KB5063760 - Description of the security update for SQL Server 2017 GDR: August 12, 2025

Applies To
SQL Server 2017 on Windows SQL Server 2017 on Linux

Summary

This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

The Microsoft SQL Server components are updated to the following builds in this security update:

  • SQL Server - Product version: 14.0.2080.1, file version: 2017.140.2080.1

Improvements and fixes included in this update

A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now.

Note

Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table.

Bug reference Description Fix area Component Platform
4424549 Fixes a SQL injection vulnerability in a system stored procedure. SQL Server Engine High Availability and Disaster Recovery All
4432600 Prevents logins with the ALTER ANY LOGIN permission from resetting the passwords of logins that have ALTER ANY LOGIN or IMPERSONATE ANY LOGIN permissions to avoid elevation of privilege. SQL Server Engine Security Infrastructure All
4435171 Prevents elevation of privilege by running SQL Agent job steps for built-in jobs with reduced permissions. SQL Server Engine SQL Agent All
4286259 Fixes a vulnerability that lets users who have access to certain stored procedures perform SQL injection and run arbitrary code by using elevated privileges. SQL Server Engine SQL Server Engine All

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Note The detection logic has been updated for this and future security releases that are posted to the Microsoft Update Catalog website. For more information, see Updates to the Microsoft Update detection logic for SQL Server servicing.

Method 3: Microsoft Download Center

The following file is available for downloading from the Microsoft Download Center:

Download icon Download the package now

For more information about how to download Microsoft support files, see the following Knowledge Base article:

How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses by using the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to it.

Important

If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Note

This update is made available through the Microsoft Update Catalog for all servers that are running SQL Server, even if Reporting Services is not installed. Installing this security update is optional for computers that do not host Microsoft SQL Server Reporting Services.

More information

Prerequisites

To apply this update, you must have SQL Server 2017 or any SQL Server 2017 GDR release through this SQL Server 2017 GDR installed.

Security update deployment information

For deployment information about this update, see Deployments - Security Update Guide.

File hash information

File name SHA256 hash
SQLServer2017-KB5063760-x64.exe F7E93DA680C1461B5D4F182595FC1875316FCD825A5B04586380D6CBC80A5779

File information

The English version of this package has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported x64-based versions - Download the list of files that are included in security update ​​​​​​​5063760.

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security