Microsoft SQL Server ↗
Microsoft · Database
85/100 Good
Summary iPlain-English security verdict for Microsoft SQL Server, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Microsoft SQL Server currently scores 85/100 — good. 2 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2020-0618) — staying on the latest supported version keeps you clear of them. The latest supported release is 17.0.4045.5 CU5. It's largely safe; apply minor updates as they appear. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for Microsoft SQL Server each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2020-0618 HIGH ● exploited Insecure deserialization EPSS 94% → see advisory CVE-2012-1856 HIGH ● exploited EPSS 92% → see advisory CVE-2002-1123 HIGH EPSS 89% → see advisory CVE-2008-5416 HIGH Memory corruption EPSS 88% → see advisory CVE-2002-0649 HIGH Memory corruption EPSS 86% → see advisory CVE-2007-5348 HIGH CWE-189 EPSS 79% → see advisory CVE-2000-0402 LOW EPSS 78% → see advisory CVE-2008-3014 HIGH Memory corruption EPSS 74% → see advisory CVE-2002-0186 HIGH EPSS 73% → see advisory CVE-2008-0086 HIGH Memory corruption EPSS 72% → see advisory CVE-2008-3015 HIGH CWE-189 EPSS 72% → see advisory CVE-2008-0106 HIGH Memory corruption EPSS 71% → see advisoryVersions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Microsoft SQL Server release line is supported — and when it sunsets.
17.0 latest 17.0.4045.5 CU5 Supported until 2036-01-06
16.0 latest 16.0.4255.1 CU25 Supported until 2033-01-11
13.0-sp3-acp latest 13.0.7085.1 Azure Connect pack+GDR Supported until 2026-07-14
13.0-sp3 latest 13.0.6490.1 GDR Supported until 2026-07-14
15.0 latest 15.0.4470.1 CU32+GDR Supported until 2030-01-08
12.0-sp3 latest 12.0.6449.1 CU4+GDR End of life ended 2024-07-09
13.0-sp2 latest 13.0.5893.48 CU17+GDR End of life ended 2022-10-11
11.0-sp4 latest 11.0.7512.11 GDR End of life ended 2022-07-12
14.0 latest 14.0.3530.2 CU31+GDR Supported until 2027-10-12
13.0-sp1 latest 13.0.4604.0 CU15+GDR End of life ended 2019-07-09
See all upcoming end-of-life dates → ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping