SQL 2016–Install MSVC Patch Required

I can’t emphasize this patch enough.   There is a MSVC, runtime library patch needed by SQL Server 2016 and without the patch the SQL Server service can simply terminate (crash.)  This may not produce stack dumps and the SQL Server error log often looks like it simply terminates (no logging of shutdown.)

For complete instructions on applying this patch, read the Release Notes for SQL Server 2016 (look at section called “Install Patch Requirement (GA)”) If you have already installed SQL Server 2016 you have the option to just install the MSVC patch vs the complete SQL Server Critical Update. Furthermore, our Smart Setup technology can detect the SQL Server Critical Update when installing a new SQL Server 2016 instance and apply this automatically.

https://support.microsoft.com/en-us/kb/3164398

The root of the problem is a thread safety fix in handling strings in the runtime library.   If you are like me your first thought is why would that impact SQL Server?  The SQL Server strings (nvarchar, varchar, nchar, char, …) are not handled with the runtime library for the vast majority of processing.  While this is true the communication paths to the client and logging are susceptible to the issue.

For example, when you log into the SQL Server the messages about default database and options are returned to the client.   The messages can be built using the runtime library routines.   If you encounter an error, duplicate primary key, invalid object, syntax error and such the runtime library can be used to build the message text.

The issue is detected as a memory corruption problem.  Microsoft’s security policy is to terminate the processes as soon as memory corruption is detected, protecting you from attacks such as heap spray: https://en.wikipedia.org/wiki/Heap_spraying

Bob Dorr - Principal Software Engineer SQL Server