MS16-136: Security update for SQL Server: November 8, 2016

Summary
This update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker to gain elevated privileges that might be used to create accounts, or view, change, or delete data. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-136.

Additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 3194716 MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016
  • 3194717 MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016
  • 3194714 MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016
  • 3194718 MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016
  • 3194720 MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016
  • 3194722 MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016
  • 3194721 MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016
  • 3194724 MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016
  • 3194719 MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 GDR: November 8, 2016
  • 3194725 MS16-136: Description of the security update for SQL Server 2012 Service Pack 2 CU: November 8, 2016

Security update deployment information

SQL Server 2012 Service Pack 2

Reference table

The following table contains the security update information for this software.

Security update file namesFor GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:
SQLServer2012-KB3194719-x86.exe
For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:
SQLServer2012-KB3194719-x64.exe
For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:
SQLServer2012-KB3194725-x86.exe
For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:
SQLServer2012-KB3194725-x64.exe
Installation switchesSee Microsoft Knowledge Base article 934307
Update log file%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG\<TimeStamp>\MSSQLServer\Summary_<MachineName>_<Timestamp>.txt
Special instructionsThis update is also offered to SQL Server 2012 Service Pack 2 (SP2) instances that are clustered.

To reduce downtime if your SQL Server 2012 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.
Restart requirementA restart of the SQL Server instance is required if files are in use.

If a restart is required, the installer prompts or returns exit code 3010.
Removal informationUse Add or Remove Programs in Control Panel.
File informationFor GDR update of SQL Server 2012 Service Pack 2:
See Microsoft Knowledge Base article 3194719

For CU update of SQL Server 2012 Service Pack 2:
See Microsoft Knowledge Base Article 3194725

SQL Server 2012 Service Pack 3

Reference table

The following table contains the security update information for this software.

Security update file namesFor GDR update of SQL Server 2012 Service Pack 3 for 32-bit Systems:
SQLServer2012-KB3194721-x86.exe
For GDR update of SQL Server 2012 Service Pack 3 for x64-based Systems:
SQLServer2012-KB3194721-x64.exe
For CU update of SQL Server 2012 Service Pack 3 for 32-bit Systems:
SQLServer2012-KB3194724-x86.exe
For CU update of SQL Server 2012 Service Pack 3 for x64-based Systems:
SQLServer2012-KB3194724-x64.exe
Installation switchesSee Microsoft Knowledge Base article 934307
Update log file%programfiles%\Microsoft SQL Server\110\Setup Bootstrap\LOG\<TimeStamp>\MSSQLServer\Summary_<MachineName>_<Timestamp>.txt
Special instructionsThis update is also offered to SQL Server 2012 Service Pack 3 (SP3) instances that are clustered.

To reduce downtime if your SQL Server 2012 SP3 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.
Restart requirementA restart of the SQL Server instance is required if files are in use.

If a restart is required, the installer prompts or returns exit code 3010.
Removal informationUse Add or Remove Programs in Control Panel.
File informationFor GDR update of SQL Server 2012 Service Pack 3:
See Microsoft Knowledge Base article 3194721

For CU update of SQL Server 2012 Service Pack 3:
See Microsoft Knowledge Base article 3194724

SQL Server 2014 Service Pack 1

Reference table

The following table contains the security update information for this software.

Security update file namesFor GDR update of SQL Server 2012 Service Pack 1 for 32-bit Systems:
SQLServer2014-KB3194720-x64.exe
For GDR update of SQL Server 2012 Service Pack 1 for x64-based Systems:
SQLServer2014-KB3194720-x64.exe
For CU update of SQL Server 2012 Service Pack 1 for 32-bit Systems:
SQLServer2014-KB3194722-x64.exe
For CU update of SQL Server 2012 Service Pack 1 for x64-based Systems:
SQLServer2014-KB3194722-x64.exe
Installation switchesSee Microsoft Knowledge Base article 934307
Update log file%programfiles%\Microsoft SQL Server\120\Setup Bootstrap\LOG\<TimeStamp>\MSSQLServer\Summary_<MachineName>_<Timestamp>.txt
Special instructionsThis update is also offered to SQL Server 2014 Service Pack 1 (SP1) instances that are clustered.

To reduce downtime if your SQL Server 2014 SP1 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.
Restart requirementA restart of the SQL Server instance is required if files are in use.

If a restart is required, the installer prompts or returns exit code 3010.
Removal informationUse Add or Remove Programs in Control Panel.
File informationFor GDR update of SQL Server 2014 Service Pack 1:
See Microsoft Knowledge Base article 3194720

For CU update of SQL Server 2014 Service Pack 1:
See Microsoft Knowledge Base article 3194722

SQL Server 2014 Service Pack 2

Reference table

The following table contains the security update information for this software.

Security update file namesFor GDR update of SQL Server 2012 Service Pack 2 for 32-bit Systems:
SQLServer2014-KB3194714-x64.exe
For GDR update of SQL Server 2012 Service Pack 2 for x64-based Systems:
SQLServer2014-KB3194714-x64.exe
For CU update of SQL Server 2012 Service Pack 2 for 32-bit Systems:
SQLServer2014-KB3194718-x64.exe
For CU update of SQL Server 2012 Service Pack 2 for x64-based Systems:
SQLServer2014-KB3194718-x64.exe
Installation switchesSee Microsoft Knowledge Base article 934307
Update log file%programfiles%\Microsoft SQL Server\120\Setup Bootstrap\LOG\<TimeStamp>\MSSQLServer\Summary_<MachineName>_<Timestamp>.txt
Special instructionsThis update is also offered to SQL Server 2014 Service Pack 2 (SP2) instances that are clustered.

To reduce downtime if your SQL Server 2014 SP2 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.
Restart requirementA restart of the SQL Server instance is required if files are in use.

If a restart is required, the installer prompts or returns exit code 3010.
Removal informationUse Add or Remove Programs in Control Panel.
File informationFor GDR update of SQL Server 2012 Service Pack 2:
See Microsoft Knowledge Base article 3194714

For CU update of SQL Server 2012 Service Pack 2:
See Microsoft Knowledge Base article 3194718

SQL Server 2016

Reference table

The following table contains the security update information for this software.

Security update file namesFor GDR update of SQL Server 2016 for 32-bit Systems:
SQLServer2016-KB3194716-x64.exe
For GDR update of SQL Server 2016 for x64-based Systems:
SQLServer2016-KB3194716-x64.exe
For CU update of SQL Server 2016 for 32-bit Systems:
SQLServer2016-KB3194717-x64.exe
For CU update of SQL Server 2016 for x64-based Systems:
SQLServer2016-KB3194717-x64.exe
Installation switchesSee Microsoft Knowledge Base article 934307
Update log file%programfiles%\Microsoft SQL Server\130\Setup Bootstrap\LOG\<TimeStamp>\MSSQLServer\Summary_<MachineName>_<Timestamp>.txt
Special instructionsThis update is also offered to SQL Server 2016 instances that are clustered.

To reduce downtime if your SQL Server 2016 cluster has a passive node, Microsoft recommends that you scan and apply the update to the inactive node first, and then scan and apply it to the active node. After all components are updated on all nodes, the update will no longer be offered.
Restart requirementA restart of the SQL Server instance is required if files are in use.

If a restart is required, the installer prompts or returns exit code 3010.
Removal informationUse Add or Remove Programs in Control Panel.
File informationFor GDR update of SQL Server 2016:
See Microsoft Knowledge Base article 3194716

For CU update of SQL Server 2016:
See Microsoft Knowledge Base article 3194717

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
Properties

Article ID: 3199641 - Last Review: 11/08/2016 16:46:00 - Revision: 1.0

Microsoft SQL Server 2016 Developer, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2016 Enterprise Core, Microsoft SQL Server 2016 Express, Microsoft SQL Server 2016 Standard, Microsoft SQL Server 2014 Service Pack 1, Microsoft SQL Server 2012 Service Pack 3, Microsoft SQL Server 2012 Service Pack 2

  • kbsecvulnerability kbsecurity kbsecbulletin kbfix kbexpertiseinter kbbug atdownload KB3199641
Feedback