KB5102335 - Description of the security update for SQL Server 2019 CU32: July 14, 2026

Applies To
SQL Server 2019 on Windows SQL Server 2019 on Linux

Release date: July 14, 2026

Version: 15.0.4480.2

Summary

This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

The Microsoft SQL Server components are updated to the following builds in this security update:

  • SQL Server - product version: 15.0.4480.2 file version: 2019.150.4480.2

Important

To help secure SQL Server on Windows, enable encryption with Extended Protection.

Known issues in this update

Linked server queries that use MSDASQL fail with error 7416

Linked server queries that use the MSDASQL (OLE DB Provider for ODBC Drivers) provider and specify a provider string (@provstr) fail and return the following error message:

Msg 7416, Level 16
Access to the remote server is denied because no login-mapping exists.

A stricter connection validation check in the Database Engine can reject connections for certain linked server configurations that use the MSDASQL provider, even if earlier builds allowed those connections.

For more information and workarounds, see Linked server queries that use MSDASQL fail with error 7416.

Improvements and fixes included in this update

A downloadable Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now.

Note

Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table.

Bug reference Description Fix area Component Platform
5298251 This resolves an insecure deserialization vulnerability in MessageQueueTask by restricting SoapFormatter deserialization that uses an allow list binder. The restriction prevents remote code execution (RCE) from untrusted Microsoft Message Queuing (MSMQ) message. Integration Services Integration Services Windows
5335933 This fix resolves a memory leak that occurs if the sys.dm_exec_input_buffer dynamic management function (DMF) or the DBCC INPUTBUFFER command is used. SQL Server Engine Query Execution Linux, Windows
5336755 This fix addresses input validation and sanitization of user input for a parameter that's passed to an internal replication stored procedure by validating and sanitizing the input before the stored procedure uses it. SQL Server Engine Replication Linux, Windows
5196014 This fix resolves an SQL injection vulnerability in SQL Server in which improper neutralization of special elements in SQL Server commands allows an authenticated attacker to elevate privileges over a network. SQL Server Engine SQL Agent Linux, Windows

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Note

  • The detection logic has been updated for this and future security releases that are posted to the Microsoft Update Catalog website. For more information, see Updates to the Microsoft Update detection logic for SQL Server servicing.
  • This update is made available through the Microsoft Update Catalog for all servers that are running SQL Server, even if Reporting Services is not installed. Installing this security update is optional for computers that do not host Microsoft SQL Server Reporting Services.

Method 3: Microsoft Download Center

The following file is available for download from the Microsoft Download Center:

Download icon Download the package now

How to obtain or download the latest cumulative update package for Linux

To update SQL Server 2019 on Linux to the latest CU, you must first have the Cumulative Update repository configured. Then, update your SQL Server packages by using the appropriate platform-specific update command.

For installation instructions and direct links to the CU package downloads, see the SQL Server 2019 Release Notes.

More information

Prerequisites

To apply this update, you must have SQL Server 2019 or any SQL Server 2019 CU release through this SQL Server 2019 CU32 GDR installed.

Security update deployment information

For deployment information about this update, see Deployments - Security Update Guide.

File hash information

File name SHA256 hash
SQLServer2019-KB5102335-x64.exe 9BB74619EC20AD10710EBD3B556BFE3641089D8C26263086EA0ECBFFC361F275

File information

The English version of this package has the file attributes (or later file attributes) that are listed in the following worksheet. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported x64-based versions - Download the list of files that are included in security update 5102335.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security