Applies To
SQL Server 2025 on Windows (all editions), SQL Server 2025 on Linux (all editions)
Release date: July 14, 2026
Version: 17.0.4060.2
- Summary
- Known issues in this update
- Improvements and fixes included in this update
- How to obtain and install the update
- How to obtain or download the latest cumulative update package for Linux
- More information
- File information
- Information about protection and security
Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:
- CVE-2026-47295 - Microsoft SQL Server Elevation of Privilege Vulnerability
- CVE-2026-47296 - Microsoft SQL Server Elevation of Privilege Vulnerability
- CVE-2026-50468 - Microsoft SQL Server Information Disclosure Vulnerability
- CVE-2026-54116 - Windows MultiPoint Services Elevation of Privilege Vulnerability
- CVE-2026-54117 - Microsoft SQL Server Remote Code Execution Vulnerability
- CVE-2026-54118 - Microsoft SQL Server Remote Code Execution Vulnerability
- CVE-2026-55002 - Microsoft SQL Server Elevation of Privilege Vulnerability
The Microsoft SQL Server components are updated to the following builds in this security update:
- SQL Server - product version: 17.0.4060.2, file version: 2025.170.4060.2
Important
To help secure SQL Server on Windows, enable encryption with Extended Protection.
Known issues in this update
Linked server queries that use MSDASQL fail with error 7416
Linked server queries that use the MSDASQL (OLE DB Provider for ODBC Drivers) provider and specify a provider string (@provstr) fail and return the following error message:
Msg 7416, Level 16
Access to the remote server is denied because no login-mapping exists.
A stricter connection validation check in the Database Engine can reject connections for certain linked server configurations that use the MSDASQL provider, even if earlier builds allowed those connections.
For more information and workarounds, see Linked server queries that use MSDASQL fail with error 7416.
Improvements and fixes included in this update
A downloadable Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now.
Note
Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table.
| Bug reference | Description | Fix area | Component | Platform |
|---|---|---|---|---|
| 5340799 | This fix resolves an insecure deserialization vulnerability in MessageQueueTask by removing support for the legacy BinaryMessageFormatter (2000 format). MessageQueueTask prevents remote code execution from untrusted Microsoft Message Queuing (MSMQ) messages. | Integration Services | Integration Services | Windows |
| 5340800 | This fix resolves an insecure deserialization vulnerability in MessageQueueTask by restricting SoapFormatter deserialization that uses an allow list binder. The restriction prevents remote code execution (RCE) from untrusted Microsoft Message Queuing (MSMQ) message. | Integration Service | Integration Service | Windows |
| 5266554 | This fix prevents unintended EXECUTE permission inheritance for EXTERNAL MODEL objects if a newly created principal reuses the same ID as a previously existing principal that had this permission. | SQL Server Engine | Metadata | Windows |
| 5332047 | This fix addresses a vulnerability in SQL Server in which vector intrinsics (VECTOR_DISTANCE, VECTOR_NORM, and VECTOR_NORMALIZE) leak sqlservr.exe process memory to low‑privilege, authenticated SQL Server users if the distance metric or norm algorithm is specified as varchar(max). |
SQL Server Engine | Programmability | Linux, Windows |
| 5337381 | This fix resolves a memory leak that occurs if the sys.dm_exec_input_buffer dynamic management function (DMF) or the DBCC INPUTBUFFER command is used. |
SQL Server Engine | Query Execution | Linux, Windows |
| 5336749 | This fix addresses input validation and sanitization of user input for a parameter that's passed to an internal replication stored procedure by validating and sanitizing the input before the stored procedure uses it. | SQL Server Engine | Replication | Linux, Windows |
| 5263357 | This fix resolves an SQL injection vulnerability in SQL Server in which improper neutralization of special elements in SQL Server commands allows an authenticated attacker to elevate privileges over a network. | SQL Server Engine | SQL Agent | Linux, Windows |
How to obtain and install the update
Method 1: Windows Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Note
- The detection logic has been updated for this and future security releases that are posted to the Microsoft Update Catalog website. For more information, see Updates to the Microsoft Update detection logic for SQL Server servicing.
- This update is made available through the Microsoft Update Catalog for all servers that are running SQL Server, even if Power BI Report Server is not installed. Installing this security update is optional for computers that do not host Power BI Report Server. For more information, see Download Power BI Report Server.
Method 3: Microsoft Download Center
The following file is available for download from the Microsoft Download Center:
How to obtain or download the latest cumulative update package for Linux
To update SQL Server 2025 on Linux to the latest CU, you must first have the Cumulative Update repository configured. Then, update your SQL Server packages by using the appropriate platform-specific update command.
For installation instructions and direct links to the CU package downloads, see the SQL Server 2025 Release Notes.
More information
Prerequisites
To apply this update, you must have SQL Server 2025 or any SQL Server 2025 CU release through this SQL Server 2025 CU6 GDR installed.
Security update deployment information
For deployment information about this update, see Deployments - Security Update Guide.
File hash information
| File name | SHA256 hash |
|---|---|
| SQLServer2025-KB5101346-x64.exe | 7C11D53C5C4F84176C84A0A578FE8F2F953EE2A4F986D4AAB70A0C4833B1E804 |
File information
The English version of this package has the file attributes (or later file attributes) that are listed in the following worksheet. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x64-based versions - Download the list of files that are included in security update 5101346.
Information about protection and security
Protect yourself online: Windows Security support
Learn how we guard against cyber threats: Microsoft Security