Share via

SQL Server patching and information on Cumulative Updates and Security Updates(GDR and CU GDR)

iliyan Rashev 0 Reputation points
2025-10-24T08:54:05.6366667+00:00

Hello Support,
I am a bit confused of what the patches mean and contain for SQL Server and will appreciate if you can clarify this for me:
My question is for SQL Server 2019( but it is also applicable for SQL Server 2022

  • We have the RTM version of SQL Server 2019(15.0.2000.5) and would like to patch it to the latest version - 15.0.4445.1

The first question is: what should be the update path and which patches I should apply on the SQL server to be fully supported and have all performance fixes, etc.?

The second question is in regards to clarify a few points for me:

  • CUs are cumulative and contain all previous security updates, bugfixes, hotfixes,etc. that were released from previous CUs. For example 2019 CU32 contains all releases from RTM including GDR, bugfixes, QFE, hotfixes - is this correct?
  • What about Security updates - from what I have seen they are two kinds - GDR(standalone security update that can be applied on top of RTM or previous GDR) and CU GDR(which is a security update for the specific CU).
  • So this is where my confusion begins:
  1. Are security updates(both GDR and CU GDR) cumulative and what is the scope of them being cumulative - they contain previous security updates released or they contain all released patches CUs and Security updates? For example: SQL 2019 - the latest security update KB5065222 - what is contained in it:
    1. the previous security updates back from RTM(if security updates are cumulative)
    2. all previous releases including CU releases(in which sometimes we get a feature or performance fix) - are these included in the latest security update KB5065222
    3. it is not cumulative and does not contain previous security updates
  2. I was able to directly apply only KB5065222 on SQL 2019 RTM - the update was successful and my SQL Server 2019 is at the latest version build number 15.0.4445.1
    1. Am I getting all releases applied when install directly the security update KB5065222 on RTM(skipping installation of CU32) - previous releases from CUs,GDRs, performance fixes, new features and etc.
    2. Does the latest security update KB5065222 contains also CU32(which by itself contains all previous releases)

It would mean a lot to me if you are able to clarify these points for me.

Best regards
iliyan Rashev

SQL Server Database Engine
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lakshmi Narayana Garikapati 470 Reputation points Microsoft External Staff Moderator
    2025-10-24T17:44:13.23+00:00

    Thanks for reaching out with such a detailed question

    To be fully supported and benefit from all performance improvements, bug fixes, and features in SQL Server 2019, you should install the latest Cumulative Update (CU) in this case, CU32. CUs are fully cumulative and include all previous CUs, GDRs, hotfixes, and enhancements since RTM.

    Regarding the KB5065222 security update:

    • It is a CU GDR, meaning it contains only the latest security fixes for CU32.
    • It does not include CU32’s performance or feature updates.
    • You were able to install it directly on RTM because GDRs can be applied to RTM or GDR-only branches.
    • However, this does not mean you have all cumulative updates you’re missing non-security fixes from CU1 through CU32.

    Recommended path:

    1.      Install CU32 first to get all cumulative fixes.

    2.      Then apply KB5065222 if it was released after CU32 for the latest security coverage.

    https://free.blessedness.top/en-us/troubleshoot/sql/releases/sqlserver-2019/cumulativeupdate32

    https://free.blessedness.top/en-us/troubleshoot/sql/releases/sqlserver-2019/build-versions

    https://free.blessedness.top/en-us/troubleshoot/sql/releases/new-mu-servicing-model

    https://free.blessedness.top/en-us/sql/database-engine/install-windows/install-sql-server-servicing-updates?view=sql-server-ver17

    Thanks,

    Lakshmi.

    0 comments
  2. Erland Sommarskog 127.4K Reputation points MVP Volunteer Moderator
    2025-10-24T21:06:55.2133333+00:00

    I need to correct Lakshmi. Installing KB5065222 is sufficient to get you fully up to date. You don't need to install CU32 first.

    There are two "trains" with regards to updates for SQL Server: The GDR train and the CU train.

    With the GDR train, you never install CUs, only security updates, that is GDRs. Microsoft keeps releasing GDR explicitly for RTM.

    With the CU train, Microsoft only releases GDRs for the CU which is the most recent at the time. So say that you are on CU 10, despite that the most recent CU is CU 18. Microsoft releases a GDR, and you realise that the vulnerability addressed by the GDR applies to you, so you apply this GDR. This will take you to CU18+GDR, not CU10+GDR.

    It is possible to switch from the RTM train to the CU train, but it is a little tricky. Say that CU18 is the most recent CU, but there is also a GDR, and you have already applied the corresponding GDR for your RTM version. When you try to install CU18, you are told that there is nothing to update. This is because the installation of CU18 without GDR would again make you vulnerable to the risk fixed by the GDR. But you can install the CU18+GDR to get on the CU train. (Or wait for CU19.)

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.