SQL Server 2017 was made generally available on Windows, Linux, and Docker on October 2nd, 2017. Download the free Express / Eval / Developer editions.
For Windows, the latest CU is always available here. If you're running on Linux, you can navigate through the 1991-esque packages.microsoft.com to find the latest update, check how to configure local repositories here and here, and follow this page for all mainstream updates and out-of-band security fixes.
Please read this note on GitHub if you used Query Store on RTM, CU1, or CU2. There is an important script you need to run to patch Query Store data.
| Label | Build # | KB Article | Date | Fixes (public) |
|---|---|---|---|---|
| Cumulative Update #31 | 14.0.3456.2 | KB #5016884 | 2022-09-20 | 24 (20) |
| Cumulative Update #30 | 14.0.3451.2 | KB #5013756 | 2022-07-13 | 8 (8) |
| Security Update for CU #29 CVE-2022-29143 |
14.0.3445.2 | KB #5014553 | 2022-06-14 | 1 |
From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index." |
||||
| Cumulative Update #29 | 14.0.3436.1 | KB #5010786 | 2022-03-30 | 18 (16) |
| Cumulative Update #28 | 14.0.3430.2 | KB #5008084 | 2022-01-13 | 10 (9) |
| Cumulative Update #27 | 14.0.3421.10 | KB #5006944 | 2021-10-27 | 14 (12) |
| Cumulative Update #26 | 14.0.3411.3 | KB #5005226 | 2021-09-14 | 31 (22) |
| Cumulative Update #25 | 14.0.3401.7 | KB #5003830 | 2021-07-12 | 19 (18) |
| Cumulative Update #24 | 14.0.3391.2 | KB #5001228 | 2021-05-10 | 30 (24) |
| Cumulative Update #23 | 14.0.3381.3 | KB #5000685 | 2021-02-24 | 58 (47) |
| Security Update for CU #22 CVE-2021-1636 |
14.0.3370.1 | KB #4583457 | 2021-01-12 | 1 |
This security update addresses an escalation of privilege vulnerability described in CVE-2021-1636. It is also being pushed via Windows Update, so you may get this sooner than you expect it. |
||||
| Cumulative Update #22 | 14.0.3356.20 | KB #4577467 | 2020-09-10 | 42 (38) |
| Cumulative Update #21 | 14.0.3335.7 | KB #4557397 | 2020-07-01 | 35 (34) |
| Cumulative Update #20 | 14.0.3294.2 | KB #4541283 | 2020-04-07 | 40 (36) |
| Cumulative Update #19 | 14.0.3281.6 | KB #4535007 | 2020-02-05 | 38 (31) |
| Cumulative Update #18 | 14.0.3257.3 | KB #4527377 | 2019-12-09 | 35 (28) |
| Cumulative Update #17 | 14.0.3238.1 | KB #4515579 | 2019-10-08 | 41 (34) |
| Cumulative Update #16 | 14.0.3223.3 | KB #4508218 | 2019-08-01 | 50 (37) |
| On-Demand Update Package 2 | 14.0.3208.1 | KB #4510083 | 2019-07-09 | 1 |
| CVE-2019-1068 CU15 Security Update |
14.0.3192.2 | KB #4505225 | 2019-07-09 | 1 |
| On-Demand Update Package | 14.0.3164.1 | KB #4506633 | 2019-06-20 | 1 |
| Cumulative Update #15 | 14.0.3162.1 | KB #4498951 | 2019-05-23 | 52 (45) |
| ⚠️ Caution – If you use Availability Groups and need to back up only on the preferred replica, avoid this Cumulative Update, as there is an issue where fn_hadr_backup_is_preferred_replica fails. See KB #4498951. | ||||
| CVE-2019-0819 CU 14 Security Update |
14.0.3103.1 | KB #4494352 | 2019-05-14 | 1 |
| Cumulative Update #14 | 14.0.3076.1 | KB #4484710 | 2019-03-25 | 51 (34) |
| Critical On-Demand Hotfix for Cumulative Update #13 |
14.0.3049.1 | KB #4483666 | 2019-01-08 | 3 (3) |
| Cumulative Update #13 | 14.0.3048.4 | KB #4466404 | 2018-12-18 | 62 (50) |
| Cumulative Update #12 | 14.0.3045.24 | KB #4464082 | 2018-10-24 | 22 (18) |
| CU #12 includes the ability to see details behind string or binary data truncation using Trace Flag 460. | ||||
| Cumulative Update #11 | 14.0.3038.14 | KB #4462262 | 2018-09-20 | 21 (14) |
| Cumulative Update #10 | 14.0.3037.1 | KB #4342123 | 2018-08-28 | 30 (22) |
| CVE-2018-8273 (CU) (Download) |
14.0.3035.2 | KB #4293805 | 2018-08-14 | 1 |
| Cumulative Update #9 | 14.0.3030.27 | KB #4341265 | 2018-07-18 | 27 (18) |
| Cumulative Update #8 | 14.0.3029.16 | KB #4338363 | 2018-06-21 | 60 (34) |
| Cumulative Update #7 | 14.0.3026.27 | KB #4229789 | 2018-05-24 | 47 (28) |
| Cumulative Update #6 | 14.0.3025.34 | KB #4101464 | 2018-04-19 | 39+ (38) |
| Cumulative Update #5 | 14.0.3023.8 | KB #4092643 | 2018-03-20 | 22 (13) |
| Cumulative Update #4 | 14.0.3022.28 | KB #4056498 | 2018-02-20 | 81 (55) |
| Cumulative Update #3 | 14.0.3015.40 | KB #4052987 | 2018-01-03 | 23 (16) |
| Cumulative Update #2 | 14.0.3008.27 | KB #4052574 | 2017-11-28 | 56 (33) |
| Cumulative Update #1 | 14.0.3006.16 | KB #4038634 | 2017-10-24 | 72 (68) |
| GDR builds below – for non-CU path | ||||
| GDR Security Update CVE-2022-29143 |
14.0.2042.3 | KB #5014354 | 2022-06-14 | 1 |
From the CVE: "An authenticated attacker could exploit the vulnerability by executing a specially crafted query using $ partition against a table with a Column Store index." |
||||
| GDR Security Update (CVE-2021-1636) |
14.0.2037.2 | KB #4583456) | 2021-01-12 | 1 |
This security update addresses an escalation of privilege vulnerability described in CVE-2021-1636. It is also being pushed via Windows Update, so you may get this sooner than you expect it. |
||||
| CVE-2019-1068 GDR Security Update |
14.0.2027.2 | KB #4505224 | 2019-07-09 | 1 |
| CVE-2019-0819 GDR Security Update |
14.0.2014.14 | KB #4494351 | 2019-05-14 | 1 |
| CVE-2018-8273 GDR Security Update |
14.0.2002.14 | KB #4293803 | 2018-08-14 | 1 |
| RTM GDR | 14.0.2000.63 | KB #4057122 | 2018-01-03 | 1 |
| RTM | 14.0.1000.169 | 2017-10-02 | ||
