KB5029185 SQL Server 2014 SP 3 Cumulative Update 4

KB5029185 is the cumulative update number 4 for SQL Server 2014 SP 3. The security update was released on 10 October 2023 as part of the ‘Patch Tuesday’ project.

Salient points

  • KB5029185 is a cumulative update. It supersedes KB5021045 released in February 2023.
  • KB5029185 updates the SQL Server Product version to 12.0.6449.1 and the file version to 2014.120.6449.1.
  • Cumulative Update 4 for SQL Server 2014 SP 3 was released first under KB4500181 in July 2019.
  • There have been multiple updates after the original CU 4 update. The current Cumulative Update 4 GDR is the 8th such update.
  • KB5029185 resolves a single security vulnerability CVE-2023-36728. Brief details of the vulnerability are shared below.
  • To install KB5029185, you need SQL Server 2019 SP3 or any SQL Server 2019 SP3 CU release.
  • KB5029185 is available for the x86 and x64 platforms.
  • KB5029185 security update for x86 platform is SQLServer2014-KB5029185-x86.exe. The file hash is 71EADC1F5F494C4832FCF4A23863A0FA6448C189B49A8C25F38D45CF1C35E953.
  • KB5029185 security update for x64 platform is SQLServer2014-KB5029185-x64.exe. The file hash is 380C9ACE3D4598BB3E90A83443F5DB6A66FA1E9C5FF10B48EC38C65C98C63CCF.
  • KB5029185 is available for SQL Server 2014 SP3 versions 12.0.6205.1 to 12.0.6444.4.

Download KB5029185

KB5029185 Cumulative Update 4 can be automatically deployed using the Windows Update program.

For manual deployments, you can download the executable installer file from the Microsoft Update Catalog site. Or, you could use the Microsoft Download Center to download the executable for KB5029185.

The installer files are available for SQL Server 2014 SP3 x86 and x64 editions.

We have also shared the direct download links for the KB5029185 files for x86 and x64 editions of SQL Server 2014 SP 3..

When you install the KB5029185 update file for the SQL Server 2014 SP3 CU 4, the server will reboot. So, we do suggest carrying out the installation of KB5029185 in an organized change process.


KB5029185 resolves a security vulnerability in SQL Server 2014 SP3 CU 4. The details are listed below:

CVE DetailsCVSS ScoreSeverityImpactComments
CVE-2023-367285.5ImportantDenial of ServiceAn attacker could impact the availability of the service resulting in Denial of Service (DoS).

KB5029185 – Changelog

The following issues or bugs are fixed in KB5029185.

  • Bug ID – 2512429. It affects the SQL Server Engine
  • Bug Description – An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.