KB5029378 SQL Server 2019 Cumulative Update 22 GDR

KB5029378 is the cumulative update number 22 for Microsoft SQL Server 2019. It was released on 10 October 2023 as part of the ‘Patch Tuesday’ project.

Salient points

  • KB5029378 is cumulative update 22 for SQL Server 2019. It is available for Windows and Linux deployments.
  • KB5029378 contains security changes over and above the CU 22 for SQL Server 2019 released under KB5027702 in August 2023.
  • KB5027702 is the CU 22 for SQL Server 2019 that was released on 14 August 2023. KB5029378 fixes security vulnerabilities that have been found in the CU 22 released under KB5027702. So, KB5029378 is KB5027702 plus security fixes for security vulnerabilities.
  • KB5029378 fixes 5 security vulnerabilities on the Microsoft SQL Server 2019.
  • KB5029378 will update SQL Server 2019 to the Product version: 15.0.4326.1, and file version: 2019.150.4326.1.
  • KB5029378 can be installed on any SQL Server 2019 deployment or SQL Server 2019 CU release.
  • Installing a language pack over KB5029378 installation will render the KB5029378 infructitious. You will need to redeploy KB5029378 in such cases.

Download KB5029378

KB5029378 can be deployed automatically using the Windows Update program on Windows Server 2019.

For manual deployments, you can download the offline installer file in .exe format from the Microsoft Catalog site or the Microsoft Download Center.

The download links for KB5029378 for Microsoft Update Catalog and Microsoft Download Center are shared below.

The file size of KB5029378 is 751 MB. The server will restart after you have deployed the KB5029378 security update.


There are 5 security vulnerabilities on Microsoft SQL Server that have been patched in KB5029378. These threats are mentioned below for your ready reference.

CVE DetailsCVSSImpactSeverityComments
CVE-2023-367285.5Denial of ServiceImportantThis threat affects Microsoft SQL Services
CVE-2023-364177.8Remote Code ExecutionImportantThis threat affects Microsoft SQL OLE DB.
CVE-2023-367857.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-364207.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-367307.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server

KB5029378 – Changelog

The following changes or bug fixes have been reported in KB5029378:

  • Bug 2562145
  • An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.