Issue with security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 (CU): August 14, 2018

Published Mar 23 2019 05:52 PM 274 Views
Microsoft
First published on MSDN on Aug 18, 2018
On Tuesday August 14, we published a Security Update for six different releases of SQL Server 2016 and 2017. For one of those releases, SQL Server 16 SP2 CU ( KB4293807 ), we inadvertently published additional undocumented trace flags that are normally not on by default. We are working on replacing the update in the next few days. If you installed KB4293807 and are experiencing issues please uninstall the update until the replacement update (KB4458621) is available.



Update: This has been resolved.  Please see post https://blogs.msdn.microsoft.com/sqlreleaseservices/resolved-issue-with-security-update-for-the-...



Thank you

SQL Server Release Services
%3CLINGO-SUB%20id%3D%22lingo-sub-385973%22%20slang%3D%22en-US%22%3EIssue%20with%20security%20update%20for%20the%20Remote%20Code%20Execution%20vulnerability%20in%20SQL%20Server%202016%20SP2%20(CU)%3A%20August%2014%2C%202018%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-385973%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20MSDN%20on%20Aug%2018%2C%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20On%20Tuesday%20August%2014%2C%20we%20published%20a%20Security%20Update%20for%20six%20different%20releases%20of%20SQL%20Server%202016%20and%202017.%20For%20one%20of%20those%20releases%2C%20SQL%20Server%2016%20SP2%20CU%20(%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4293807%2Fdescription-of-the-security-update-for-the-remote-code-execution-vulne%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20KB4293807%20%3C%2FA%3E%20)%2C%20we%20inadvertently%20published%20additional%20undocumented%20trace%20flags%20that%20are%20normally%20not%20on%20by%20default.%20We%20are%20working%20on%20replacing%20the%20update%20in%20the%20next%20few%20days.%20If%20you%20installed%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4293807%2Fdescription-of-the-security-update-for-the-remote-code-execution-vulne%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20KB4293807%20%3C%2FA%3E%20and%20are%20experiencing%20issues%20please%20uninstall%20the%20update%20until%20the%20replacement%20update%20(KB4458621)%20is%20available.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Update%3A%20This%20has%20been%20resolved.%26nbsp%3B%20Please%20see%20post%20%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Fsqlreleaseservices%2Fresolved-issue-with-security-update-for-the-remote-code-execution-vulnerability-in-sql-server-2016-sp2-cu-august-14-2018%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20https%3A%2F%2Fblogs.msdn.microsoft.com%2Fsqlreleaseservices%2Fresolved-issue-with-security-update-for-the-remote-code-execution-vulnerability-in-sql-server-2016-sp2-cu-august-14-2018%2F%20%3C%2FA%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Thank%20you%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20SQL%20Server%20Release%20Services%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-385973%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20MSDN%20on%20Aug%2018%2C%202018%20On%20Tuesday%20August%2014%2C%20we%20published%20a%20Security%20Update%20for%20six%20different%20releases%20of%20SQL%20Server%202016%20and%202017.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-385973%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESQLReleases%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Mar 23 2019 05:52 PM
Updated by: