Trace Id is missing

Maximize the everyday with Microsoft 365

Get online protection, secure cloud storage, and innovative apps designed to fit your needs—all in one plan.
A young woman works on a Surface laptop while Microsoft 365 App icons whirl around her head.

Security Update for SQL Server 2014 SP3 CU4 (KB4535288)

This update refreshes Microsoft SQL Server 2014 SP3 CU4

Important! Selecting a language below will dynamically change the complete page content to that language.

  • Version:

    12.0.6372.1

    Date Published:

    2/11/2020

    File Name:

    SQLServer2014-KB4535288-x64.exe

    SQLServer2014-KB4535288-x86.exe

    File Size:

    604.5 MB

    379.3 MB

    A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
    To exploit the vulnerability, an authenticated attacker would need to submit a specially crafted page request to an affected Reporting Services instance.
    The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests.

    For a complete listing of the issues resolved in this update, see the associated Microsoft Knowledge Base article - KB4535288

    The following SQL Server security updates contain this SQL Server Reporting Services fix and are available for download:
    Security Update for SQL Server 2016 SP2 CU11 (KB4535706)

    Security Update for SQL Server 2016 SP2 GDR (KB4532097)

    Security Update for SQL Server 2014 SP3 CU4 (KB4535288)

    Security Update for SQL Server 2014 SP3 GDR (KB4532095)

    Security Update for SQL Server 2012 SP4 GDR (KB4532098)

  • Supported Operating Systems

    Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows 10, Windows 8.1

    This update is applicable to SQL Server 2014 SP3 CU instances.
  • This update refreshes Microsoft SQL Server 2014 SP3 CU that have had a Cumulative Update applied (versions 12.0.6205.1(CU1) - 12.0.6329.1(CU4). After you install this update, you may have to restart your computer. For Microsoft SQL Server 2014 SP3 instances that have not had any Cumulative Update applied (versions 12.0.6024.0 - 12.0.6108.1), please see Security Update for SQL Server 2014 SP3 GDR (KB4532095).

Follow Microsoft