virus logo Endpoint Vulnerability

Microsoft SQL Server CVE-2022-29143 Remote Code Execution Vulnerability

description-logoDescription

Remote code execution via a specially crafted $ partition query against a column store index in Microsoft SQL Server 2014-2019; requires authentication; CVSS 7.5; update available.

affected-products-logoAffected Applications

Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 16)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU 17)
Microsoft SQL Server 2017 for x64-based Systems (CU 29)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)

Version Updates

Date Version Status Detail
2022-06-15 1.00319
New
 Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR),Microsoft SQL Server 2019 for x64-based Systems (CU 16),Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU 17),Microsoft SQL Server 2017 for x64-based Systems (CU 29),Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack,Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR),Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4),Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR),Microsoft SQL Server 2017 for x64-based Systems (GDR),Microsoft SQL Server 2019 for x64-based Systems (GDR),Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR),Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143
ID 72590
Created Apr 05, 2026
Description
Updated		 Apr 05, 2026
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Microsoft
Patch auto
Application Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) , Microsoft SQL Server 2019 for x64-based Systems (CU 16) , Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU 17) , Microsoft SQL Server 2017 for x64-based Systems (CU 29) , Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack , Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) , Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) , Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) , Microsoft SQL Server 2017 for x64-based Systems (GDR) , Microsoft SQL Server 2019 for x64-based Systems (GDR) , Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) , Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4)