KB5029503 is a cumulative security update for SQL Server 2022 version. This is Cumulative Update (CU) number 8 for the SQL Server 2022.
- KB5029503 is CU 8 for SQL Server 2022. It supersedes KB5028743 CU 7 for SQL Server 2022.
- KB5028743 CU 7 was released in August 2023.
- KB5029503 corresponds to SQL Server 2022 build 16.0.4080.1.
- KB5029503 is available for SQL Server 2022 versions between 16.0.4003.1 and 16.0.4075.1.
- KB5029503 is available for Windows and Linux deployments of SQL Server 2022.
- KB5029503 resolves 5 security vulnerabilities on the SQL Server 2022. The underlying operating system for the server will require separate patching to mitigate security vulnerabilities on the underlying operating system.
- To install CU 8 on SQL Server 2022, you will need the base version of SQL Server 2022. Alternatively, you may be running any Cumulative Update between CU 1 and CU 7 for SQL Server 2022.
- If you install a language pack after installing CU 8 of SQL Server 2022 KB5029503, you will have to reinstall the KB5029503 update. This is because the installation of a language pack over the CU 8 will render the cumulative update infructitious.
- The name of the KB5029503 security update file is SQLServer2022-KB5029503-x64.exe. The SHA256 hash value for the SQL Server 2022 CU 8 file is 8623A5D5446408EB08E5E6116EB40B005D66B696077A7F8EE70DDA59BB027434.
KB5029503 can be applied automatically using one of the following methods:
- Windows Update
For manual deployments, you can download an executable file for the KB5029503 security update. You can download the installer file from:
- Microsoft Download Center
- Microsoft Update Catalog
You could also use one of the direct download links for the offline installer below.
- Download KB5029503 from the Microsoft Update Catalog site
- Download KB5029503 from the Microsoft Download Center
- Direct download link for KB5029503
The file size for the KB5029503 SQL Server CU 8 update is 399.7 MB. The server will restart after the deployment of KB5029503.
There are 5 security vulnerabilities for SQL Server 2022 that have been shared in October’s security bulletin. These vulnerabilities are listed below:
|CVE-2023-36728||5.5||Denial of Service||Important||This threat affects Microsoft SQL Services|
|CVE-2023-36417||7.8||Remote Code Execution||Important||This threat affects Microsoft SQL OLE DB.|
|CVE-2023-36785||7.8||Remote Code Execution||Important||This threat affects Microsoft ODBC Driver for SQL Server|
|CVE-2023-36420||7.8||Remote Code Execution||Important||This threat affects Microsoft ODBC Driver for SQL Server|
|CVE-2023-36730||7.8||Remote Code Execution||Important||This threat affects Microsoft ODBC Driver for SQL Server|
KB5029503 – Changelog
KB5029503 addresses the following bug fix:
- Bug reference – 2655660
- An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.
October 2023 Security Updates
You may be interested in reading more about other October 2023 security or cumulative updates shared below:
- KB5029503 SQL Server 2022 CU 8 Cumulative Update
- Windows 10 – KB5031377 Cumulative Update
- Windows 10 version 1809 – KB5031361
- Windows 10 version 1607 – KB5031362
- KB5031358 Cumulative Update for Windows 11 version 21H2
- KB5029377 Security Update for SQL Server 2019 GDR
- KB5031354 Cumulative Update for Windows 11 version 22H2
- KB5031356 for Windows 10 versions 21H2 and 22H2
- KB5031901 Update for .NET 7.0
- KB5031407 Security Update for Windows Server 2012 R2
- KB5031427 Security Update for Windows Server 2012
- KB5031419 Monthly Rollup for Windows Server 2012 R2
- KB5031442 Monthly Rollup Update for Windows Server 2012
- KB5031364 Cumulative Update for Windows Server 2022
- KB5031362 Cumulative Update for Windows Server 2016
- KB5031361 Cumulative Update for Windows Server 2019
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.