KB5089270 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: May 12, 2026
Applies To
SQL Server 2016 Service Pack 3
Release Date:
5/12/2026
Version:
13.0.7085.1
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:
The Microsoft SQL Server components are updated to the following builds in this security update:
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now.
Note: Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table.
| Bug reference | Description | Fix area | Component | Platform | | --- | --- | --- | --- | --- | | 5131023 | This fix addresses an XML external entity (XXE) vulnerability in the Web Service Task that allows an attacker to read arbitrary files from the local file system or cause a denial-of-service (DoS) attack. | Integration Services | Integration Services | Windows |
13.0.7085.1