Description of the security update for SQL Server 2014 Service Pack 2 CU: August 8, 2017

Applies to: SQL Server 2014 Service Pack 2


This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to exploit the vulnerability if the attacker's credentials allow access to an affected SQL Server database. An attacker who successfully exploits the vulnerability could access additional database and file information. To learn more about these vulnerabilities, see CVE-2017-8516.

How to obtain and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. To install the update, follow the installation instructions on the download page.


Method 3: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Security update deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

20170808 Security update deployment information: August 8, 2017

Security update replacement information

This security update replaces previously released update 3194718.

File information

Note SQL Server releases Cumulative Updates (CUs) on a regular schedule. For security update CVE-2017-8516, the scheduled CU aligns with security update 4036996 and shares the same payload. Therefore, you will see a different KB number for this update under View installed updates in Control Panel that resembles the following:

Hotfix for SQL Server 2014 SP2 CU (KB4019094)

You do not have to install both updates. If you have already installed the cumulative update (KB4019094), you will not be offered or need security update CVE-2017-8516 (KB4036996).

How to obtain help and support for this update

Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support