Latest Builds of SQL Server 2016

Last updated: June 17th, 2022

SQL Server 2016 was originally released on June 1st, 2016. It is the last major version of SQL Server to provide servicing explicitly through Service Packs (2017 & 2019 both only have GDR & Cumulative Update branches).

After SQL Server 2016 went out of mainstream support on July 13th, 2021, Microsoft has made a final service pack available. Download here and see the announcement blog post here.

I highly recommend being on Service Pack 3, as the other branches have been retired, though there will be no further updates to any branch outside of critical security patches. To see why you want to be on at least Service Pack 1, read this post and this post.

Label	Build #	Date	Fixes
Service Pack 3 + Azure Connect Feature Pack
In May 2022, Microsoft released an optional feature pack with a number of enhancements, mostly to aid interop with Azure SQL Managed Instance. This bumps the engine version to 13.0.7000+
CVE-2022-29143	13.0.7016.1	2022-06-14	1
From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index."
Azure Connect Feature Pack	13.0.7000.253	2022-05-19	5

Service Pack 3
Label	Build #	Date	Fixes
CVE-2022-29143	13.0.6419.1	2022-06-14	1
From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index."
On-Demand Hotfix Package #5006943	13.0.6404.1	2021-10-28	2
This isn't a critical issue for all customers but, if you use Change Tracking or FileTable, it's worth checking out.
Service Pack 3	13.0.6300.2	2021-09-15	43

Service Pack 2 – Out of Support (but click if really you want to see)
Label	Build #	Date	Fixes (Public)
CVE-2022-29143	13.0.5893.48	2022-06-14	1
From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index."
Cumulative Update #17	13.0.5888.11	2021-03-29	20 (17)
Cumulative Update #16	13.0.5882.1	2021-02-11	22 (21)
Security Update for CU #15 CVE-2021-1636	13.0.5865.1	2021-01-12	1
This security update addresses an escalation of privilege vulnerability described in CVE-2021-1636. It is also being pushed via Windows Update, so you may get this sooner than you expect it.
Cumulative Update #15	13.0.5850.14	2020-09-28	21 (20)
Cumulative Update #14	13.0.5830.85	2020-08-06	18 (16)
Cumulative Update #13	13.0.5820.21	2020-05-28	29 (26)
Cumulative Update #12	13.0.5698.0	2020-02-25	39 (33)
Security Update (CVE-2020-0618)	13.0.5622.0	2020-02-11	1
Fixes a remote code execution vulnerability in Reporting Services.
Cumulative Update #11	13.0.5598.27	2019-12-09	29 (26)
Cumulative Update #10	13.0.5492.2	2019-10-08	21 (21)
Cumulative Update #9	13.0.5479.0	2019-09-30	21 (21)
⚠️ CU #9 was quickly replaced – please move to a later CU.
Cumulative Update #8	13.0.5426.0	2019-07-31	33 (28)
Cumulative Update #7 On-Demand Package #2	13.0.5382.0	2019-07-09	1
Security Update (CVE-2019-1068)	13.0.5366.0	2019-07-09	1
Cumulative Update #7 On-Demand Package #1	13.0.5343.1	2019-06-24	2
Cumulative Update #7	13.0.5337.0	2019-05-22	28 (27)
Cumulative Update #6	13.0.5292.0	2019-03-19	29 (24)
On-Demand Hotfix for SP2 CU #5 KB #4490133	13.0.5270.0	2019-02-20	1
Cumulative Update #5	13.0.5264.1	2019-01-23	52 (43)
On-Demand Hotfix for SP2 CU #4 KB #4482972	13.0.5237.0	2018-12-20	3
The KB article says 13.0.5239.0 but when I installed this build I ended up with 13.0.5237.0.
Cumulative Update #4	13.0.5233.0	2018-11-13	42 (36)
Hotfix #4466793 Hotfix #4466994	13.0.5221.0	2018-10-09	2
Cumulative Update #3	13.0.5216.0	2018-09-20	41 (27)
⚠️ DO NOT USE – see the warning in KB #4458871.
CVE-2018-8273 (CU) KB #4458621 (Download)	13.0.5201.2	2018-08-20	1
The original release for the SP2 CU security fix (below) had some undocumented trace flags enabled, and so the patch was pulled and re-released (see this post and this post).
CVE-2018-8273 KB #4293807 (Pulled)	13.0.5161.0	2018-08-14	1
Cumulative Update #2	13.0.5153.0	2018-07-16	29 (21)
Cumulative Update #1	13.0.5149.0	2018-06-27	45 (28)
SP2 GDR builds below – for non-CU path (don't do this)
CVE-2022-29143	13.0.5108.50	2022-06-14	1
From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index."
GDR Security Update (CVE-2021-1636)	13.0.5103.6	2021-01-12	1
This security update addresses an escalation of privilege vulnerability described in CVE-2021-1636. It is also being pushed via Windows Update, so you may get this sooner than you expect it.
GDR Security Update (CVE-2020-0618)	13.0.5102.14	2020-02-11	1
Fixes a remote code execution vulnerability in Reporting Services.
GDR Security Update (CVE-2019-1068)	13.0.5101.9	2019-07-09	1
GDR Security Update (CVE-2018-8273)	13.0.5081.1	2018-08-22	1
Service Pack 2	13.0.5026.0	2018-04-09	75 (75)
Service Pack 1 – Out of Support (but click if really you want to see)
Label	Build #	Date	Fixes (Public)
CVE-2019-1068 Security Update	13.0.4604.0	2019-07-09	1
KB #4508471	13.0.4577.0	2019-06-20	1
Cumulative Update #15	13.0.4574.0	2019-05-16	7 (7)
Cumulative Update #14	13.0.4560.0	2019-03-19	7 (7)
Cumulative Update #13	13.0.4550.1	2019-01-23	12 (9)
Cumulative Update #12	13.0.4541.0	2018-11-13	21 (16)
KB #4465443	13.0.4531.0	2018-09-27	1
Cumulative Update #11	13.0.4528.0	2018-09-17	14 (8)
CVE-2018-8273 (CU) KB #4293808 (Download)	13.0.4522.0	2018-08-14	1
Cumulative Update #10	13.0.4514.0	2018-07-16	26 (21)
Cumulative Update #9	13.0.4502.0	2018-05-30	39 (25)
Cumulative Update #8	13.0.4474.0	2018-03-19	57 (37)
Cumulative Update #7	13.0.4466.4	2018-01-03	29 (22)
Cumulative Update #6	13.0.4457.0	2017-11-21	55 (41)
Cumulative Update #5	13.0.4451.0	2017-09-18	49 (44)
Cumulative Update #4	13.0.4446.0	2017-08-08	63 (49)
Cumulative Update #3	13.0.4435.0	2017-05-15	70 (57)
Cumulative Update #2	13.0.4422.0	2017-03-20	117 (100)
Cumulative Update #1	13.0.4411.0	2017-01-06	63 (55)
SP1 GDR builds below – for non-CU path
CVE-2019-1068 GDR Security Update	13.0.4259.0	2019-07-09	1
CVE-2018-8273 (GDR) KB #4458842 (Download)	13.0.4224.16	2018-08-22	1
The original release for the SP1 GDR security fix (below) caused an issue with CEIP, and so the patch was pulled and re-released (see this post).
CVE-2018-8273 (GDR) KB #4293801 (Pulled)	13.0.4223.10	2018-08-14	1
Security Advisory ADV180002 KB #4057118 (GDR)	13.0.4210.6	2018-01-03	1
Security Bulletin CVE-2017-8516 KB #4019089 (GDR)	13.0.4206.0	2017-07-16	1
COD Hotfix 3210089 (GDR – MDS Update)	13.0.4202	2016-12-16	3 (3)
COD Hotfix 3207512 (GDR – SSRS Update)	13.0.4199	2016-11-23	2 (2)
Service Pack 1	13.0.4001	2016-11-16	33 (33)
RTM – Out of Support (but click if really you want to see)
Label	Build #	Date	Fixes (Public)
Security Advisory ADV180002 KB #4058559 (CU)	13.0.2218.0	2018-01-06	1
Cumulative Update #9	13.0.2216.0	2017-11-21	26 (21)
Cumulative Update #8	13.0.2213.0	2017-09-18	19 (17)
Cumulative Update #7	13.0.2210.0	2017-08-08	33 (30)
Cumulative Update #6	13.0.2204.0	2017-05-15	28 (22)
Cumulative Update #5	13.0.2197.0	2017-03-20	56 (47)
Cumulative Update #4	13.0.2193.0	2017-01-18	65 (57)
COD Hotfix for CU3 (MDS)	13.0.2190.2	2016-12-16	3 (3)
Cumulative Update #3 Security Bulletin MS16-136 KB #3194717	13.0.2186.6	2016-11-08	31 (31)
COD Hotfix 3199171	13.0.2170.0	2016-11-01	4 (4)
COD Hotfix 3195813	13.0.2169.0	2016-10-26	4 (4)
Cumulative Update #2	13.0.2164.0	2016-09-22	68 (64)
Cumulative Update #1	13.0.2149.0	2016-07-25	192 (146)
RTM & GDR builds below – for non-CU path
Security Advisory ADV180002 KB #4058560 (GDR)	13.0.1745.2	2018-01-06	1
Security Bulletin CVE-2017-8516 KB #4019088 (GDR)	13.0.1742.0	2017-07-16	1
GDR Update (MDS)	13.0.1728.2	2016-12-16	3 (3)
Security Bulletin MS16-136 KB #3194716	13.0.1722.0	2016-11-08	1
GDR for SSAS KB #3179258	13.0.1711.0	2016-08-17	1
MSVCRT GDR (KB #3164398)	13.0.1708.0	2016-06-04	1
RTM	13.0.1601.5	2016-06-01