Security update for SQL Server 2019 CU22: October 10, 2023

Varun Mehta 0 Reputation points
2023-10-29T23:07:43.3533333+00:00

Hi,

We are in process of patching our SQL server estate. We are currently on SQL server 2019 CU21 or less at this stage (various editions across the environments) and want to update the patch level to CU22. To update to CU22 we have two options available:

1: KB5029378 - 5029378 Security update for SQL Server 2019 CU22: October 10, 2023  

2: KB5027702 - 5027702 Cumulative update 22 (CU22) for SQL Server 2019

I am trying to find out:

Question 1: Is security patch "5029378 (KB5029378)" for CU22 released to fix some vulnerabilities introduced by CU22 "5027702 (KB5027702)"?

Questions 2: If organisation decide to stay with CU21, are our SQL servers still vulnerable to the security concern which are being fixed by security patch for CU22? In other words, is security update for SQL server 2019 CU22 fixing anything for SQL server CU21?

If Security update for CU22 is fixing something for CU21, we will have no option but to go for that update. If it is just for CU22 (question 1), we might decide to stick with CU21. Hence the doubts.

If anyone has any calcification on this doubt, your help will be much appreciated. Please re-direct me to the link if this topic has already been discussed and answered on any other forum.

Thanks,

Varun

DBA

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,820 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. ZoeHui-MSFT 36,586 Reputation points
    2023-10-30T03:16:15.7133333+00:00

    Hi @Varun Mehta,

    • GDR updates – cumulatively only contain security updates for the given baseline.
    • CU updates – cumulatively contain all functional fixes and security updates for the given baseline.

    But also be aware that you shouldn't mix and max CU and GDR updates. The Microsoft recommendation is after the base version is installed, either only CU updates or only GDR updates should be installed.

    For any given baseline, either the GDR or CU updates could be options (see below).

    For any given baseline, either the GDR or CU updates could be options (see below). If SQL Server installation is at a baseline version, you can choose either the GDR or CU update. If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package. If SQL Server installation has intentionally installed previous CU updates, then choose to install the CU security update package.

    You best choice is install the latest CU23.

    KB5030333 - Cumulative Update 23 for SQL Server 2019

    Regards,

    Zoe Hui


    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Varun Mehta 0 Reputation points
    2023-10-30T15:54:29.1733333+00:00

    Hi Zoe,

    I appreciate your response and information. Thanks for this.

    Applying the CU23 is a part of the next year plan as it involves quite a lot of planning and perquisites. Currently, we are concentrating on the security concerns hence CU22 comes in the picture.

    I am still wondering about the answer to my question:

    Does security update for CU22 (KB5029378) fixes any issue for CU21 or less? If it is released just to fix issues introduced by CU22 (KB5027702), we will decide to stay at CU21 and next year we will plan for CU23.

    I am looking forward for the response.

    Thanks,

    Varun Mehta

    0 comments No comments

  3. ZoeHui-MSFT 36,586 Reputation points
    2023-10-31T01:34:17.5766667+00:00

    Hi @Varun Mehta,

    From my opinion, the security update for CU22 (KB5029378) fixes the issue not only for CU22 but also contains CU21 and before release.

    Regards,

    Zoe Hui


    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.