SQL Server Security Updates Newsletter October/November

November 2024

• Security Update of SQL Server 2022 RTM CU16 KB Article:  KB5048033
• Security Update of SQL Server 2022 RTM GDR KB Article: KB5046861
• Security Update of SQL Server 2019 RTM CU KB Article: KB5046860
• Security Update of SQL Server 2019 RTM GDR KB Article: KB5046859
• Security Update of SQL Server 2017 RTM CU31 KB Article: KB5046858
• Security Update of SQL Server 2017 RTM GDR KB Article: KB5046857
• Security Update of SQL Server 2016 SP3 GDR KB Article: KB5046855
• Security Update for SQL Server 2016 SP3 Azure Connect Feature Pack: KB5046856

October 2024

• Security Update of SQL Server 2022 RTM CU15 KB Article: KB5046059
• Security Update of SQL Server 2022 RTM GDR KB Article: KB5046057
• Security Update of SQL Server 2019 RTM CU28 KB Article: KB5046060
• Security Update of SQL Server 2019 RTM GDR KB Article: KB5046056
• Security Update of SQL Server 2017 RTM CU31 KB Article: KB5046061
• Security Update of SQL Server 2017 RTM GDR KB Article: KB5046058
• Security Update of SQL Server 2016 SP3 GDR KB Article: KB5046063
• Security Update of SQL Server 2016 SP3 Azure Connect Feature Pack KB Article: KB5046062

SQL Server Scheduled Delivery Model

The SQL Server team uses a scheduled delivery model for releasing fixes and product updates. These security updates are part of Microsoft’s Servicing models for SQL Server that started with the release of SQL Server 2017. In the scheduled delivery model, a customer can receive a fix to address their most critical situations in a reasonable time. Therefore, the SQL Server team has created the following delivery mechanisms.

• A General Distribution Release (GDR) update is a patch that Microsoft releases for critical issues. They often address security problems, but not exclusively. They may be available through Windows Update and sometimes are delivered even when a version is no longer supported.
• A Cumulative Update (CU) release includes all the security fixes, improvements, and occasionally new features for a major version of SQL Server since its Release to Manufacture (RTM). These are available every month for the first year of a version, and then approximately every two months until the version stops receiving mainstream support (typically 4-5 years). As of January 2024, both SQL Server 2019 and 2022 are on a bi-monthly servicing release schedule.

You can choose either GDR or CU updates depending on your corporate policy or patching plan, but you cannot easily switch from CU to GDR. It is recommended to stay up to date on the CU path and test the updates in a development or staging environment before deploying to production. So why choose the GDR path? One main reason is that testing non-critical fixes can be costly and time-consuming. An organization may lack the resources to verify all the possible changes, so only critical GDR updates are implemented in those environments.

To see which current GDR or CU update is available, first determine which version and edition of SQL Server Database Engine is running. Next, download the SQL Server builds Excel workbook from https://aka.ms/sqlserverbuilds that contains a summary list of builds and their current support lifecycle.  The Excel file also contains detailed fix lists for SQL Server 2022, SQL Server 2019, and SQL Server 2017.