Microsoft just released a slew of GDR security updates for SQL Server 2022, 2019, 2017, and 2016 that all link to this security advisory.
It’s not immediately clear, but from what I can tell, this new round of security updates just fixes the functional bugs in CDC that were introduced by the last security patch in September. It doesn’t appear to fix any new security vulnerabilities, just does a better job than the last round of security patches (which is not a bad thing!)
If anyone has more details, feel free to leave ’em in the comments.
3 Comments. Leave new
Microsoft confirmed this is correct – the new versions from 10/8 fix known functional issues in the CDC feature (introduced in the September GDR), and do not include any other fixes.
For 2017+, is the latest CU required first? For example, for SQL 2022 from the GDR security update page it says: “Prerequisites: To apply this update, you must have SQL Server 2022 or any SQL Server 2022 CU release through this SQL Server 2022 CU15 GDR installed.”
Sorry, I forget there are 2 branches CU vs GDR. So yes the CU GDR will require the CU first. There is a separate GDR release for RTM.