KB5029186 SQL Server 2016 SP 3 GDR

KB5029186 is a security update for SQL Server 2016 Service Pack 3 GDR version. The update was released under the ‘Patch Tuesday’ program on 10 October 2023.

Salient points

  • KB5029186 is the security update for SQL Server 2016 SP 3 GDR.
  • KB5029186 will update the SQL Server Product version to 13.0.6435.1, and the file version to 2015.131.6435.1
  • The previous security update for SQL Server 2016 SP 3 was released in February 2023. It was the KB5021129 update.
  • SQL Server 2016 SP 3 was released in September 2021 under KB5003279. It has had 3 GDR updates since September 2021. KB5014355, KB5021129, and KB5029186 are the GDR updates released in the SQL 2016 SP 3 life cycle as of now.
  • The current security update resolves CVE-2023-36728 Denial of Service vulnerability on Microsoft SQL Server. Details of the vulnerability are shared in the vulnerability section below.
  • To apply this update, you must have SQL Server 2016 SP3 or any SQL Server 2016 SP3 GDR release through this SQL Server 2016 SP3 GDR installed.
  • The name of the executable update file for KB5029186 is SQLServer2016-KB5029186-x64.exe. The file hash value for this executable file is D5215D488039041CDF5FE81A76E58F5E075447BD1792BE2DAF9555D8CB55CAD8.
  • If you install a language pack after installing KB5029186, you must reinstall the security update KB5029186. Installing a language pack over the security update will render the security update infructitious.

Download KB5029186

You can apply KB5029186 automatically using the Windows Update program.

For manual deployments, you can download the executable file from the Microsoft Update Catalog site or the Microsoft Download Center. The direct download link for the executable file for KB5029186 has also been shared below.

The size of the executable file for KB5029186 is 474.5 MB. This update will cause a server reboot. So, we do suggest implementing KB5029186 as part of an organized change management process.


KB5029186 resolves a security vulnerability in SQL Server 2016 SP3. The details are listed below:

CVE DetailsCVSS ScoreSeverityImpactComments
CVE-2023-367285.5ImportantDenial of ServiceAn attacker could impact the availability of the service resulting in Denial of Service (DoS).

Issue fixes

KB5029186 resolves the following bug in the SQL Server Engine:

  • Bug id – 2512432
  • An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.