Trace Id is missing

Unlock your potential with Microsoft Copilot

Get things done faster and unleash your creativity with the power of AI anywhere you go.
Download the Copilot app
Microsoft Copilot app being utilized to generate pictures of a singing dog, assisting to identify a flower, and helping to generate an email to congratulate a coworker on a promotion.

Security Update for SQL Server 2016 SP2 CU11 (KB4535706)

This update refreshes Microsoft SQL Server 2016 SP2 CU11

Important! Selecting a language below will dynamically change the complete page content to that language.

Download

  • Version:

    13.0.5622.0

    Date Published:

    2/11/2020

    File Name:

    SQLServer2016-KB4535706-x64.exe

    File Size:

    752.4 MB

    First Security Vulnerability fix:
    A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
    To exploit the vulnerability, an authenticated attacker would need to submit a specially crafted page request to an affected Reporting Services instance.
    The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests.

    Second Security Vulnerability fix:
    A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content.
    To exploit the vulnerability, an attacker would need to convince an authenticated user to click a specially-crafted link to an affected SSRS server.
    The security update addresses the vulnerability by correcting SSRS URL sanitization.

    For a complete listing of the issues resolved in this update, see the associated Microsoft Knowledge Base article - KB4535706

    The following SQL Server security updates contain both SQL Server Reporting Services fixes are available for download:
    Security Update for SQL Server 2016 SP2 CU11 (KB4535706)
    Security Update for SQL Server 2016 SP2 GDR (KB4532097)

  • Supported Operating Systems

    Windows Server 2016, Windows Server 2019, Windows 10, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2

    This update is applicable to SQL Server 2016 SP2 CU instances.

  • This update refreshes Microsoft SQL Server 2016 SP2 CU that have had a Cumulative Update applied (versions 13.0.5149.0(CU1) - 13.0.5598.27(CU11).

    After you install this update, you may have to restart your computer.

    For Microsoft SQL Server 2016 SP2 instances that have not had any Cumulative Update applied (version 13.0.5026.0-13.0.5101.9), please see Security Update for SQL Server 2016 SP2 GDR (KB4532097).

Follow Microsoft
Back To Top