“SQL Server 2022’s First Update and Enhancements for Previous Versions”

# SQL Server 2022 Gets Its First Update! Plus 2019, 2017, 2016, 2014 Updates

Hey there, SQL Server aficionados! Gather ’round because we’ve got some exciting news hot off the press. If you’ve been eagerly waiting for updates on SQL Server 2022, your patience is about to pay off—well, sort of.

## The Big Reveal: SQL Server 2022 Update

First things first, let’s address the elephant in the room. No, the first Cumulative Update for SQL Server 2022 isn’t out yet. I know, I know, it’s been 91 days since the RTM (Release to Manufacturing) version came out, and you’re probably itching to get your hands on those fixes and new features. But hold your horses; good things come to those who wait!

If you’re encountering issues mentioned in the [release notes](https://learn.microsoft.com/en-us/sql/sql-server/sql-server-2022-release-notes), or if you’re looking forward to using Query Store for secondary replicas and failover capabilities with Azure SQL DB Managed Instances, you’ll need to hang tight a bit longer. These features are still in preview, and yes, it’s a bit puzzling why it’s called SQL Server 2022 when some features are still cooking.

## Security Updates Across the Board

But wait, there’s more! While SQL Server 2022’s first Cumulative Update is still on the horizon, all supported versions of SQL Server have received crucial security updates. These updates are aimed at addressing several remote code execution vulnerabilities. Here’s a quick rundown of the vulnerabilities patched:

– [CVE-2023-21528 – Microsoft SQL Server Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21528)
– [CVE-2023-21704 – Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21704)
– [CVE-2023-21705 – Microsoft SQL Server Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21705)
– [CVE-2023-21713 – Microsoft SQL Server Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21713)
– [CVE-2023-21718 – Microsoft SQL ODBC Driver Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21718)

## Intriguing Bugs and Fixes

The updates also address some rather interesting bugs. Here are a few highlights:

– **[2033045](https://support.microsoft.com/en-us/topic/kb5021045-description-of-the-security-update-for-sql-server-2014-sp3-cu4-february-14-2023-6c769b6c-beb7-4b65-ae22-29f3bbc2dd31#bkmk_2033045)**: An authenticated attacker could affect SQL Server memory when running a specially crafted CREATE or UPDATE STATISTICS statement. This impacts SQL performance and the Query Optimizer.

– **[2029156](https://support.microsoft.com/en-us/topic/kb5021045-description-of-the-security-update-for-sql-server-2014-sp3-cu4-february-14-2023-6c769b6c-beb7-4b65-ae22-29f3bbc2dd31#bkmk_2029156)**: Any member with the DQS KB Operator role or higher can run codes on the computer hosting SQL Server as the account running the SQL Server service. This affects Data Quality Services (DQS).

– **[2120756](https://support.microsoft.com/en-us/topic/kb5021045-description-of-the-security-update-for-sql-server-2014-sp3-cu4-february-14-2023-6c769b6c-beb7-4b65-ae22-29f3bbc2dd31#bkmk_2120756)**: In rare cases, a memory corruption in the ODBC driver can occur during communications between two SQL Server-based servers. This issue arises if the target SQL server uses a down-level version of the Tabular Data Stream (TDS) protocol, causing image data types to be decoded incorrectly on the client side.

– **[2094937](https://support.microsoft.com/en-us/topic/kb5021045-description-of-the-security-update-for-sql-server-2014-sp3-cu4-february-14-2023-6c769b6c-beb7-4b65-ae22-29f3bbc2dd31#bkm