KB5002678 is the latest security update for Microsoft SharePoint Enterprise Server 2019 edition. It was released on 11 February 2025 under the ‘Patch Tuesday’ project.
Salient points
- KB5002678 supersedes KB5002666. KB5002666 for SharePoint Enterprise Server 2019 edition was last released on 14 January 2025.
- KB5002678 corresponds to SharePoint build 16.0.10416.20050.
- KB5002678 resolves a security vulnerability, CVE-2025-21400 in the SharePoint Enterprise Server 2019 edition.
Security vulnerability in SharePoint 2019
CVE-2025-21400 is the security vulnerability affecting Microsoft SharePoint Enterprise Server 2019 Edition.
- CVE-2025-21400 is a Remote Code Execution vulnerability.
- It has a CVSS score of 8.1 and ‘Important’ severity.
- An attacker could connect to a malicious server, and that could allow the attacker to gain code execution on the client. In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.
KB5002678, primarily, resolves this security vulnerability. There are no non-security improvements reported in the release notes for KB5002678.
Installation of KB5002678
KB5002678 can be installed through the Windows Update program automatically.
For manual installations, you can download the KB5002678 file from the Microsoft Update Catalog site. Or, you could get the file from the Microsoft Download Center.
- Download KB5002678 from the Microsoft Update Catalog – 443.9 MB
- Download KB5002678 from the Microsoft Download Center
Post-deployment of KB5002678, the SharePoint Server 2019 may restart. So, please plan the change in a scheduled window or change.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.