[German]A brief information for administrators: Microsoft released the security update KB4293807 for SQL Server 2016 SP2 on August 14, 2018. But this update has already been pulled. Addendum: Update revision KB4458621 has been released on August 19, 2018.
Update KB4293807 for SQL Server 2016 SP2
Update KB4293807 for SQL Server 2016 SP2 has been released on August 14, 2018. The kb article is titled Description of the security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 (CU): August 14, 2018, and says:
A buffer overflow vulnerability CVE-2018-8273 exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully exploits this vulnerability could execute code in the context of the SQL Server Database Engine service account.
However, an attacker must submit a specially crafted query to an affected SQL server to exploit the vulnerability. This may allow remote code execution on an affected system. Hence the security update distributed via Windows Update. It was also available in the download center.
Install error 0x80070643, update pulled
German blog reader Axel H. contacted me via e-mail and informed me about his experience with this update.
Enclosed, if you are interested, my SQL Server security update issue this weekend. It could not be installed, ended with Error 0x80070643.
When I wanted to do this again today, I was allowed to notice that it was withdrawn. :-)
Error code 0x80070643 is hilarious, it stands for ERROR_INSTALL_FAILURE. The description says: ‘Serious error during installation’.
It seems that the observation published above havsn’t been an isolated case, because Microsoft has pulled this update. If you visit the download page for update KB4293807, you will see the above message.
Note: Microsoft has published a MSDN blog post where they say: If the update causes issues, uninstall it. They are planning a replacement update (KB4458621). Read also the comments the MSDN blog post received.