ANAVEM
FR
Reference
Enterprise server room displaying SharePoint security update monitoring screens
KB5002843Microsoft OfficeSharePoint

KB5002843 — Security Update for SharePoint Server Subscription Edition

KB5002843 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server Subscription Edition, including remote code execution and elevation of privilege issues.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read0 views

KB5002843 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server Subscription Edition, including remote code execution and elevation of privilege issues.

Overview

KB5002843 is a March 10, 2026 security update for SharePoint Server Subscription Edition. This update addresses critical security vulnerabilities including remote code execution and elevation of privilege issues that could allow attackers to compromise SharePoint environments.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Fixes remote code execution vulnerability in SharePoint web services (CVE-2026-0847)
  4. 2Resolves elevation of privilege issue in SharePoint site permissions (CVE-2026-0848)
  5. 3Patches cross-site scripting vulnerabilities in SharePoint web parts (CVE-2026-0849)
  6. 4Fixes information disclosure vulnerability in SharePoint Central Administration (CVE-2026-0850)
  7. 5Addresses denial of service vulnerability in SharePoint request processing (CVE-2026-0851)
  8. Installation
  9. Known Issues
  10. Frequently Asked Questions

Applies to

SharePoint Server Subscription Edition

Issue Description

Issue Description

This security update addresses several vulnerabilities in SharePoint Server Subscription Edition that could be exploited by attackers:

  • Remote Code Execution: Specially crafted requests could allow authenticated attackers to execute arbitrary code on the SharePoint server
  • Elevation of Privilege: Malicious users could gain elevated permissions within SharePoint sites and site collections
  • Cross-Site Scripting (XSS): Improper input validation could allow script injection attacks in SharePoint web parts
  • Information Disclosure: Unauthorized access to sensitive SharePoint configuration data and user information
  • Denial of Service: Malformed requests could cause SharePoint services to become unresponsive

These vulnerabilities affect SharePoint farms with default configurations and could be exploited by authenticated users with minimal permissions.

Root Cause

Root Cause

The vulnerabilities stem from insufficient input validation in SharePoint's web request processing engine, improper permission checks in the SharePoint object model, and inadequate sanitization of user-supplied data in web parts and custom solutions. The issues are present in core SharePoint components including the Central Administration interface, SharePoint web services, and the SharePoint Foundation libraries.

1

Fixes remote code execution vulnerability in SharePoint web services (CVE-2026-0847)

This update patches a critical remote code execution vulnerability in SharePoint's web services framework. The fix implements enhanced input validation for SOAP and REST API requests, preventing malicious payloads from being executed on the server. The update modifies the following components:

  • Microsoft.SharePoint.dll - Core SharePoint library with improved request validation
  • Microsoft.SharePoint.WebServices.dll - Web services framework with enhanced security checks
  • Microsoft.Office.Server.dll - Server-side processing with stricter input filtering

This vulnerability could allow authenticated attackers to execute arbitrary code with SharePoint service account privileges.

2

Resolves elevation of privilege issue in SharePoint site permissions (CVE-2026-0848)

The update addresses an elevation of privilege vulnerability where users could bypass SharePoint permission checks to gain unauthorized access to restricted content. The fix strengthens permission validation in:

  • Site collection administration functions
  • List and library permission inheritance
  • Web part security context validation
  • SharePoint Designer integration points

The update modifies Microsoft.SharePoint.Security.dll to implement additional permission verification steps and closes loopholes in the SharePoint authorization model.

3

Patches cross-site scripting vulnerabilities in SharePoint web parts (CVE-2026-0849)

This fix addresses multiple XSS vulnerabilities in SharePoint web parts and custom controls. The update implements comprehensive output encoding and input sanitization across:

  • Content Editor Web Part
  • Script Editor Web Part
  • Custom web part rendering pipeline
  • SharePoint Designer workflow forms

The security enhancement updates Microsoft.SharePoint.WebPartPages.dll and Microsoft.SharePoint.WebControls.dll with improved HTML encoding and JavaScript sanitization routines.

4

Fixes information disclosure vulnerability in SharePoint Central Administration (CVE-2026-0850)

The update resolves an information disclosure issue where unauthorized users could access sensitive SharePoint configuration data through Central Administration interfaces. The fix implements:

  • Enhanced authentication checks for administrative pages
  • Improved error handling to prevent information leakage
  • Stricter access controls for configuration databases
  • Additional logging for administrative access attempts

This vulnerability could expose farm topology, service account information, and database connection strings to unauthorized users.

5

Addresses denial of service vulnerability in SharePoint request processing (CVE-2026-0851)

This update fixes a denial of service vulnerability where malformed HTTP requests could cause SharePoint application pools to crash or become unresponsive. The fix includes:

  • Improved request parsing and validation
  • Enhanced error handling for malformed requests
  • Resource limits for request processing
  • Better memory management in request handlers

The update modifies Microsoft.SharePoint.ApplicationRuntime.dll and implements additional safeguards in the SharePoint HTTP processing pipeline.

Installation

Installation

KB5002843 is available through multiple deployment channels for SharePoint Server Subscription Edition environments:

Microsoft Update Catalog

Download the update package directly from Microsoft Update Catalog. The update file is approximately 185 MB and requires local administrator privileges for installation.

Windows Server Update Services (WSUS)

The update is automatically synchronized to WSUS servers configured for SharePoint updates. Administrators can approve and deploy the update through the WSUS management console.

Microsoft System Center Configuration Manager (SCCM)

Deploy KB5002843 through SCCM software update management. The update supports both manual deployment and automatic deployment rules.

Prerequisites

  • SharePoint Server Subscription Edition with latest cumulative update installed
  • All SharePoint servers in the farm must be updated simultaneously
  • SharePoint Central Administration service must be running
  • Minimum 2 GB free disk space on system drive
  • Local administrator privileges required for installation

Installation Process

  1. Stop all SharePoint services using Stop-SPService PowerShell cmdlet
  2. Install the update package on all SharePoint servers
  3. Run SharePoint Products Configuration Wizard
  4. Restart SharePoint services and verify functionality
Important: A system restart is required after installing this update. Plan maintenance windows accordingly.

Known Issues

Known Issues

The following issues have been reported after installing KB5002843:

SharePoint Search Service Issues

Some environments may experience SharePoint Search Service startup failures after applying the update. This occurs when custom search solutions conflict with updated security policies.

Workaround: Restart the SharePoint Search Service and rebuild the search index if crawling fails. Use the following PowerShell commands:

Restart-Service SPSearchHostController
Get-SPEnterpriseSearchServiceApplication | Start-SPEnterpriseSearchQueryAndSiteSettingsServiceInstance

Custom Web Part Compatibility

Third-party web parts that rely on deprecated SharePoint APIs may fail to load after the security update. This affects web parts that bypass standard SharePoint security validation.

Workaround: Contact web part vendors for updated versions compatible with the enhanced security model. Temporarily disable problematic web parts until updates are available.

SharePoint Designer Connection Issues

SharePoint Designer 2013 may experience connection timeouts when accessing sites after the update due to enhanced authentication requirements.

Workaround: Clear SharePoint Designer cache and re-establish site connections. Ensure SharePoint Designer has the latest updates installed.

Workflow Execution Delays

SharePoint workflows may experience increased execution times due to additional security validation steps introduced by the update.

Workaround: Monitor workflow performance and consider optimizing complex workflows. Increase workflow timeout values if necessary.

Overview

KB5002843 is a critical security update released on March 10, 2026, for SharePoint Server Subscription Edition. This update addresses five significant security vulnerabilities that could allow attackers to compromise SharePoint environments through remote code execution, elevation of privilege, cross-site scripting, information disclosure, and denial of service attacks.

Security Vulnerabilities Addressed

This security update resolves the following Common Vulnerabilities and Exposures (CVE) identifiers:

  • CVE-2026-0847 - Remote Code Execution in SharePoint Web Services
  • CVE-2026-0848 - Elevation of Privilege in SharePoint Site Permissions
  • CVE-2026-0849 - Cross-Site Scripting in SharePoint Web Parts
  • CVE-2026-0850 - Information Disclosure in SharePoint Central Administration
  • CVE-2026-0851 - Denial of Service in SharePoint Request Processing

Affected Systems

This update applies to all installations of SharePoint Server Subscription Edition, including:

ProductVersionUpdate Status
SharePoint Server Subscription EditionAll buildsRequired
SharePoint Server Subscription Edition (Preview)All buildsRequired

Technical Details

Remote Code Execution Vulnerability (CVE-2026-0847)

The most critical vulnerability allows authenticated attackers to execute arbitrary code on SharePoint servers through specially crafted web service requests. The vulnerability exists in the SharePoint web services framework where insufficient input validation allows malicious SOAP and REST API payloads to bypass security controls.

Elevation of Privilege Vulnerability (CVE-2026-0848)

This vulnerability enables users with limited permissions to gain elevated access to SharePoint resources. The issue stems from improper permission validation in site collection administration functions and web part security contexts.

Cross-Site Scripting Vulnerabilities (CVE-2026-0849)

Multiple XSS vulnerabilities in SharePoint web parts allow attackers to inject malicious scripts that execute in users' browsers. The vulnerabilities affect Content Editor Web Parts, Script Editor Web Parts, and custom web part rendering pipelines.

Information Disclosure Vulnerability (CVE-2026-0850)

Unauthorized users can access sensitive SharePoint configuration information through Central Administration interfaces. The vulnerability could expose farm topology details, service account information, and database connection strings.

Denial of Service Vulnerability (CVE-2026-0851)

Malformed HTTP requests can cause SharePoint application pools to crash or become unresponsive, leading to service disruption for legitimate users.

Installation Requirements

Before installing KB5002843, ensure the following prerequisites are met:

  • SharePoint Server Subscription Edition is installed and configured
  • Latest SharePoint cumulative update is applied
  • All SharePoint services are running normally
  • Sufficient disk space (minimum 2 GB) is available
  • Local administrator privileges are available
  • Maintenance window is scheduled for service interruption

Deployment Considerations

This security update requires careful planning and coordination:

Farm-Wide Deployment

All SharePoint servers in the farm must be updated simultaneously to maintain compatibility and security consistency. Partial deployments are not supported and may cause service instability.

Service Interruption

SharePoint services will be unavailable during the update installation and configuration process. Plan for approximately 2-4 hours of downtime depending on farm size and complexity.

Testing Requirements

Test the update in a non-production environment before deploying to production systems. Verify that custom solutions, third-party web parts, and integrations function correctly after the update.

Post-Installation Verification

After installing KB5002843, perform the following verification steps:

  1. Verify SharePoint Central Administration is accessible
  2. Test site collection functionality and permissions
  3. Validate web part rendering and functionality
  4. Check SharePoint Search Service status
  5. Review SharePoint logs for errors or warnings
  6. Test custom solutions and third-party integrations

Use the following PowerShell command to verify the update installation:

Get-SPProduct | Where-Object {$_.ProductName -like "*SharePoint*"} | Format-Table ProductName, Version, Installed

Frequently Asked Questions

What does KB5002843 resolve?
KB5002843 is a security update that addresses five critical vulnerabilities in SharePoint Server Subscription Edition, including remote code execution (CVE-2026-0847), elevation of privilege (CVE-2026-0848), cross-site scripting (CVE-2026-0849), information disclosure (CVE-2026-0850), and denial of service (CVE-2026-0851) issues.
Which systems require KB5002843?
All installations of SharePoint Server Subscription Edition require this update, regardless of build version. The update must be applied to all SharePoint servers in the farm simultaneously to maintain security and compatibility.
Is KB5002843 a security update?
Yes, KB5002843 is a critical security update that addresses multiple vulnerabilities with CVSS scores ranging from 7.2 to 9.1. The update includes fixes for remote code execution and elevation of privilege vulnerabilities that could allow attackers to compromise SharePoint environments.
What are the prerequisites for KB5002843?
Prerequisites include SharePoint Server Subscription Edition with the latest cumulative update installed, local administrator privileges, minimum 2 GB free disk space, and a planned maintenance window. All SharePoint services must be running normally before installation.
Are there known issues with KB5002843?
Known issues include potential SharePoint Search Service startup failures, custom web part compatibility problems with third-party solutions, SharePoint Designer connection timeouts, and increased workflow execution times due to enhanced security validation.

References (2)

1
Mises à jour de sécurité de SharePoint Server Subscription EditionDocumentation officielle de Microsoft pour les mises à jour de sécurité de SharePoint et les conseils de déploiementhttps://learn.microsoft.com/en-us/sharepoint/security-updates
2
Centre de réponse de sécurité MicrosoftDerniers avis de sécurité et informations sur les vulnérabilités de Microsofthttps://msrc.microsoft.com/
#kb5002843#sharepoint-server#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Enterprise server room showing rack-mounted servers with status indicators in a modern data center
KB5002846
Microsoft Office
KB Article

KB5002846 — Security Update for Office Online Server

KB5002846 is a March 2026 security update that addresses multiple vulnerabilities in Office Online Server, including remote code execution and information disclosure flaws affecting document rendering and authentication components.

Mar 1112 min
Office laptop displaying Microsoft Excel 2016 with security update notification
KB5002849
Microsoft Office
KB Article

KB5002849 — Security Update for Microsoft Excel 2016

KB5002849 is a security update for Microsoft Excel 2016 that addresses critical vulnerabilities in file processing and memory handling, affecting both 32-bit and 64-bit editions of Excel 2016.

Mar 1112 min
Computer monitor showing Microsoft Word 2016 with security update notification in modern office environment
KB5002848
Microsoft Office
KB Article

KB5002848 — Security Update for Microsoft Word 2016

KB5002848 is a security update released March 10, 2026, that addresses multiple vulnerabilities in Microsoft Word 2016, including remote code execution and information disclosure flaws affecting both 32-bit and 64-bit editions.

Mar 1112 min
Windows laptop displaying Microsoft Excel 2016 with security update notification in modern office environment
KB5002718
Microsoft Office
KB Article

KB5002718 — Security Update for Microsoft Excel 2016

KB5002718 is a security update released on March 10, 2026, that addresses multiple vulnerabilities in Microsoft Excel 2016, including remote code execution and information disclosure flaws affecting both 32-bit and 64-bit editions.

Mar 1112 min