KB5077473 — Security Update for SQL Server 2016 SP3 Azure Connect Feature Pack

Overview

KB5077473 is a critical security update released on March 10, 2026, for Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, elevation of privilege, and authentication bypass in SQL Server environments with Azure connectivity features enabled.

Security Vulnerabilities Addressed

This update resolves several critical security issues in the Azure Connect Feature Pack components:

Remote Code Execution Vulnerability

A critical vulnerability in the Azure Connect authentication module could allow attackers to execute arbitrary code on affected SQL Server instances. This vulnerability affects the authentication handshake process between on-premises SQL Server and Azure services, potentially allowing attackers to compromise the entire SQL Server environment through malformed authentication requests.

Elevation of Privilege Issue

The Azure data synchronization service contained a vulnerability that could allow authenticated users to escalate their privileges within the SQL Server environment. This issue particularly affects environments where multiple users have access to Azure Connect features, potentially allowing lower-privileged users to gain administrative access.

Authentication Bypass Vulnerability

A flaw in the hybrid connection manager could allow attackers to bypass authentication mechanisms and gain unauthorized access to Azure-connected resources. This vulnerability poses significant risks in hybrid cloud deployments where sensitive data is synchronized between on-premises and cloud environments.

Affected Systems

This security update applies specifically to:

Technical Details

Updated Components

The following components are updated by KB5077473:

• SqlAzureConnect.dll - Azure authentication and connection management
• AzureDataSync.exe - Data synchronization service executable
• HybridConnectionManager.dll - Hybrid connection management library
• AzureConnectService.exe - Main Azure Connect service

Version Information

After installing KB5077473, the Azure Connect Feature Pack will be updated to version 13.0.6441.1. You can verify the installation by checking the version information in SQL Server Management Studio or by querying the system registry.

Security Enhancements

The update implements several security improvements:

• Enhanced input validation for all Azure Connect API calls
• Improved certificate validation for hybrid connections
• Strengthened authentication protocols for Azure service communication
• Additional logging and monitoring capabilities for security events
• Updated cryptographic libraries with current security standards

Installation Requirements

Prerequisites

Before installing KB5077473, ensure the following requirements are met:

• SQL Server 2016 Service Pack 3 is installed and running
• Azure Connect Feature Pack is installed and configured
• User account has administrative privileges on the target system
• Minimum 500 MB free disk space available on the system drive
• Network connectivity to Microsoft Update services (if installing via Windows Update)

Pre-Installation Steps

1. Create a full backup of all SQL Server databases
2. Document current Azure Connect configuration settings
3. Stop all SQL Server services using SQL Server Configuration Manager
4. Close all SQL Server Management Studio and related applications
5. Verify system meets minimum hardware requirements

Deployment Methods

Automatic Installation

For systems with automatic updates enabled, KB5077473 will be downloaded and installed automatically during the next update cycle. The installation will require a system restart and may take 15-20 minutes to complete.

Manual Installation

Download the update package from the Microsoft Update Catalog and run the installer with administrative privileges. The installer will guide you through the installation process and automatically restart required services.

Enterprise Deployment

Enterprise environments can deploy this update using Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM). The update supports both immediate deployment and scheduled maintenance windows to minimize business impact.

Post-Installation Verification

After installing KB5077473, perform the following verification steps:

1. Verify SQL Server services start successfully
2. Test Azure Connect functionality with existing connections
3. Review SQL Server error logs for any installation-related issues
4. Validate Azure data synchronization operations
5. Confirm all hybrid connections are functioning properly

Use the following PowerShell command to verify the update installation:

Get-HotFix -Id KB5077473

Rollback Procedures

If issues occur after installing KB5077473, the update can be removed through the Windows Programs and Features control panel. However, Microsoft recommends contacting support before removing security updates, as this may leave systems vulnerable to the addressed security issues.