KB5029503 SQL Server 2022 CU 8 Cumulative Update

KB5029503 is a cumulative security update for SQL Server 2022 version. This is Cumulative Update (CU) number 8 for the SQL Server 2022.

Salient points

  • KB5029503 is CU 8 for SQL Server 2022. It supersedes KB5028743 CU 7 for SQL Server 2022.
  • KB5028743 CU 7 was released in August 2023.
  • KB5029503 corresponds to SQL Server 2022 build 16.0.4080.1.
  • KB5029503 is available for SQL Server 2022 versions between 16.0.4003.1 and 16.0.4075.1.
  • KB5029503 is available for Windows and Linux deployments of SQL Server 2022.
  • KB5029503 resolves 5 security vulnerabilities on the SQL Server 2022. The underlying operating system for the server will require separate patching to mitigate security vulnerabilities on the underlying operating system.
  • To install CU 8 on SQL Server 2022, you will need the base version of SQL Server 2022. Alternatively, you may be running any Cumulative Update between CU 1 and CU 7 for SQL Server 2022.
  • If you install a language pack after installing CU 8 of SQL Server 2022 KB5029503, you will have to reinstall the KB5029503 update. This is because the installation of a language pack over the CU 8 will render the cumulative update infructitious.
  • The name of the KB5029503 security update file is SQLServer2022-KB5029503-x64.exe. The SHA256 hash value for the SQL Server 2022 CU 8 file is 8623A5D5446408EB08E5E6116EB40B005D66B696077A7F8EE70DDA59BB027434.

Download KB5029503

KB5029503 can be applied automatically using one of the following methods:

  • Windows Update

For manual deployments, you can download an executable file for the KB5029503 security update. You can download the installer file from:

  • Microsoft Download Center
  • Microsoft Update Catalog

You could also use one of the direct download links for the offline installer below.

The file size for the KB5029503 SQL Server CU 8 update is 399.7 MB. The server will restart after the deployment of KB5029503.


There are 5 security vulnerabilities for SQL Server 2022 that have been shared in October’s security bulletin. These vulnerabilities are listed below:

CVE DetailsCVSSImpactSeverityComments
CVE-2023-367285.5Denial of ServiceImportantThis threat affects Microsoft SQL Services
CVE-2023-364177.8Remote Code ExecutionImportantThis threat affects Microsoft SQL OLE DB.
CVE-2023-367857.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-364207.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-367307.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server

KB5029503 – Changelog

KB5029503 addresses the following bug fix:

  • Bug reference – 2655660
  • An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.