KB5029503 SQL Server 2022 CU 8 Cumulative Update

KB5029503 is a cumulative security update for SQL Server 2022 version. This is Cumulative Update (CU) number 8 for the SQL Server 2022.

Salient points

• KB5029503 is CU 8 for SQL Server 2022. It supersedes KB5028743 CU 7 for SQL Server 2022.
• KB5028743 CU 7 was released in August 2023.
• KB5029503 corresponds to SQL Server 2022 build 16.0.4080.1.
• KB5029503 is available for SQL Server 2022 versions between 16.0.4003.1 and 16.0.4075.1.
• KB5029503 is available for Windows and Linux deployments of SQL Server 2022.
• KB5029503 resolves 5 security vulnerabilities on the SQL Server 2022. The underlying operating system for the server will require separate patching to mitigate security vulnerabilities on the underlying operating system.
• To install CU 8 on SQL Server 2022, you will need the base version of SQL Server 2022. Alternatively, you may be running any Cumulative Update between CU 1 and CU 7 for SQL Server 2022.
• If you install a language pack after installing CU 8 of SQL Server 2022 KB5029503, you will have to reinstall the KB5029503 update. This is because the installation of a language pack over the CU 8 will render the cumulative update infructitious.
• The name of the KB5029503 security update file is SQLServer2022-KB5029503-x64.exe. The SHA256 hash value for the SQL Server 2022 CU 8 file is 8623A5D5446408EB08E5E6116EB40B005D66B696077A7F8EE70DDA59BB027434.

Download KB5029503

KB5029503 can be applied automatically using one of the following methods:

• Windows Update

For manual deployments, you can download an executable file for the KB5029503 security update. You can download the installer file from:

• Microsoft Download Center
• Microsoft Update Catalog

You could also use one of the direct download links for the offline installer below.

• Download KB5029503 from the Microsoft Update Catalog site
• Download KB5029503 from the Microsoft Download Center
• Direct download link for KB5029503

The file size for the KB5029503 SQL Server CU 8 update is 399.7 MB. The server will restart after the deployment of KB5029503.

Vulnerabilities

There are 5 security vulnerabilities for SQL Server 2022 that have been shared in October’s security bulletin. These vulnerabilities are listed below:

CVE Details	CVSS	Impact	Severity	Comments
CVE-2023-36728	5.5	Denial of Service	Important	This threat affects Microsoft SQL Services
CVE-2023-36417	7.8	Remote Code Execution	Important	This threat affects Microsoft SQL OLE DB.
CVE-2023-36785	7.8	Remote Code Execution	Important	This threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-36420	7.8	Remote Code Execution	Important	This threat affects Microsoft ODBC Driver for SQL Server
CVE-2023-36730	7.8	Remote Code Execution	Important	This threat affects Microsoft ODBC Driver for SQL Server

KB5029503 – Changelog

KB5029503 addresses the following bug fix:

• Bug reference – 2655660
• An attacker can send a malformed TDS (Tabular Data Stream) packet that causes a login failure, unavailability, or other undefined behavior.

October 2023 Security Updates

You may be interested in reading more about other October 2023 security or cumulative updates shared below:

• KB5029503 SQL Server 2022 CU 8 Cumulative Update
• Windows 10 – KB5031377 Cumulative Update
• Windows 10 version 1809 – KB5031361
• Windows 10 version 1607 – KB5031362
• KB5031358 Cumulative Update for Windows 11 version 21H2
• KB5029377 Security Update for SQL Server 2019 GDR
• KB5031354 Cumulative Update for Windows 11 version 22H2
• KB5031356 for Windows 10 versions 21H2 and 22H2
• KB5031901 Update for .NET 7.0
• KB5031407 Security Update for Windows Server 2012 R2
• KB5031427 Security Update for Windows Server 2012
• KB5031419 Monthly Rollup for Windows Server 2012 R2
• KB5031442 Monthly Rollup Update for Windows Server 2012
• KB5031364 Cumulative Update for Windows Server 2022
• KB5031362 Cumulative Update for Windows Server 2016
• KB5031361 Cumulative Update for Windows Server 2019