Description of the security update for the Remote Code Execution vulnerability in SQL Server 2016 SP2 (CU): August 14, 2018

Applies to: SQL Server 2016


A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system. An attacker who successfully exploits this vulnerability could execute code in the context of the SQL Server Database Engine service account.

To learn more about the vulnerability, go to CVE-2018-8273.

Known issues

The original update KB 4293807 for this security vulnerability was released on August 14, 2018. It exposed certain testing trace flags that were not intended for public release. These trace flags are usually off by default. Therefore, the update has been replaced. If you have previously applied the original update KB 4293807, we recommend that you install KB 4458621 as soon as possible.

You can optionally first uninstall update KB 4293807, but this is not necessary because update KB 4458621 supersedes and replaces KB 4293807.