Legacy Update: Get back online, activate, and install updates on your legacy Windows PC

Data can be sent over a network to an affected Microsoft SQL Server instance that might cause code to run against the SQL Server process if a certain extended event is enabled.

More information about the vulnerability can be found here: KB5014164

For other impacted SQL Server releases, please see:

Security Update for SQL Server 2014 SP3 CU (CU4+GDR fix)*
Security Update for SQL Server 2014 SP3 GDR
Security Update for SQL Server 2016 SP2 CU (CU17+GDR fix)*
Security Update for SQL Server 2016 SP2 GDR
Security Update for SQL Server 2016 SP3 GDR
Security Update for SQL Server 2016 SP3 Azure Connect Feature Pack GDR
Security Update for SQL Server 2017 RTM CU (CU29+GDR fix)*
Security Update for SQL Server 2017 RTM GDR
Security Update for SQL Server 2019 RTM CU (CU16+GDR fix)*
Security Update for SQL Server 2019 RTM GDR
* These security updates are for SQL Server instances that have applied a Cumulative Update.

For a complete listing of the issues resolved in this update, see the associated Microsoft Knowledge Base article.

Files

Status: Live This download is still available on microsoft.com. The downloads below will come directly from the Microsoft Download Center.

Files
SQLServer2014-KB5014164-x64.exe Size: 599.59 MB
SQLServer2014-KB5014164-x86.exe Size: 377.77 MB

File sizes and hashes are retrieved from the Wayback Machine’s indexes. They may not match the latest versions of files hosted on Microsoft servers.

This update is applicable to SQL Server 2014 SP3 instances installed on supported Windows operating systems.

This update refreshes Microsoft SQL Server 2014 SP3 Windows instances that have had a Cumulative Update applied (versions 12.0.6205.1 (CU1) to 12.0.6433.1 (CU4)).

For Microsoft SQL Server 2014 SP3 for Windows instances (versions 12.0.6024.0 to 12.0.6164.21) that have NOT had any Cumulative Update applied, please see KB5014165. After you install this update, you may have to restart your computer.