

    1. Hi RN,
      from the info you provided it seems you installed the slipstream install of SharePoint 2013 which includes SP1 already.
      If that is correct there is no need to install the SP1 version with build 15.0.4571.1502.
      You can install just June 2017 CU on this farm.
      Cheers,
      Stefan

      Reply

      1. Hello Stefan,
        Thanks for you quick response. I dont have any idea if it is slipstream SP1 of SharePoint 2013. But when I go to “view install updates” in control panel, I don’t see SP1 installation separately for SharePoint 2013. I think the SharePoint was installed using MSDN copy which includes SP in it.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.