How can an attacker exploit this vulnerability? An authenticated attacker can send data over a network to an affected SQL Server when configured to run an Extended Event session. There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use? First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install. Note If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates. Update number Title Apply if current product version is… This security update also includes servicing releases up through… 4583458 Security update for SQL Server 2019 RTM GDR: Jan 12, 2021 15.0.2000.5 - 15.0.2070.41 KB 4517790 - Previous SQL19 RTM GDR 4583459 Security update for SQL Server 2019 RTM CU8: Jan 12, 2021 15.0.4003.23 - 15.0.4073.23 KB 4577194 – SQL19 RTM CU8 4583456 Security update for SQL Server 2017 RTM GDR: Jan 12, 2021 14.0.1000.169 - 14.0.2027.2 KB4505224 - Previous SQL17 RTM GDR 4583457 Security update for SQL Server 2017 RTM CU22: Jan 12, 2021 14.0.3006.16 - 14.0.3356.20 KB4577467 – SQL17 RTM CU22 4583460 Security update for SQL Server 2016 Service Pack 2 (GDR): Jan 12, 2021 13.0.5026.0 - 13.0.5102.14 KB4532097 - Previous SQL16 SP2 GDR 4583461 Security update for SQL Server 2016 Service Pack 2 CU15: Jan 12, 2021 13.0.5149.0 - 13.0.5850.14 KB4577775 – SQL16 SP2 CU15 4583463 Security update for SQL Server 2014 Service Pack 3 (GDR): Jan 12, 2021 12.0.6024.0 - 12.0.6118.4 KB4532