Share via

Microsoft SQL Server Remote Code Execution Vulnerability

techresearch7777777 1,961 Reputation points
2022-06-21T20:03:57.987+00:00

Hello, I recently noticed Microsoft mentioning SQL Server security vulnerability as this link mentions:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143

Am a bit confused on how to apply/fix.

Should I apply the latest SQL Server Service Packs and Cumulative Updates first and then download and apply that link's vulnerability patches or something different?

Thanks in advance.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
14,492 questions
0 comments
Accepted answer
  1. CathyJi-MSFT 22,356 Reputation points Microsoft External Staff
    2022-06-23T09:39:39.43+00:00

    Hi @techresearch7777777 ,

    Please check the patches that you need to apply to your six SQL server instances.

    Microsoft SQL Server 2014 (SP3-CU4-GDR) (KB4583462) - 12.0.6433.1 (X64) Oct 31 2020 02:54:45 Copyright (c) Microsoft Corporation Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.3 <X64> (Build 9600: ) (Hypervisor)---------------------------Apply 5014164 Security update for SQL Server 2014 SP3 CU4: June 14, 2022 to this SQL instance.

    Microsoft SQL Server 2016 (SP2-GDR) (KB4583460) - 13.0.5103.6 (X64) Nov 1 2020 00:13:28 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows Server 2012 R2 Standard 6.3 <X64> (Build 9600: ) (Hypervisor)---------------------------- Apply 5014365 Security update for SQL Server 2016 SP2 GDR: June 14, 2022 to this SQL server instance.

    Microsoft SQL Server 2016 (SP2-GDR) (KB4583460) - 13.0.5108.50 (X64) May 20 2022 20:28:29 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build 14393: ) (Hypervisor)------------------This the latest GDR for SQL server 2016 SP2. If you do not want to apply SP3 for this SQL server instance, you do not need to apply patch for this instance.

    Microsoft SQL Server 2016 (SP3) (KB5003279) - 13.0.6300.2 (X64) Aug 7 2021 01:20:37 Copyright (c) Microsoft Corporation Developer Edition (64-bit) on Windows Server 2012 R2 Standard 6.3 <X64> (Build 9600: ) (Hypervisor)---------------------Apply 5014355 Security update for SQL Server 2016 SP3 GDR: June 14, 2022 to this SQL server instance.

    Microsoft SQL Server 2016 (SP3-GDR) (KB5014355) - 13.0.6419.1 (X64) May 29 2022 21:05:29 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build 14393: ) (Hypervisor) )------------------This the latest GDR for SQL server 2016 SP3.

    Microsoft SQL Server 2019 (RTM-CU16-GDR) (KB5014353) - 15.0.4236.7 (X64) May 29 2022 15:55:47 Copyright (C) 2019 Microsoft Corporation Standard Edition (64-bit) on Windows Server 2019 Standard 10.0 <X64> (Build 17763: ) (Hypervisor)--------------This is the latest version for SQL server 2019.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    1 person found this answer helpful.
    0 comments

7 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. techresearch7777777 1,961 Reputation points
    2022-06-22T23:49:12.887+00:00

    Thanks for all of the replies.

    Here are my six different SQL Server versions as Cathyji-msft responded:

    Microsoft SQL Server 2014 (SP3-CU4-GDR) (KB4583462) - 12.0.6433.1 (X64) Oct 31 2020 02:54:45 Copyright (c) Microsoft Corporation Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.3 <X64> (Build 9600: ) (Hypervisor)

    Microsoft SQL Server 2016 (SP2-GDR) (KB4583460) - 13.0.5103.6 (X64) Nov 1 2020 00:13:28 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows Server 2012 R2 Standard 6.3 <X64> (Build 9600: ) (Hypervisor)

    Microsoft SQL Server 2016 (SP2-GDR) (KB4583460) - 13.0.5108.50 (X64) May 20 2022 20:28:29 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build 14393: ) (Hypervisor)

    Microsoft SQL Server 2016 (SP3) (KB5003279) - 13.0.6300.2 (X64) Aug 7 2021 01:20:37 Copyright (c) Microsoft Corporation Developer Edition (64-bit) on Windows Server 2012 R2 Standard 6.3 <X64> (Build 9600: ) (Hypervisor)

    Microsoft SQL Server 2016 (SP3-GDR) (KB5014355) - 13.0.6419.1 (X64) May 29 2022 21:05:29 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build 14393: ) (Hypervisor)

    Microsoft SQL Server 2019 (RTM-CU16-GDR) (KB5014353) - 15.0.4236.7 (X64) May 29 2022 15:55:47 Copyright (C) 2019 Microsoft Corporation Standard Edition (64-bit) on Windows Server 2019 Standard 10.0 <X64> (Build 17763: ) (Hypervisor)

    Much appreciated.

    0 comments
  2. techresearch7777777 1,961 Reputation points
    2022-06-23T16:07:33.793+00:00

    Thanks Cathyji-msft for your guidance.

    Is it correct to say if I apply all three of those updates in the links you provided it will resolve this latest SQL Server Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143 potential attack issue...or would I need to do something further/updates?

    Apply 5014164 Security update for SQL Server 2014 SP3 CU4: June 14, 2022
    Apply 5014365 Security update for SQL Server 2016 SP2 GDR: June 14, 2022
    Apply 5014355 Security update for SQL Server 2016 SP3 GDR: June 14, 2022

    And the other three that you mentioned are the Latest with no links provided are currently good and no need to worry about this vulnerability?

  3. techresearch7777777 1,961 Reputation points
    2022-06-24T17:37:19.553+00:00

    Thanks so much for everyone's help.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.