A new build is available for SQL Server 2016 SP2 and SP3. From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index."
There are two fixes in this hotfix update package, involving FileTable and Change Tracking.
SQL Server 2016 SP2 Cumulative Update #17 is available, with 20 enhancements. The build number is 13.0.5888.11.
SQL Server 2016 SP2 Cumulative Update #15 is available, with 21 enhancements. The build number is 13.0.5850.14.
SQL Server 2016 SP2 Cumulative Update #14 is available, with 18 enhancements. The build number is 13.0.5830.85.
See how to work around some of the blockers for replacing legacy UDFs with STRING_SPLIT.
SQL Server 2016 SP2 Cumulative Update #13 is available, with 29 enhancements. The build number is 13.0.5820.21.
Cumulative Updates for SQL Server 2019, SQL Server 2017, and SQL Server 2016 SP2 have been pushed back a month or more due to our current health crisis.
In this tip, I show how to measure the positive effects of delayed durability, in cases where a small amount of data loss is acceptable.
Security updates were released today to patch a remote code execution vulnerability in Reporting Services, but I would install the patch even if you're not running SSRS.