Reading Time: < 1 minute

Another patch Tuesday release and this time were for multiple versions of SQL Server. Make sure you read the whole article before downloading the appropriate official fix for your environment.

On January 12, Microsoft released article KB4583468 as a response to CVE-2021-1236, a vulnerability that allows an authenticated attacker to be able to send data over network on a vulnerable Microsoft SQL Server instance running an extended events session, that could lead to access deny thus hurting your system availability directly as well as data confidentiality and integrity.

Which versions are affected and can be patched

All versions starting from SQL Server 2012 all the way up to the current version of SQL Server 2019.

Below a table with the versions that can patched and the link to the relevant download.

MS KB #SQL Server targettarget baseline versionnew product versionnew file version
KB4583458Security update for SQL Server 2019 RTM GDR15.0.2000.5 - 15.0.2070.4115.0.2080.92019.150.2080.9
KB4583459Security update for SQL Server 2019 CU815.0.4003.23 - 15.0.4073.2315.0.4083.22019.150.4083.2
KB4583456Security update for SQL Server 2017 GDR14.0.1000.169 - 14.0.2027.214.0.2037.22017.140.2037.2
KB4583457Security update for SQL Server 2017 CU2214.0.3006.16 - 14.0.3356.2014.0.3370.12017.140.3370.1
KB4583460Security update for SQL Server 2016 SP2 GDR13.0.5026.0 - 13.0.5102.1413.0.5103.62015.131.5103.6
KB4583461Security update for SQL Server 2016 SP2 CU1513.0.5149.0 - 13.0.5850.1413.0.5865.12015.131.5865.1
KB4583463Security update for SQL Server 2014 SP3 GDR12.0.6024.0 - 12.0.6118.412.0.6164.212014.120.6164.21
KB4583462Security update for SQL Server 2014 SP3 CU412.0.6205.1 - 12.0.6372.112.0.6433.12014.120.6433.1
KB4583465Security update for SQL Server 2012 SP4 GDR11.0.7001.0 - 11.0.7493.411.0.7507.22011.110.7507.2

If you are not sure which is suited for you have a look at this post: SQL Server patching: GDR vs CU.

As always, test and then patch your production instances.

Useful links: