Our vulnerability support plans to install a vulnerability patch "Microsoft SQL Server Remote Code Execution (RCE) Vulnerability for June 2022" which describes that an authenticated attacker could affect SQL Server memory by executing a specially crafted query using $partition on a table with a column store index on our UIM SQL server with S.O. windows 2012 R2 Standard.
Information about the vulnerability is CVE-2022-29143 Microsoft SQL Server Remote Code Execution Vulnerability
Following are links for downloading patches to fix the vulnerabilities: Microsoft SQL Server
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143
Would like to confirm if this installation would affect the correct functioning of the UIM application
Release : 20.3
Component : UIM - SECURITY VULNERABILITIES
Environment:
UIM 20.3+ data_engine using a SQL Server user for database connections- Microsoft SQL 2014 SP3
Confirmed that no one else has reported any compatibility issues with past and current MS SQL Server vulnerabilities internally and externally with any of the SQL Server versions supported by UIM.
These patches should not have any impacts on UIM.
Note: As best practice please take snapshot /backup of the database server before any updates