Legacy Update: Get back online, activate, and install updates on your legacy Windows PC

This update refreshes Microsoft SQL Server 2014 SP3

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
To exploit the vulnerability, an authenticated attacker would need to submit a specially crafted page request to an affected Reporting Services instance.
The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests.

For a complete listing of the issues resolved in this update, see the associated Microsoft Knowledge Base article - KB4532095

The following SQL Server security updates contain this SQL Server Reporting Services fix and are available for download:
Security Update for SQL Server 2016 SP2 CU11 (KB4535706)

Security Update for SQL Server 2016 SP2 GDR (KB4532097)

Security Update for SQL Server 2014 SP3 CU4 (KB4535288)

Security Update for SQL Server 2014 SP3 GDR (KB4532095)

Security Update for SQL Server 2012 SP4 GDR (KB4532098)

Files

Status: Live This download is still available on microsoft.com. The downloads below will come directly from the Microsoft Download Center.

Files
SQLServer2014-KB4532095-x64.exe
SQLServer2014-KB4532095-x86.exe

This update is applicable to SQL Server 2014 SP3 instances.

Download the appropriate file for your computer's processor by clicking one of the links below. You can run the package directly from the link or save it on your local disk to install at a later time.