Loading...
Loading...
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories: CVE-2026-32167 - SQL Server Elevation of Privilege Vulnerability CVE-2026-32176 - SQL Server Elevation of Privilege Vulnerability The Microsoft SQL Server components are updated to the following builds in this security update: SQL Server - product version: 14.0.3525.1, file version: 2017.140.3525.1
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now. Note: Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table. Bug reference Description Fix area Component Platform 5030955 This fix addresses an elevation of privilege vulnerability in SQL Server linked servers that allows a low-privileged SQL Server user to gain sysadmin permissions. SQL Server Engine PolyBase Linux, Windows 4999191 This fix resolves an issue in SQL Server in which improper neutralization of special elements in SQL commands (SQL injection) allows an authorized attacker to elevate privileges over a network. SQL Server Engine SQL Agent Windows
Method 1: Windows Update This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ. Method 2: Microsoft Update Catalog To get the standalone package for this update, go to the Microsoft Update Catalog website. Note The detection logic has been updated for this and future security releases that are posted to the Microsoft Update Catalog website. For more information, see Updates to the Microsoft Update detection logic for SQL Server servicing. Method 3: Microsoft Download Center The following file is available for download from the Microsoft Download Center: Download the package now For more information about how to download Microsoft support files, see the following Knowledge Base article: How to obtain Microsoft support files from online services Microsoft scanned this file for viruses by using the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to it. Important: If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows. Note: This update is made available through the Microsoft Update Catalog for all servers that are running SQL Server, even if Reporting Services is not installed. Installing this security update is optional for computers that do not host Microsoft SQL Server Reporting Services.
Prerequisites To apply this update, you must have SQL Server 2017 or any SQL Server 2017 CU release through this SQL Server 2017 CU31 GDR installed. Security update deployment information For deployment information about this update, see Deployments - Security Update Guide. File hash information File name SHA256 hash SQLServer2017-KB5084818-x64.exe 58A6AA553FF0340C4237937F06B88A20538998E399DFFBEDBB768B86AD64CC1E
The English version of this package has the file attributes (or later file attributes) that are listed in the following worksheet. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel. For all supported x64-based versions - Download the list of files that are included in security update 5084818.
Protect yourself online: Windows Security support Learn how we guard against cyber threats: Microsoft Security
The included affected builds are considered potentially affected, based on their release chronology relative to the identified fix.
Click on a version to see all relevant bugs
Microsoft SQL Server Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.