How to patch Microsoft SharePoint Server
Microsoft · Microsoft · 6 steps · Microsoft SharePoint Server security status → · updated June 2026
On-premises SharePoint is patched farm-wide: install the binary update on every server, then run the configuration wizard to apply the schema upgrade. Patching is not complete until that wizard runs and every server is at the same build.
Microsoft SharePoint Server has 15 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.
Check your current version first
Before you patch, record what you're running (SharePoint Management Shell):
(Get-SPFarm).BuildVersion —or— Central Admin → Upgrade and Migration → Check product/patch statusOr paste your version into the checker for an instant verdict.
Step by step
Run (Get-SPFarm).BuildVersion (or Central Admin → Servers in farm) and record the build for every server — they must end up identical.
Download the Security Update (and any required CU) for your exact version (2016 / 2019 / Subscription Edition) from the Microsoft Security Update Guide.
Back up the configuration and content databases, and plan a maintenance window — SharePoint patching takes the farm offline briefly.
Run the patch (.exe, as administrator) on all servers in the farm — web front-ends and application servers alike. All servers must reach the same patch level.
After binaries are installed, run PSConfig (Products Configuration Wizard, or PSConfig.exe -cmd upgrade) to apply the schema upgrade. The update is not live until this completes.
Confirm (Get-SPFarm).BuildVersion matches the patched build on every server.
- Patch is incomplete until PSConfig runs — installing the binary alone leaves the farm in an upgrade-required state.
- SharePoint has been heavily exploited (e.g. the 2025 "ToolShell" chain) — patch promptly and rotate machine keys if advised.
Official sources
- Advisory: Microsoft Security Update Guide ↗
- Download: SharePoint update KB / Download Center ↗
Don't patch blind. Microsoft SharePoint Server has 15 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.
Microsoft SharePoint Server security status →Stay ahead of the next one
- Microsoft SharePoint Server security status & health score — score, open CVEs and safe version.
- Microsoft SharePoint Server vulnerabilities — the full CVE list and what's exploited.
- Microsoft SharePoint Server end-of-life dates — don't run a release that's stopped getting fixes.
- Monitor Microsoft SharePoint Server — get an email alert the moment a new exploited vulnerability lands.
Frequently asked questions
What is the latest version of Microsoft SharePoint Server?
As of June 2026, the latest supported Microsoft SharePoint Server release we track is 16.0.19725.20384. Patch to the current release on your branch and confirm the version after updating.
How do I check which version of Microsoft SharePoint Server I am running?
Use: (Get-SPFarm).BuildVersion —or— Central Admin → Upgrade and Migration → Check product/patch status (SharePoint Management Shell). Record the result before and after patching to confirm the update applied.
Is Microsoft SharePoint Server being actively exploited right now?
Yes — 15 Microsoft SharePoint Server vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.
How do I patch Microsoft SharePoint Server safely without breaking production?
Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.
Patch steps are general, well-established guidance for Microsoft SharePoint Server — always test in a non-production environment first and follow the official Microsoft advisory for your exact version. IsItPatched is independent and not affiliated with Microsoft; this is not a substitute for vendor documentation. See our disclaimer.