Loading...
Loading...
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2026-21262 - SQL Server Elevation of Privilege Vulnerability CVE-2026-26115 - SQL Server Elevation of Privilege Vulnerability CVE-2026-26116 - SQL Server Elevation of Privilege Vulnerability The Microsoft SQL Server components are updated to the following builds in this security update: SQL Server - product version: 17.0.1105.2, file version: 2025.170.1105.2
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now. Note: Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table. Bug reference Description Fix area Component Platform 4991364 Fixes a potential SQL injection vulnerability by removing an internal system stored procedure. SQL Server Engine Internal System Metadata Windows 4973079 Fixes an elevation of privilege vulnerability in the version upgrade process for merge replication. SQL Server Engine Replication Windows 4911781 This hotfix blocks the ALTER USER operation if the target login is the system Administrator account. SQL Server Engine Security Infrastructure Linux, Windows
Method 1: Windows Update This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ. Method 2: Microsoft Update Catalog To get the standalone package for this update, go to the Microsoft Update Catalog website. Note: The detection logic has been updated for this and future security releases that are posted to the Microsoft Update Catalog website. For more information, see Updates to the Microsoft Update detection logic for SQL Server servicing. Method 3: Microsoft Download Center The following file is available for download from the Microsoft Download Center: Download the package now For more information about how to download Microsoft support files, see the following Knowledge Base article: How to obtain Microsoft support files from online services Microsoft scanned this file for viruses by using the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to it. Important: If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows. Note: This update is made available through the Microsoft Update Catalog for all servers that are running SQL Server, even if Reporting Services is not installed. Installing this security update is optional for computers that do not host Microsoft SQL Server Reporting Services.
Prerequisites To apply this update, you must have SQL Server 2025 or any SQL Server 2025 GDR release through this SQL Server 2025 GDR installed. Security update deployment information For deployment information about this update, see Deployments - Security Update Guide. File hash information File name SHA256 hash SQLServer2025-KB5077468-x64.exe 877702FB5E85C096F8FE4052FFA2D354B459B0C2E0A349708240E2D25603877E
The English version of this package has the file attributes (or later file attributes) that are listed in the following worksheet. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel. For all supported x64-based versions - Download the list of files that are included in security update 5077468.
Protect yourself online: Windows Security support Learn how we guard against cyber threats: Microsoft Security
The included affected builds are considered potentially affected, based on their release chronology relative to the identified fix.
Click on a version to see all relevant bugs
Microsoft SQL Server Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.