KB5029503 SQL Server 2022 CU 8 Cumulative Update

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

KB5029503 is a cumulative security update for SQL Server 2022 version. This is Cumulative Update (CU) number 8 for the SQL Server 2022.

Salient points

  • KB5029503 is CU 8 for SQL Server 2022. It supersedes KB5028743 CU 7 for SQL Server 2022.
  • KB5028743 CU 7 was released in August 2023.
  • KB5029503 corresponds to SQL Server 2022 build 16.0.4080.1.
  • KB5029503 is available for SQL Server 2022 versions between 16.0.4003.1 and 16.0.4075.1.
  • KB5029503 is available for Windows and Linux deployments of SQL Server 2022.
  • KB5029503 resolves 5 security vulnerabilities on the SQL Server 2022. The underlying operating system for the server will require separate patching to mitigate security vulnerabilities on the underlying operating system.
  • To install CU 8 on SQL Server 2022, you will need the base version of SQL Server 2022. Alternatively, you may be running any Cumulative Update between CU 1 and CU 7 for SQL Server 2022.
  • If you install a language pack after installing CU 8 of SQL Server 2022 KB5029503, you will have to reinstall the KB5029503 update. This is because the installation of a language pack over the CU 8 will render the cumulative update infructitious.
  • The name of the KB5029503 security update file is SQLServer2022-KB5029503-x64.exe. The SHA256 hash value for the SQL Server 2022 CU 8 file is 8623A5D5446408EB08E5E6116EB40B005D66B696077A7F8EE70DDA59BB027434.

Download KB5029503

KB5029503 can be applied automatically using one of the following methods:

  • Windows Update

For manual deployments, you can download an executable file for the KB5029503 security update. You can download the installer file from:

  • Microsoft Download Center
  • Microsoft Update Catalog

You could also use one of the direct download links for the offline installer below.

The file size for the KB5029503 SQL Server CU 8 update is 399.7 MB. The server will restart after the deployment of KB5029503.


There are 5 security vulnerabilities for SQL Server 2022 that have been shared in October’s security bulletin. These vulnerabilities are listed below:

CVE DetailsCVSSImpactSeverityComments
CVE-2023-367285.5Denial of ServiceImportantThis threat affects Microsoft SQL Services
CVE-2023-364177.8Remote Code ExecutionImportantThis threat affects Microsoft SQL OLE DB.
CVE-2023-367857.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-364207.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-367307.8Remote Code ExecutionImportantThis threat affects Microsoft ODBC Driver for SQL Server

KB5029503 – Changelog

KB5029503 addresses the following bug fix:

  • Bug reference – 2655660
  • An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.