Not a user yet?
Log in Register for free Suggest a product
Update

KB5063814: Prevents elevation of privilege by running SQL Agent

SQL Server 2022SQL Server 2022
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

KB5063814 - Description of the security update for SQL Server 2022 CU20: August 12, 2025

Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

  • CVE-2025-47954 - Microsoft SQL Server Elevation of Privilege Vulnerability
  • CVE-2025-49758 - Microsoft SQL Server Elevation of Privilege Vulnerability
  • CVE-2025-24999 - Microsoft SQL Server Elevation of Privilege Vulnerability
  • CVE-2025-49759 - Microsoft SQL Server Elevation of Privilege Vulnerability
  • CVE-2025-53727 - Microsoft SQL Server Elevation of Privilege Vulnerability

The Microsoft SQL Server components are updated to the following builds in this security update.

  • SQL Server - Product version: 16.0.4210.1, file version: 2022.160.4210.1

Improvements and fixes included in this update

  • Bug reference: 4419891
    Description: Fixes a SQL injection vulnerability in a system stored procedure.
    Fix area: SQL Server Engine
    Component: High Availability and Disaster Recovery
    Platform: All
  • Bug reference: 4419744
    Description: Fixes a SQL injection vulnerability in a system stored procedure.
    Fix area: SQL Server Engine
    Component: Metadata
    Platform: All
  • Bug reference: 4285851
    Description: Fixes a vulnerability that lets users who have access to certain stored procedures perform SQL injection and run arbitrary code by using elevated privileges.
    Fix area: SQL Server Engine
    Component: Security Infrastructure
    Platform: Windows
  • Bug reference: 4424575
    Description: Prevents logins with the ALTER ANY LOGIN permission from resetting the passwords of logins that have ALTER ANY LOGIN or IMPERSONATE ANY LOGIN permissions to avoid elevation of privilege.
    Fix area: SQL Server Engine
    Component: Security Infrastructure
    Platform: All
  • Bug reference: 4437714
    Description: Prevents elevation of privilege by running SQL Agent job steps for built-in jobs with reduced permissions.
    Fix area: SQL Server Engine
    Component: SQL Agent
    Platform: All
  • Bug reference: 4285486
    Description: Fixes a vulnerability that lets users who have access to certain stored procedures perform SQL injection and run arbitrary code by using elevated privileges.
    Fix area: SQL Server Engine
    Component: SQL Server Engine
    Platform: All
Version: 16.0.4210.1 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft SQL Server 2022 updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad