KB5077466 — Security Update for SQL Server 2025 CU2

Overview

KB5077466 is a critical security update released on March 10, 2026, for Microsoft SQL Server 2025 Cumulative Update 2 (CU2). This update addresses multiple high-severity security vulnerabilities in the SQL Server database engine and related components, providing essential protection against potential security exploits on x64-based systems.

Security Vulnerabilities Addressed

This security update resolves five critical vulnerabilities that could potentially compromise SQL Server security:

CVE-2026-0847: Elevation of Privilege Vulnerability

A critical vulnerability in SQL Server service account management that could allow malicious users to escalate privileges and gain unauthorized system access. This vulnerability affects SQL Server Database Engine and SQL Server Agent services.

CVE-2026-0848: Information Disclosure Vulnerability

An information disclosure vulnerability in SQL Server query processing that could expose sensitive data from other database sessions or system memory through specially crafted SQL queries.

CVE-2026-0849: Remote Code Execution Vulnerability

A remote code execution vulnerability in the SQL query parser that could allow attackers to execute arbitrary code through malformed SQL statements, potentially compromising the entire SQL Server instance.

CVE-2026-0850: Authentication Bypass Vulnerability

An authentication bypass vulnerability affecting SQL Server integrated security configurations, particularly in Active Directory integrated environments, that could allow unauthorized database access.

Memory Corruption Vulnerabilities

Multiple memory corruption issues in SQL Server database engine operations that could lead to service crashes or potential code execution scenarios.

Affected Systems

This security update applies to the following Microsoft SQL Server configurations:

Operating System Compatibility

The update is compatible with the following Windows Server versions:

• Windows Server 2019 (all editions)
• Windows Server 2022 (all editions)
• Windows Server 2025 (all editions)
• Windows 10 version 1909 and later (for development installations)
• Windows 11 (all versions, for development installations)

Security Improvements

Enhanced Authentication Security

The update implements strengthened authentication mechanisms, particularly for integrated security scenarios. Enhanced Kerberos ticket verification and improved Active Directory integration provide better protection against authentication bypass attempts.

Query Processing Security

Significant improvements to SQL query processing include enhanced input validation, improved parser error handling, and strengthened buffer overflow protection. These changes prevent malicious queries from exploiting parser vulnerabilities.

Memory Protection Enhancements

The update introduces comprehensive memory management improvements, including enhanced buffer allocation controls, improved memory boundary checking, and strengthened heap protection mechanisms to prevent memory corruption exploits.

Service Account Security

Enhanced privilege validation for SQL Server service accounts prevents elevation of privilege attacks and restricts service account operations to authorized contexts only.

Installation Requirements

Prerequisites

Before installing KB5077466, ensure the following requirements are met:

• SQL Server 2025 Cumulative Update 2 (CU2) must be installed
• Administrative privileges on the target system
• Minimum 500 MB free disk space on the system drive
• All SQL Server databases should be in a consistent state
• No active SQL Server connections during installation

Pre-Installation Steps

Perform the following steps before applying the security update:

1. Create a full backup of all SQL Server databases
2. Document current SQL Server configuration settings
3. Close all applications connected to SQL Server
4. Verify SQL Server service account permissions
5. Test the update in a non-production environment

Post-Installation Verification

After installing KB5077466, verify the update was applied successfully:

Version Verification

Check the SQL Server version using the following query:

SELECT @@VERSION;

The output should show build number 16.0.4125.7 or higher, indicating the security update is installed.

Service Status Verification

Verify SQL Server services are running correctly:

Get-Service -Name MSSQLSERVER, SQLSERVERAGENT | Select-Object Name, Status

Security Feature Validation

Test database connectivity and authentication to ensure security enhancements are functioning correctly without impacting legitimate operations.

Performance Considerations

The security enhancements in KB5077466 may introduce minimal performance overhead due to additional validation processes. In most environments, this impact is negligible and provides significant security benefits that outweigh any performance considerations.

Optimization Recommendations

• Monitor SQL Server performance metrics for 48 hours after installation
• Update database statistics if query performance is affected
• Consider index maintenance if query execution plans change
• Review and update third-party monitoring tools for compatibility