KB5029186 is a security update for SQL Server 2016 Service Pack 3 GDR version. The update was released under the ‘Patch Tuesday’ program on 10 October 2023.
Salient points
- KB5029186 is the security update for SQL Server 2016 SP 3 GDR.
- KB5029186 will update the SQL Server Product version to 13.0.6435.1, and the file version to 2015.131.6435.1
- The previous security update for SQL Server 2016 SP 3 was released in February 2023. It was the KB5021129 update.
- SQL Server 2016 SP 3 was released in September 2021 under KB5003279. It has had 3 GDR updates since September 2021. KB5014355, KB5021129, and KB5029186 are the GDR updates released in the SQL 2016 SP 3 life cycle as of now.
- The current security update resolves CVE-2023-36728 Denial of Service vulnerability on Microsoft SQL Server. Details of the vulnerability are shared in the vulnerability section below.
- To apply this update, you must have SQL Server 2016 SP3 or any SQL Server 2016 SP3 GDR release through this SQL Server 2016 SP3 GDR installed.
- The name of the executable update file for KB5029186 is SQLServer2016-KB5029186-x64.exe. The file hash value for this executable file is D5215D488039041CDF5FE81A76E58F5E075447BD1792BE2DAF9555D8CB55CAD8.
- If you install a language pack after installing KB5029186, you must reinstall the security update KB5029186. Installing a language pack over the security update will render the security update infructitious.
Download KB5029186
You can apply KB5029186 automatically using the Windows Update program.
For manual deployments, you can download the executable file from the Microsoft Update Catalog site or the Microsoft Download Center. The direct download link for the executable file for KB5029186 has also been shared below.
- Download KB5029186 from the Microsoft Update Catalog site
- Download KB5029186 from the Microsoft Download Center
- Direct download executable file for KB5029186. Validate the file against the hash value shared above.
The size of the executable file for KB5029186 is 474.5 MB. This update will cause a server reboot. So, we do suggest implementing KB5029186 as part of an organized change management process.
Vulnerability
KB5029186 resolves a security vulnerability in SQL Server 2016 SP3. The details are listed below:
| CVE Details | CVSS Score | Severity | Impact | Comments |
|---|---|---|---|---|
| CVE-2023-36728 | 5.5 | Important | Denial of Service | An attacker could impact the availability of the service resulting in Denial of Service (DoS). |
Issue fixes
KB5029186 resolves the following bug in the SQL Server Engine:
- Bug id – 2512432
- An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.
October 2023 Security Updates
You may be interested in reading more about other October 2023 security or cumulative updates shared below:
- KB5029186 SQL Server 2016 SP 3 GDR
- KB5030333 SQL Server 2019 Cumulative Update 23
- KB5029378 SQL Server 2019 Cumulative Update 22 GDR
- KB5029503 SQL Server 2022 CU 8 Cumulative Update
- Windows 10 – KB5031377 Cumulative Update
- Windows 10 version 1809 – KB5031361
- Windows 10 version 1607 – KB5031362
- KB5031358 Cumulative Update for Windows 11 version 21H2
- KB5029377 Security Update for SQL Server 2019 GDR
- KB5031354 Cumulative Update for Windows 11 version 22H2
- KB5031356 for Windows 10 versions 21H2 and 22H2
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.