SQL 2016–Install MSVC Patch Required

  • Article

I can’t emphasize this patch enough.   There is a MSVC, runtime library patch needed by SQL Server 2016 and without the patch the SQL Server service can simply terminate (crash.)  This may not produce stack dumps and the SQL Server error log often looks like it simply terminates (no logging of shutdown.)

For complete instructions on applying this patch, read the Release Notes for SQL Server 2016 (look at section called “Install Patch Requirement (GA)”) If you have already installed SQL Server 2016 you have the option to just install the MSVC patch vs the complete SQL Server Critical Update. Furthermore, our Smart Setup technology can detect the SQL Server Critical Update when installing a new SQL Server 2016 instance and apply this automatically.

https://support.microsoft.com/en-us/kb/3164398

The root of the problem is a thread safety fix in handling strings in the runtime library.   If you are like me your first thought is why would that impact SQL Server?  The SQL Server strings (nvarchar, varchar, nchar, char, …) are not handled with the runtime library for the vast majority of processing.  While this is true the communication paths to the client and logging are susceptible to the issue.

For example, when you log into the SQL Server the messages about default database and options are returned to the client.   The messages can be built using the runtime library routines.   If you encounter an error, duplicate primary key, invalid object, syntax error and such the runtime library can be used to build the message text.

The issue is detected as a memory corruption problem.  Microsoft’s security policy is to terminate the processes as soon as memory corruption is detected, protecting you from attacks such as heap spray: https://en.wikipedia.org/wiki/Heap_spraying

Bob Dorr - Principal Software Engineer SQL Server

Comments

  • Anonymous
    June 15, 2016
    I'm confused by this. Why do I need to install the patch if the Smart Setup technology will do it when I install?
    • Anonymous
      June 17, 2016
      The comment has been removed
      • Anonymous
        June 20, 2016
        Thank you Bob for your response. My purpose in commenting is that there is still some problems with the way this is being communicated. For example, if the SQL 2016 localdb can install the hotfix for me because it is a Smart Setup, then why do I need to go and check the version of the files? If I want to help my coworkers install this, then the number of checks increase.I was holding off installing localDB 2016 because I wanted to make sure about this hotfix. However, Visual Studio 2015 had a SQL Server Data Tools update today which included the new localDB. So I was forced today to check whether the msvcr120.dll version was updated and it was not. There was nothing telling me during the install that I had to add this hotfix. I downloaded it and applied it and looks like all will be ok. I hope my comment can help Microsoft fix this problem.
        • Anonymous
          June 21, 2016
          The comment has been removed
          • Anonymous
            June 21, 2016
            The comment has been removed
  • Anonymous
    June 16, 2016
    The comment has been removed
  • Anonymous
    June 28, 2016
    Hi, the patch installer has a problem (at least regarding installation on Windows Update). It keeps trying to install and failing with an error 0x80070643 on Windows Update. That error is due to a Microsoft.SqlServer.Configuration.MsiExtension.PatchNoopException being thrown by the installer. Any ideas where I can report this so it gets fixed? Or how do I get rid of that update on Windows Update (the patch is already installed on my machine!)...
    • Anonymous
      July 21, 2016
      I'm on Windows 10 Redstone Fast Ring and the systems tries to install KB3164398 every day. I also tried it manually and get the message it is already installed. What's wrong here?
      • Anonymous
        August 14, 2016
        Same hereWindows update try to install this KB3164398 every time it run (Windows 10- Anniversary version) with SQL 2016 dev edition.If I download update and run it says "There are no SQL Server instances or shared features that can be updated on this computer".SQL instance has patch level 13.0.1708.0
        • Anonymous
          September 05, 2016
          Ditto.