SQL Server 2016 SP1 Update KB4458842 (08/22/2018)

Windows Update[German]A brief note for admins. Microsoft has released on August 22, 2018 a critical security update KB4458842 for SQL Server 2016 SP1. Here are a few details about that update.


A first update revision for SQL Server 2016 SP2 was released on August 21, 2018 (see SQL Server 2016 SP2: Update-Revision KB4458621). I don't know how many installations of SQL Server 2016 are still running with Service Pack 1 (if SP2 is available). However, there is a security update for these machines. @PhantomOfMobile drew my attention to the update via Twitter.

Update KB4458842 for SQL Server 2016 SP1

Update KB4458842 is titled Description of the security update for the remote code execution vulnerability in SQL Server 2016 SP1 (GDR): August 22, 2018. Microsoft writes about this out-of-band security update:

A buffer overflow vulnerability exists in Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully exploits this vulnerability could execute code in the context of the SQL Server Database Engine service account.

For more information about the vulnerability, see CVE-2018-8273. This update replaces update KB4293801, which was released August 14, 2018. If Update KB4293801 has already been installed, Microsoft recommends that you install the new Update KB4458842 as soon as possible. Update KB4293801 does not need to be uninstalled, as it will be replaced by the update KB4458842.

Update KB4458842 will be distributed via Windows Update, but is also downloadable from Microsoft Update Catalog and Microsoft Download Center.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *