Security Update for SQL Server 2016 SP2 (KB4532097)
This update refreshes Microsoft SQL Server 2016 SP2
Important! Selecting a language below will dynamically change the complete page content to that language.
Version:
13.0.5102.14
Date Published:
15/7/2024
File Name:
SQLServer2016-KB4532097-x64.exe
File Size:
495.2 MB
First Security Vulnerability fix:
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
To exploit the vulnerability, an authenticated attacker would need to submit a specially crafted page request to an affected Reporting Services instance.
The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests.
Second Security Vulnerability fix:
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content.
To exploit the vulnerability, an attacker would need to convince an authenticated user to click a specially-crafted link to an affected SSRS server.
The security update addresses the vulnerability by correcting SSRS URL sanitization.
For a complete listing of the issues resolved in this update, see the associated Microsoft Knowledge Base article - KB4532097
The following SQL Server security updates contain both SQL Server Reporting Services fixes are available for download:
Security Update for SQL Server 2016 SP2 CU11 (KB4535706)
Security Update for SQL Server 2016 SP2 GDR (KB4532097)Supported Operating Systems
Windows Server 2016, Windows Server 2019, Windows Server 2012, Windows Server 2012 R2, Windows 8, Windows 8.1, Windows 10
This update is applicable to SQL Server 2016 SP2 instances.- Download the appropriate file for your computer's processor by clicking one of the links below. You can run the package directly from the link or save it on your local disk to install at a later time.