Not a user yet?
Log in Register for free Suggest a product
Update

KB5090347: fix addresses an XML external entity (XXE) vulnerability

SQL Server 2017SQL Server 2017
Microsoft

KB5090347 - Description of the security update for SQL Server 2017 GDR: May 12, 2026

Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

  • CVE-2026-40370 - SQL Server Remote Code Execution Vulnerability​​​​​​​​​​​​​​

The Microsoft SQL Server components are updated to the following builds in this security update:

  • SQL Server - product version: 14.0.2110.2, file version: 2017.140.2110.2

Improvements and fixes included in this update
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists.

Bug FIxes:

  • 5131020: This fix addresses an XML external entity (XXE) vulnerability in the Web Service Task that allows an attacker to read arbitrary files from the local file system or cause a denial-of-service (DoS) attack.
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad