Issue with security update for the Remote Code Execution vulnerability in SQL Server 2016 SP1 (GDR): August 14, 2018

On Tuesday August 14 we published a Security Update for six different releases of SQL Server 2016 and 2017. For one of those releases, SQL Server 2016 SP1 GDR ( KB4293801 ) , an issue may occur after applying the update where the sqlceip.exe process experiences an unhandled exception.  This will only occur if the updated instance was currently configured to collect SQL  Customer Experience Improvement Program (CEIP) information. This does not impact the operation of the updated SQL Server engine, however this may impact a SQL Server Failover Cluster Instance node if configured for CEIP.

Please note that this issue only impacts the SQL Server 2016 SP1 GDR ( KB4293801 ) release, which is for SQL Server 2016 SP1 instances that have not had any CU updates applied.

Therefore, the update has been replaced. If you have previously applied the original update KB4293801, we recommend that you install KB4458842 as soon as possible.

You may optionally first uninstall KB4293801 , but it is not necessary as KB4458842 supersedes and replaces KB4293801.