KB5029378 is the cumulative update number 22 for Microsoft SQL Server 2019. It was released on 10 October 2023 as part of the ‘Patch Tuesday’ project.
Salient points
- KB5029378 is cumulative update 22 for SQL Server 2019. It is available for Windows and Linux deployments.
- KB5029378 contains security changes over and above the CU 22 for SQL Server 2019 released under KB5027702 in August 2023.
- KB5027702 is the CU 22 for SQL Server 2019 that was released on 14 August 2023. KB5029378 fixes security vulnerabilities that have been found in the CU 22 released under KB5027702. So, KB5029378 is KB5027702 plus security fixes for security vulnerabilities.
- KB5029378 fixes 5 security vulnerabilities on the Microsoft SQL Server 2019.
- KB5029378 will update SQL Server 2019 to the Product version: 15.0.4326.1, and file version: 2019.150.4326.1.
- KB5029378 can be installed on any SQL Server 2019 deployment or SQL Server 2019 CU release.
- Installing a language pack over KB5029378 installation will render the KB5029378 infructitious. You will need to redeploy KB5029378 in such cases.
Download KB5029378
KB5029378 can be deployed automatically using the Windows Update program on Windows Server 2019.
For manual deployments, you can download the offline installer file in .exe format from the Microsoft Catalog site or the Microsoft Download Center.
The download links for KB5029378 for Microsoft Update Catalog and Microsoft Download Center are shared below.
- Download KB5029378 from the Microsoft Update Catalog
- Direct download link for KB5029378
- Download KB5029378 from the Microsoft Download Center
The file size of KB5029378 is 751 MB. The server will restart after you have deployed the KB5029378 security update.
Vulnerabilities
There are 5 security vulnerabilities on Microsoft SQL Server that have been patched in KB5029378. These threats are mentioned below for your ready reference.
| CVE Details | CVSS | Impact | Severity | Comments |
|---|---|---|---|---|
| CVE-2023-36728 | 5.5 | Denial of Service | Important | This threat affects Microsoft SQL Services |
| CVE-2023-36417 | 7.8 | Remote Code Execution | Important | This threat affects Microsoft SQL OLE DB. |
| CVE-2023-36785 | 7.8 | Remote Code Execution | Important | This threat affects Microsoft ODBC Driver for SQL Server |
| CVE-2023-36420 | 7.8 | Remote Code Execution | Important | This threat affects Microsoft ODBC Driver for SQL Server |
| CVE-2023-36730 | 7.8 | Remote Code Execution | Important | This threat affects Microsoft ODBC Driver for SQL Server |
KB5029378 – Changelog
The following changes or bug fixes have been reported in KB5029378:
- Bug 2562145
- An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.
October 2023 Security Updates
You may be interested in reading more about other October 2023 security or cumulative updates shared below:
- KB5029503 SQL Server 2022 CU 8 Cumulative Update
- Windows 10 – KB5031377 Cumulative Update
- Windows 10 version 1809 – KB5031361
- Windows 10 version 1607 – KB5031362
- KB5031358 Cumulative Update for Windows 11 version 21H2
- KB5029377 Security Update for SQL Server 2019 GDR
- KB5031354 Cumulative Update for Windows 11 version 22H2
- KB5031356 for Windows 10 versions 21H2 and 22H2
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.