This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to exploit the vulnerability if the attacker's credentials allow access to an affected SQL Server database. An attacker who successfully exploits the vulnerability could access additional database and file information. To learn more about these vulnerabilities, see CVE-2017-8516.
How to obtain and install the update
Method 1: Microsoft Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Download Center
You can obtain the stand-alone update package through the Microsoft Download Center. To install the update, follow the installation instructions on the download page.
Method 3: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Security update deployment information
For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update replacement information
This security update replaces previously released update 3194718.
Note SQL Server releases Cumulative Updates (CUs) on a regular schedule. For security update CVE-2017-8516, the scheduled CU aligns with security update 4036996 and shares the same payload. Therefore, you will see a different KB number for this update under View installed updates in Control Panel that resembles the following:
Hotfix for SQL Server 2014 SP2 CU (KB4019094)
You do not have to install both updates. If you have already installed the cumulative update (KB4019094), you will not be offered or need security update CVE-2017-8516 (KB4036996).