Patch Tuesday 2021-01-12 : SQL Server Updates

Patches are available for several versions of SQL Server today, addressing an elevation of privilege vulnerability. There isn't much detail available except that it pertains to Extended Events. More details:

Elevation of Privilege Vulnerability
Common Vulnerabilities and Exposures : CVE-2021-1636
KB #4583468 – Microsoft SQL Server elevation of privilege vulnerability

There are patches for GDR or CU for all supported versions of SQL Server (except 2012 SP4 which doesn't have a CU branch). Find the download for your version on the appropriate page:

SQL Server 2012 SP4
SQL Server 2014 SP3
SQL Server 2016 SP2
SQL Server 2017
SQL Server 2019

If there isn't a fix available for your branch, it might be time to consider moving to a supported version.

By: Aaron Bertrand

I am a passionate technologist with industry experience dating back to Classic ASP and SQL Server 6.5. I am a long-time Microsoft MVP, write at Simple Talk, SQLPerformance, and MSSQLTips, and have had the honor of speaking at more conferences than I can remember. In non-tech life, I am a husband, a father of two, a huge hockey and football fan, and my pronouns are he/him.